8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Resubmissions

09-12-2024 00:39

241209-azt1zswqfx 9

09-12-2024 00:29

241209-ata1xswpht 9

Analysis

max time kernel
528s
max time network
523s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-12-2024 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper (1).exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

9^/10

discovery evasion persistence privilege_escalation trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	node.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	Bootstrapper (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	Bootstrapper (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 39 IoCs

pid	Process
5420	Solara.exe
1112	RobloxPlayerInstaller.exe
5916	MicrosoftEdgeWebview2Setup.exe
5012	MicrosoftEdgeUpdate.exe
508	MicrosoftEdgeUpdate.exe
3376	MicrosoftEdgeUpdate.exe
1340	MicrosoftEdgeUpdateComRegisterShell64.exe
4060	MicrosoftEdgeUpdateComRegisterShell64.exe
2964	MicrosoftEdgeUpdateComRegisterShell64.exe
5596	MicrosoftEdgeUpdate.exe
3480	MicrosoftEdgeUpdate.exe
5184	MicrosoftEdgeUpdate.exe
2348	MicrosoftEdgeUpdate.exe
4312	MicrosoftEdge_X64_131.0.2903.86.exe
4072	setup.exe
3176	setup.exe
368	MicrosoftEdgeUpdate.exe
2584	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
384	node.exe
112	Solara.exe
6024	node.exe
5748	msedgewebview2.exe
2696	msedgewebview2.exe
4396	msedgewebview2.exe
932	msedgewebview2.exe
3484	msedgewebview2.exe
4320	msedgewebview2.exe
2612	RobloxPlayerBeta.exe
3828	RobloxPlayerBeta.exe
3120	RobloxPlayerBeta.exe
2068	RobloxPlayerBeta.exe
2300	msedgewebview2.exe
1768	RobloxPlayerBeta.exe
388	RobloxPlayerBeta.exe
5168	msedgewebview2.exe
4796	msedgewebview2.exe
1768	msedgewebview2.exe
5136	msedgewebview2.exe

Loads dropped DLL 64 IoCs

pid	Process
2696	MsiExec.exe
2696	MsiExec.exe
4828	MsiExec.exe
4828	MsiExec.exe
4828	MsiExec.exe
4828	MsiExec.exe
4828	MsiExec.exe
5592	MsiExec.exe
5592	MsiExec.exe
5592	MsiExec.exe
2696	MsiExec.exe
5012	MicrosoftEdgeUpdate.exe
508	MicrosoftEdgeUpdate.exe
3376	MicrosoftEdgeUpdate.exe
1340	MicrosoftEdgeUpdateComRegisterShell64.exe
3376	MicrosoftEdgeUpdate.exe
4060	MicrosoftEdgeUpdateComRegisterShell64.exe
3376	MicrosoftEdgeUpdate.exe
2964	MicrosoftEdgeUpdateComRegisterShell64.exe
3376	MicrosoftEdgeUpdate.exe
5596	MicrosoftEdgeUpdate.exe
3480	MicrosoftEdgeUpdate.exe
5184	MicrosoftEdgeUpdate.exe
5184	MicrosoftEdgeUpdate.exe
3480	MicrosoftEdgeUpdate.exe
2348	MicrosoftEdgeUpdate.exe
368	MicrosoftEdgeUpdate.exe
2584	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
112	Solara.exe
112	Solara.exe
112	Solara.exe
5748	msedgewebview2.exe
2696	msedgewebview2.exe
5748	msedgewebview2.exe
5748	msedgewebview2.exe
5748	msedgewebview2.exe
4396	msedgewebview2.exe
932	msedgewebview2.exe
4396	msedgewebview2.exe
3484	msedgewebview2.exe
932	msedgewebview2.exe
3484	msedgewebview2.exe
4396	msedgewebview2.exe
4396	msedgewebview2.exe
4396	msedgewebview2.exe
4396	msedgewebview2.exe
4320	msedgewebview2.exe
4320	msedgewebview2.exe
4320	msedgewebview2.exe
5748	msedgewebview2.exe
2612	RobloxPlayerBeta.exe
3828	RobloxPlayerBeta.exe
3120	RobloxPlayerBeta.exe
2068	RobloxPlayerBeta.exe
2300	msedgewebview2.exe
2300	msedgewebview2.exe
1768	RobloxPlayerBeta.exe
388	RobloxPlayerBeta.exe
5168	msedgewebview2.exe
5168	msedgewebview2.exe
4796	msedgewebview2.exe
4796	msedgewebview2.exe
1768	msedgewebview2.exe

Unexpected DNS network traffic destination 53 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 2 IoCs

flow	pid	Process
38	4856	msiexec.exe
40	4856	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
90	pastebin.com
369	pastebin.com
370	pastebin.com
89	pastebin.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Checks system information in the registry 2 TTPs 12 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Suspicious use of NtCreateThreadExHideFromDebugger 5 IoCs

pid	Process
2584	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
3828	RobloxPlayerBeta.exe
3120	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
2584	RobloxPlayerBeta.exe
2584	RobloxPlayerBeta.exe
2584	RobloxPlayerBeta.exe
2584	RobloxPlayerBeta.exe
2584	RobloxPlayerBeta.exe
2584	RobloxPlayerBeta.exe
2584	RobloxPlayerBeta.exe
2584	RobloxPlayerBeta.exe
2584	RobloxPlayerBeta.exe
2584	RobloxPlayerBeta.exe
2584	RobloxPlayerBeta.exe
2584	RobloxPlayerBeta.exe
2584	RobloxPlayerBeta.exe
2584	RobloxPlayerBeta.exe
2584	RobloxPlayerBeta.exe
2584	RobloxPlayerBeta.exe
2584	RobloxPlayerBeta.exe
2584	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
112	Solara.exe
2612	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
3828	RobloxPlayerBeta.exe
3828	RobloxPlayerBeta.exe
3828	RobloxPlayerBeta.exe
3828	RobloxPlayerBeta.exe
3828	RobloxPlayerBeta.exe
3828	RobloxPlayerBeta.exe
3828	RobloxPlayerBeta.exe
3828	RobloxPlayerBeta.exe
3828	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\GameSettings\ScrollBarTop.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\glob\node_modules\minimatch\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\CHANGELOG.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-packlist\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-packlist\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\lib\fetch-error.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\AnimationEditor\FaceCaptureUI\CloseButton.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\Debugger\Breakpoints\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\ui\PlayerList\AcceptButton.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\ui\Settings\Players\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\api-ms-win-core-timezone-l1-1-0.dll	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\make-fetch-happen\lib\cache\errors.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-cache.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\rsort.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmsearch\lib\index.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\AnimationEditor\button_loop.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU145F.tmp\msedgeupdateres_mt.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\registry.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\signal-exit\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\retry\Makefile	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\TerrainEditor\select.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\ui\MenuBar\dropdown-arrow.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\ui\Settings\Help\AButtonLightSmall.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\PlatformContent\pc\textures\sky\indoor512_lf.tex	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\Locales\az.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\Locales\sr-Latn-RS.pak	setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\lib\memoization.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\ninja.py	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\StudioToolbox\ArrowCollapsed.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\ui\Settings\MenuBarAssets\MenuButtonSelected.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\ExtraContent\textures\ui\LuaChat\icons\ic-search-gray.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\Locales\nl.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU145F.tmp\msedgeupdateres_is.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\abbrev\package.json	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\AnimationEditor\btn_collapse.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\MenuBar\icon_leaderboard.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\StudioUIEditor\icon_rotate5.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\TextureViewer\cancel.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\ui\Controls\DefaultController\Thumbstick2.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\pwahelper.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\VisualElements\SmallLogoBeta.png	setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\npm-usage.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\ui\LegacyRbxGui\StoneBlockSide.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\ui\Settings\MenuBarIcons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\ui\Settings\Radial\Alert.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\api-ms-win-core-util-l1-1-0.dll	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\vulkan-1.dll	setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\node_modules\minimatch\lib\path.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\event-target-shim\dist\event-target-shim.umd.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\chownr\chownr.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\configuring-npm\install.html	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\AnimationEditor\button_zoom_default_right.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\ui\VoiceChat\MicDark\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\PlatformContent\pc\textures\water\normal_04.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\corepack\dist\npx.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cssesc\man\cssesc.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\inc.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\content\textures\TerrainTools\import_edit.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\Locales\or.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\list.js	msiexec.exe

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e57af2c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF5A5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF94F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e57af2c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBA98.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBD3A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC55A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF341.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF3A0.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB41F.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBD0A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC52B.tmp	msiexec.exe
File created	C:\Windows\Installer\e57af30.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB3EE.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB41E.tmp	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5596	MicrosoftEdgeUpdate.exe
2348	MicrosoftEdgeUpdate.exe
368	MicrosoftEdgeUpdate.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
3576	ipconfig.exe
2592	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 50 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133781783997270575"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\CurVer\ = "MicrosoftEdgeUpdate.CoreClass.1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CLSID\ = "{5F6A18BB-6231-424B-8242-19E5BB94F8ED}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\CLSID\ = "{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LOCALSERVER32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0\ = "Microsoft Edge Update Legacy On Demand"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerInstaller.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4508	Bootstrapper (1).exe
4508	Bootstrapper (1).exe
4856	msiexec.exe
4856	msiexec.exe
4316	chrome.exe
4316	chrome.exe
5420	Solara.exe
5420	Solara.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
1112	RobloxPlayerInstaller.exe
1112	RobloxPlayerInstaller.exe
5012	MicrosoftEdgeUpdate.exe
5012	MicrosoftEdgeUpdate.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6116	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
5748	msedgewebview2.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4616	WMIC.exe
Token: SeSecurityPrivilege	4616	WMIC.exe
Token: SeTakeOwnershipPrivilege	4616	WMIC.exe
Token: SeLoadDriverPrivilege	4616	WMIC.exe
Token: SeSystemProfilePrivilege	4616	WMIC.exe
Token: SeSystemtimePrivilege	4616	WMIC.exe
Token: SeProfSingleProcessPrivilege	4616	WMIC.exe
Token: SeIncBasePriorityPrivilege	4616	WMIC.exe
Token: SeCreatePagefilePrivilege	4616	WMIC.exe
Token: SeBackupPrivilege	4616	WMIC.exe
Token: SeRestorePrivilege	4616	WMIC.exe
Token: SeShutdownPrivilege	4616	WMIC.exe
Token: SeDebugPrivilege	4616	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4616	WMIC.exe
Token: SeRemoteShutdownPrivilege	4616	WMIC.exe
Token: SeUndockPrivilege	4616	WMIC.exe
Token: SeManageVolumePrivilege	4616	WMIC.exe
Token: 33	4616	WMIC.exe
Token: 34	4616	WMIC.exe
Token: 35	4616	WMIC.exe
Token: 36	4616	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4616	WMIC.exe
Token: SeSecurityPrivilege	4616	WMIC.exe
Token: SeTakeOwnershipPrivilege	4616	WMIC.exe
Token: SeLoadDriverPrivilege	4616	WMIC.exe
Token: SeSystemProfilePrivilege	4616	WMIC.exe
Token: SeSystemtimePrivilege	4616	WMIC.exe
Token: SeProfSingleProcessPrivilege	4616	WMIC.exe
Token: SeIncBasePriorityPrivilege	4616	WMIC.exe
Token: SeCreatePagefilePrivilege	4616	WMIC.exe
Token: SeBackupPrivilege	4616	WMIC.exe
Token: SeRestorePrivilege	4616	WMIC.exe
Token: SeShutdownPrivilege	4616	WMIC.exe
Token: SeDebugPrivilege	4616	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4616	WMIC.exe
Token: SeRemoteShutdownPrivilege	4616	WMIC.exe
Token: SeUndockPrivilege	4616	WMIC.exe
Token: SeManageVolumePrivilege	4616	WMIC.exe
Token: 33	4616	WMIC.exe
Token: 34	4616	WMIC.exe
Token: 35	4616	WMIC.exe
Token: 36	4616	WMIC.exe
Token: SeDebugPrivilege	4508	Bootstrapper (1).exe
Token: SeShutdownPrivilege	2036	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2036	msiexec.exe
Token: SeSecurityPrivilege	4856	msiexec.exe
Token: SeCreateTokenPrivilege	2036	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2036	msiexec.exe
Token: SeLockMemoryPrivilege	2036	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2036	msiexec.exe
Token: SeMachineAccountPrivilege	2036	msiexec.exe
Token: SeTcbPrivilege	2036	msiexec.exe
Token: SeSecurityPrivilege	2036	msiexec.exe
Token: SeTakeOwnershipPrivilege	2036	msiexec.exe
Token: SeLoadDriverPrivilege	2036	msiexec.exe
Token: SeSystemProfilePrivilege	2036	msiexec.exe
Token: SeSystemtimePrivilege	2036	msiexec.exe
Token: SeProfSingleProcessPrivilege	2036	msiexec.exe
Token: SeIncBasePriorityPrivilege	2036	msiexec.exe
Token: SeCreatePagefilePrivilege	2036	msiexec.exe
Token: SeCreatePermanentPrivilege	2036	msiexec.exe
Token: SeBackupPrivilege	2036	msiexec.exe
Token: SeRestorePrivilege	2036	msiexec.exe
Token: SeShutdownPrivilege	2036	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe
6116	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
384	node.exe
6024	node.exe

Suspicious use of UnmapMainImage 8 IoCs

pid	Process
2584	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
2612	RobloxPlayerBeta.exe
3828	RobloxPlayerBeta.exe
3120	RobloxPlayerBeta.exe
2068	RobloxPlayerBeta.exe
1768	RobloxPlayerBeta.exe
388	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 3240	4508	Bootstrapper (1).exe	84
PID 4508 wrote to memory of 3240	4508	Bootstrapper (1).exe	84
PID 3240 wrote to memory of 3576	3240	cmd.exe	86
PID 3240 wrote to memory of 3576	3240	cmd.exe	86
PID 4508 wrote to memory of 1444	4508	Bootstrapper (1).exe	89
PID 4508 wrote to memory of 1444	4508	Bootstrapper (1).exe	89
PID 1444 wrote to memory of 4616	1444	cmd.exe	91
PID 1444 wrote to memory of 4616	1444	cmd.exe	91
PID 4508 wrote to memory of 2036	4508	Bootstrapper (1).exe	102
PID 4508 wrote to memory of 2036	4508	Bootstrapper (1).exe	102
PID 4856 wrote to memory of 2696	4856	msiexec.exe	108
PID 4856 wrote to memory of 2696	4856	msiexec.exe	108
PID 4856 wrote to memory of 4828	4856	msiexec.exe	109
PID 4856 wrote to memory of 4828	4856	msiexec.exe	109
PID 4856 wrote to memory of 4828	4856	msiexec.exe	109
PID 4316 wrote to memory of 2536	4316	chrome.exe	114
PID 4316 wrote to memory of 2536	4316	chrome.exe	114
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1912	4316	chrome.exe	115
PID 4316 wrote to memory of 1368	4316	chrome.exe	116
PID 4316 wrote to memory of 1368	4316	chrome.exe	116
PID 4316 wrote to memory of 4244	4316	chrome.exe	117
PID 4316 wrote to memory of 4244	4316	chrome.exe	117
PID 4316 wrote to memory of 4244	4316	chrome.exe	117
PID 4316 wrote to memory of 4244	4316	chrome.exe	117
PID 4316 wrote to memory of 4244	4316	chrome.exe	117
PID 4316 wrote to memory of 4244	4316	chrome.exe	117
PID 4316 wrote to memory of 4244	4316	chrome.exe	117
PID 4316 wrote to memory of 4244	4316	chrome.exe	117
PID 4316 wrote to memory of 4244	4316	chrome.exe	117
PID 4316 wrote to memory of 4244	4316	chrome.exe	117
PID 4316 wrote to memory of 4244	4316	chrome.exe	117
PID 4316 wrote to memory of 4244	4316	chrome.exe	117
PID 4316 wrote to memory of 4244	4316	chrome.exe	117
PID 4316 wrote to memory of 4244	4316	chrome.exe	117
PID 4316 wrote to memory of 4244	4316	chrome.exe	117

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection	msedgewebview2.exe

cURL User-Agent 6 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	373	curl/8.9.1-DEV
HTTP User-Agent header	377	curl/8.9.1-DEV
HTTP User-Agent header	378	curl/8.9.1-DEV
HTTP User-Agent header	380	curl/8.9.1-DEV
HTTP User-Agent header	382	curl/8.9.1-DEV
HTTP User-Agent header	383	curl/8.9.1-DEV

C:\Users\Admin\AppData\Local\Temp\Bootstrapper (1).exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper (1).exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3240
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:3576
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1444
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4616
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2036
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5420

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 8678E567639FB450133760DB7B891E71
  2⤵
  - Loads dropped DLL
  PID:2696
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 57B483CDFE5A09304388343D5911066C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4828
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D12BFCDAAE1AE2ADC03F37F24BB03C68 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5592
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5732
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:5796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff51e8cc40,0x7fff51e8cc4c,0x7fff51e8cc58
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1972,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1964 /prefetch:3
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3320,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3740,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:444
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x23c,0x244,0x28c,0x268,0x290,0x7ff629084698,0x7ff6290846a4,0x7ff6290846b0
    3⤵
    PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5008,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5100,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5360,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5260 /prefetch:2
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5080,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3252,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=860 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3528,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5016,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4420 /prefetch:8
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5300,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5796,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3788 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5888,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6068,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4492,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5892 /prefetch:8
  2⤵
  PID:5152
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1112
- - C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:5916
  - - C:\Program Files (x86)\Microsoft\Temp\EU145F.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU145F.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:5012
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:508
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3376
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1340
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4060
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2964
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDZFNDIxNDgtRDQ1MC00QkU0LUI1NTUtNzI5NTgzQ0ZEMkUzfSIgdXNlcmlkPSJ7QkI3MTAyNzAtMzYwMS00QThELUEyOUMtMEQzMEFEOTRFNDEzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGMDlDOUIwRC1DMzMwLTRGMTQtQjM5NC0xQTRGMkNBRTQxQzB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MDU4OTQ5OTA5IiBpbnN0YWxsX3RpbWVfbXM9IjUzMiIvPjwvYXBwPjwvcmVxdWVzdD4
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:5596
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{D6E42148-D450-4BE4-B555-729583CFD2E3}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3480
- - C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 1112
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious use of UnmapMainImage
    PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6016,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:g8wwMZpmXCF3OHoRq56jeTeFfUbVxW7eJNRrnephIyXeJKhbnS00vPY8rmR1moExBrZW73l5jet-1GvNDVDgJf1miKFsAYeGCcUFO_8idNv229ESkKD5hjuXH-A6lRA9FLGyz7r_2qxAMFZo4mYm3mRpEGzAR2yPzYcgcTJVuKtrgYyN_vMjZpV1P1HtGOSTvPVk1-6rTzQ-qC6vburUKvsvo6yBWX_FsytSC45Z7AY+launchtime:1733704967140+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1733704865793003%26placeId%3D95206881%26isPlayTogetherGame%3Dfalse%26referredByPlayerId%3D0%26joinAttemptId%3D8cca635c-4a4a-4764-ab7a-98f3882ab468%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1733704865793003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5860,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:D1LMKbzgtVnpKYN61I1KPMa4OGSLhw6wgum-8wCuhikr5rBteX1cec8prGsadQzwGYaXdodJNyZxZbQZALHbJ4rNd631SUBedHNcFWxG_O330KnnptZEoCDLLzOibRlgtQhxJ161FqYnDeVjLdAZkB2eh9FFJOVaqdWK57418MVTiZAs2dVxmBuOJAV-4I7hSJSKLVy9KBsnkcj2R7y9ww2lXqu95hKV8JaAcfFp0OA+launchtime:1733704967140+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1733704865793003%26placeId%3D95206881%26isPlayTogetherGame%3Dfalse%26referredByPlayerId%3D0%26joinAttemptId%3D8cca635c-4a4a-4764-ab7a-98f3882ab468%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1733704865793003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6032,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:2la1G3j4nLldyaK0_e9B0LGiRwBya-LwEvrPJdulqlweLUbfW6YUn0Nx4dlHedmmjuErEtV0hDE1L1l9OY2ivM609GChetbs4keXrJl3OQ1lbr2VQk9LLbl7eT4JWRN2T3b0aR-j3NfCJFmRmeSkURXesIHwqza_YFrLK3s09aw4m7PpU8qk1x5RD2gt8eSTbYGBopFnbMkgIm_0tPTSFhW_AMwRBZ30ZlG12Mt9CyA+launchtime:1733705207803+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1733704865793003%26placeId%3D95206881%26isPlayTogetherGame%3Dfalse%26referredByPlayerId%3D0%26joinAttemptId%3D11faba86-b363-4529-a015-a1cf925abb0b%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1733704865793003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=376,i,6404635867622553763,15035618529267680211,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:Wif3v64QNf2NoZlCTw-Mn9UBHczWI60Xa9890mROK84ErEjssXwiax97QnKA_GgG5RSoUBQv8_OZeAl8IItifzE0vc_zHaJf3jI3xQrel43cKsZ9o2hd6SlbKl-Jdm4ViLFX08Lmd4VTHsm5IQ52UQyiQ1I46H6ZakPEDZuknPC3c0UAAGCpdwkHoc6m6C1IiittNrqUXUHpNdARX43WRZsHqBS8B8O0KX1_Ufqoft4+launchtime:1733705279864+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1733704865793003%26placeId%3D95206881%26isPlayTogetherGame%3Dfalse%26referredByPlayerId%3D0%26joinAttemptId%3D8fca027c-48e3-4e0b-867d-b26ed48a74b8%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1733704865793003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of UnmapMainImage
  PID:388

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1384

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5204

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:5184
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDZFNDIxNDgtRDQ1MC00QkU0LUI1NTUtNzI5NTgzQ0ZEMkUzfSIgdXNlcmlkPSJ7QkI3MTAyNzAtMzYwMS00QThELUEyOUMtMEQzMEFEOTRFNDEzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1MzJCMDRENi05MEU1LTRGNkEtQjI0NC02REVDNDMxNDFBRDh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcwNjQxMDk4MjgiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:2348
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28711F55-BB4B-4BF5-A417-7A2439A57ED9}\MicrosoftEdge_X64_131.0.2903.86.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28711F55-BB4B-4BF5-A417-7A2439A57ED9}\MicrosoftEdge_X64_131.0.2903.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:4312
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28711F55-BB4B-4BF5-A417-7A2439A57ED9}\EDGEMITMP_C4D5A.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28711F55-BB4B-4BF5-A417-7A2439A57ED9}\EDGEMITMP_C4D5A.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28711F55-BB4B-4BF5-A417-7A2439A57ED9}\MicrosoftEdge_X64_131.0.2903.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:4072
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28711F55-BB4B-4BF5-A417-7A2439A57ED9}\EDGEMITMP_C4D5A.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28711F55-BB4B-4BF5-A417-7A2439A57ED9}\EDGEMITMP_C4D5A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28711F55-BB4B-4BF5-A417-7A2439A57ED9}\EDGEMITMP_C4D5A.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.86 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff655042918,0x7ff655042924,0x7ff655042930
      4⤵
      Executes dropped EXE
      PID:3176
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDZFNDIxNDgtRDQ1MC00QkU0LUI1NTUtNzI5NTgzQ0ZEMkUzfSIgdXNlcmlkPSJ7QkI3MTAyNzAtMzYwMS00QThELUEyOUMtMEQzMEFEOTRFNDEzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyMjBBRjY5Ri05MDhGLTREQzktQUFGNy1BRDk4QTNDNjA0RTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMxLjAuMjkwMy44NiIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzA3Mzc4MDExMyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcwNzM4MTk5MTciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NDE1MjQ5OTc2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8wOTcwNWViMi0xY2Y0LTQ2YmYtYmQxMi04MTA5YjMwYzMyMjc_UDE9MTczNDMwOTgxNCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1JYWRRUDhKV0NJY3VtNDNPdlpBb3BnZWhjMG4lMmJieGpRSE8lMmJ0VVV5SXhCdHdWak16VTdGRjhNQmRjTGdjeTJhMnZzVEtoNUN1NHZkMVdnMmFEZFJjdHclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzY2NzY0MDgiIHRvdGFsPSIxNzY2NzY0MDgiIGRvd25sb2FkX3RpbWVfbXM9IjI3NzY1Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzQxNTMxOTc1OCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0MzM4Mjk5MTEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjgwNDAyNTk4MzQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI2NDIiIGRvd25sb2FkX3RpbWVfbXM9IjM0MTQ2IiBkb3dubG9hZGVkPSIxNzY2NzY0MDgiIHRvdGFsPSIxNzY2NzY0MDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjYwNjQxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:368

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:5848

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:5404

C:\Windows\System32\ewkptm.exe
"C:\Windows\System32\ewkptm.exe"
1⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Bootstrapper (1).exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper (1).exe"
1⤵
- Checks computer location settings
PID:5324
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  PID:4008
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:2592
- C:\Program Files\nodejs\node.exe
  "node" -v
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:384
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:112
- - C:\Program Files\nodejs\node.exe
    "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" d0cfa5a99a9b44fe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:6024
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=112.3700.15642452682920337076
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - System policy modification
    PID:5748
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=131.0.2903.86 --initial-client-data=0x178,0x17c,0x180,0x154,0x1b4,0x7fff52316070,0x7fff5231607c,0x7fff52316088
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2696
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1856,i,560096201715055356,11165063341322739149,262144 --variations-seed-version --mojo-platform-channel-handle=1852 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4396
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1932,i,560096201715055356,11165063341322739149,262144 --variations-seed-version --mojo-platform-channel-handle=2024 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:932
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1892,i,560096201715055356,11165063341322739149,262144 --variations-seed-version --mojo-platform-channel-handle=2356 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3484
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3588,i,560096201715055356,11165063341322739149,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:4320
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4388,i,560096201715055356,11165063341322739149,262144 --variations-seed-version --mojo-platform-channel-handle=4848 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2300
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5088,i,560096201715055356,11165063341322739149,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5168
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5000,i,560096201715055356,11165063341322739149,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4796
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4996,i,560096201715055356,11165063341322739149,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1768
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5092,i,560096201715055356,11165063341322739149,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5136

C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of UnmapMainImage
PID:3120

C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of UnmapMainImage
PID:2068

C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of UnmapMainImage
PID:1768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57af2f.rbs

Filesize
1.0MB

MD5
3162c3c32c326e94f79698a0f01458a3

SHA1
61507c36d97ca3fb7bd35b78d46f6066c37545c8

SHA256
d97f59a74535687aedf68f4eb2079594a24bfbb58ddab513dc0c96cf4b061b93

SHA512
42feb70f403f58eebf49f975485974e20e69864eeea62bd9c7b4f5de5019ad3d58cf63007567bfb35f3c8eb22b57d696365408d6b8c29044ba82cb14eaa803f4

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\Installer\setup.exe

Filesize
6.6MB

MD5
69221ee7ef83d7eb340857b5833eea14

SHA1
d7f27c64b62eefe2c204a323cc812fa56f58ce1e

SHA256
ad14d7268ee8a9c3c89e7cf62a8a9b713c9f37069fe85b3f8fe525dcda8cdfc9

SHA512
8df73f03d7438082b9e8793f5346a7385c91139d879703dd8c32acfdacb200c18231a5a9cedd7836c892ebb7a8888857c68653728b9027ca1f483a1751fbe2e3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU145F.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU145F.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU145F.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU145F.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU145F.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU145F.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU145F.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
7.1MB

MD5
e577d441afe20df31cc18ff84f607ee6

SHA1
68bce38c9f919f5a5b0e8de87c70cc0e377032bb

SHA256
adeda7d3636b45f5f4e5012fe8a43cf323de8a3f119961d3367e6a426916b45c

SHA512
f0debbe13fd22f2131f852f2156425f2b50e052be8b221059bd236fdd91e922fb908939d56c03e538a73b71a94628421827ef53d5bdcc06e71a8959f41222a8d

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
c8120505023aca6402d1d30b906b5ce5

SHA1
01777758917330c693f146a07e3ba45cc63848d5

SHA256
62a2faa912b8fc8f39026e340a6eb40dadadfd35036304b8827e3be5143bd7f9

SHA512
33860f24cd38225edd5f49be2c16f7613b0bf06720ee63b167bd123b77e61dc43faeacef53552f7ba086d417e35efd8ed181aca15ced8df8c4623067d2309756

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5748_1302312908\adblock_snippet.js

Filesize
2KB

MD5
f5c93c471485f4b9ab45260518c30267

SHA1
ee6e09fb23b6f3f402e409a2272521fdd7ad89ed

SHA256
9aa899e0bf660ee8f894b97c28f05db06cc486915953b7f3b2ff9902fa8da690

SHA512
e50a1baf20db9bc867e85ab72f9976430e87d8516ca552f9342a5c91822c9e1404e4f915042d48d841cca3fb16fd969bf0aa01195791ce29de63c45814fcdcda

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5748_1302312908\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5748_538828732\manifest.json

Filesize
80B

MD5
077da41a01dde0173ebbf70d3b7210e2

SHA1
4b3c3deeb9522ca4ef4e42efcf63b2674f6a5c07

SHA256
23bed5c8ebea0c376483374bad7baf633a7e52f3e0a609371c518e06e645bda0

SHA512
2822d02e2b3c6306e6d71fa62e7f472b4c3cdf0cbe499b70ac60a0a50e547ed47c394d7de88bbef2e6015920442b9d30cbc0d6869d154e02ec251712f918deec

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5748_980274475\manifest.json

Filesize
102B

MD5
b3b44a03c34b2073a11aedbf7ff45827

SHA1
c35c52cc86d64e3ae31efe9ef4a59c8bdce5e694

SHA256
e3649c54fd5e44cbb5ba80ef343c91fd6d314c4a2660f4a82ec9409eea165aa7

SHA512
efa957a1979d4c815ecb91e01d17fa14f51fafdde1ab77ba78ea000ca13ec2d768f57a969aaf6260e8fd68820fd294da712f734753c0c0eda58577fe86cfe2c5

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
80KB

MD5
d64872b70eb6e5feb574d698f854ad72

SHA1
752579330e8a9ece8ab69616c759f8a9682e5738

SHA256
87aeaca0eaae90946da5e3ea86b5a1f5f776603aef87e648ca8099a572e6cd7d

SHA512
13c6350c203f32661529e6b176bd8846db0b5c6814f6a1948285b275ef80c7c9b996a005c34454c23857fbbe0f0c04f126f9740e5c3cfae494b37461d2db10c7

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
159dae13f009013f4382d44aeb5f9e1e

SHA1
87058270caebda370c2f83ff8386c0935dc348c9

SHA256
ea9dc5f9477a4ffef30a4406ee91c7b6ff9973e185979376a97a281bae593d80

SHA512
1495a4d4b78d7bfc47508a160b90c170bcc599d889e04ea414b90dcd6eebdfd85a825854b2f502ae80c0ac76a9f031d618df85295e21cf8b3c8ff8bad87c3ff4

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
1KB

MD5
f99578cbb21829681976d55550b18a98

SHA1
a07123e9086e2c9aff25d945b688481951e2e921

SHA256
776bfb97ee097b158dd24816b846c3c5adf22cb69aced630478244b242e41d05

SHA512
c9b1a18447f892368f01d15cfc6b675e483fad4ab245901d65263f5e565209d30d70a95f11d54ec77878df838dd8138fe789566f6216a1c4b3b328bba08603a6

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe5e9103.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
70da5c259b968435ac9c85bac7319b1b

SHA1
f727ca76e62d86c94c2b2296fbdda150257fef68

SHA256
70ed24c75164e422d3d53a8e2b2504da42b5982afd181e8c1b66345b94714b24

SHA512
0bd66f9abdc2967085f2a8ab3e981eccea3c7e08c8bdd670b5b5794c21038b1e89312e1490a74c0d9b46aa0dcacc18d2874b36caf7d3ca2740cd4b95b7b9103a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\dcd5f8af-896a-4cdf-b2d0-fa83e79d87f4.tmp

Filesize
6KB

MD5
645075aa6f29eda5bee8cfbb16523d4e

SHA1
c613711b53b969fbd0159ccbd7aa0e4d3bd6ed82

SHA256
938c67130659cf620979daf84878c8eed9ee0a52fb4fc1bbfc69cd4dfa30e2a8

SHA512
8cec9dbf5750557d5d6c5cfd9980661b19d7faf329889769d9ccf26677db76326bdaf685cc44aefb9d90248f310c4afcc586ef3705fb715b2e96d83aee8ae472

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
af59c8c4fa063f45b67956fdb3a2d994

SHA1
a9261c07b74b2bdf0ccb5dff2b61982e75e3d5b3

SHA256
ff73fd5c63aef52afca8acbb2ab10bd446f396291c5b1ae04c02e05a2b554eeb

SHA512
161b90a95b9089382ca2a08853338fbe2207cc1197dacd3f9e84aedabf0f49f970597c8f0acf7ab8c081adef445256442147d92b36b86dda2b76e9a3641cd570

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
2KB

MD5
685ca4d3d59ef96fc443276ae5fd3891

SHA1
837cade04dd4823a98f089f5fd93d130a74dddeb

SHA256
746a93c41dcf22bf9c733d677fa9ad5f9293a03e657c1e28ecf68e8a955e7d88

SHA512
fd04594d6c618f3b7bec4ab88b72c319d6de642ac41dc351684dcd8425c52d16c1df11b2aed5dd5fb1089b925d45db9856bac41506ca7b21b21d49d34be5fe5c

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
4d4aa2c9fe5ed9fe84746d585b574795

SHA1
1c40c5005d81ca27efc7a0eadd3c8e2ddd8ffcbe

SHA256
69adbf49dbdce388866c625a2eb760b22a8adb30074631e67ac193a8cdd30f39

SHA512
c19dea4e26754405cc4c978660b1048d061a495884857e41207273455870c85b7b43626bfe7c698c62ae0e273cf8e657a9c28c7b8118664cc77f7940f5620896

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
e7e1283600b8093c0818041dc54c15e7

SHA1
b53554dce239f31f5b55767443a012202d84b4f6

SHA256
ea44aab37d05c2b06cc77042080912d07754cbaaed39afc4c157b0c1574014a3

SHA512
4be179b48311b5e1e669c423c4fd52df60076fe6018ddc1a53c88f1724a4375392642d59f8256d7979844cafe1b84306dedc2abcbb6ca0ba3e26d2cfb872ea44

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
d9190d2c9390d13aa39a65473f2fbd3b

SHA1
adc37fdc06414f819ce50baf7d6b9bc9e200306e

SHA256
63a7b10e1b8c8454c435dba8a29562a609fdbd2706ce49a542cfef81b1d33605

SHA512
94eb795a4e0831b774094a62e0063fe89926d34aa244a18d514acb21ad5c8a548c9287f4d20a718d1931ba0182d2f6ca8dd70347910432f3a495d26e015dd4bd

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
16d9506d0ac810992834f6896e81b577

SHA1
b17fc00aa5eae7edb09060368a0445e45e73f670

SHA256
68f538bd4cad27537c64d975cfb7bdf844e4184cb8e8bbd0d1c337558082f575

SHA512
95e7f5407706803e922ca6a1382c81f69a2010a1ef51633af599f1e632c5c2f9ea1da1bf225ae9dc9aaaaa9553d231e2b7543c079d5e2fa68e389dde5d808af7

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
17KB

MD5
2748057f2032c5da2cec7bb7cada37a4

SHA1
c41b9346a17b88990125a4af73f76c0bd1eb4795

SHA256
2276307b5495498c10a85fcd91bc33c089fe6b35ee5d3f40f9d716ac6be03169

SHA512
8260a346cfd9151784b3beee37fe6ebbb52c53cc8bd95b6973acbd54a1155ad572e2181910b29aba9486b7fedd6267ab128f427fdbdf53fff7d25ee267faf6f9

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
17KB

MD5
d7059619db4b69ba3767bcb806c33127

SHA1
e2f87cd97696cad67b56bedcbcb2a02c1805cf69

SHA256
f2da4719cbf5cd997b29223195606e45f65199fb0230b7702f16659c55fffd86

SHA512
71750ae237ad316f0d0f121e41650b6e67995367e15fef886335cc64deac727438ef1f185d1a1af21e37acd7b12499c2cf3ea7e8db0d9253227c785beef6625f

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe5d7d41.TMP

Filesize
1KB

MD5
048dbbb802e9f76204f97abe35f349fb

SHA1
2cc7ccde944e517595c3c1549bc3567fb01fbac5

SHA256
e8a0747534db6715eb465a78790de2d34870261675b3d6dc8a4d64434415a15e

SHA512
bc20ba39422493ecbff0120d598d1792d04fceb04a4c1c0f5fdf457a92156f2ad7be507645c99bd948960265ea2bf955334dca5b89e780c8cfabc2735117e130

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\PKIMetadata\14.0.0.1\crs.pb

Filesize
289KB

MD5
5533fc3f4c1820b787df3ec6fdc2ef1a

SHA1
f39ff89fcc1af711e8127c52ba55c8ad347e84a2

SHA256
56711adeba4ecafe298eab09cf0ef2f1d7f3260a2aa4366b927029781d270938

SHA512
5194c0562b8cb8e23fde7b561b00dd6bed93782f2e9253324a8e8ef05b69b66a549f2061ff3a9010a73a1412cc64889bc93931d0f212b8a68e39838dabd8e811

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\PKIMetadata\14.0.0.1\ct_config.pb

Filesize
10KB

MD5
f9d04f6b65d1a463f1a01ec39b77622c

SHA1
8f13311afc943d362dbb332b1c0fb289a722547f

SHA256
b42a2649782caefe33aa7f546a02b69bb292a0d4c8ca48602bd9c8dc623b3588

SHA512
16b6419a5d1848abbc668fff08b767af3e01abd71a94341baad7344c0dafa5951ba8e3bbe8561d79fecab03b720e0293e22b49659961d82587d3c7956addd71a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\PKIMetadata\14.0.0.1\kp_pinslist.pb

Filesize
11KB

MD5
fb4c5e847d5f30be002702ffab8e928a

SHA1
30adae5ee6799e233e29cb6825bde492ae6dea98

SHA256
2fa10f05494714d062dbac514989f544036509e4181af8352bf7f8c3b7ff2fe0

SHA512
6c0792c37f44835a10e412dc889e64bfb740337c0a94ae360149c7987216cee168f4b70a428fa9a63a99fa0d35640727450e1fcde735b42c6108ee3f9457f72f

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\TrustTokenKeyCommitments\2024.10.11.1\keys.json

Filesize
6KB

MD5
052b398cc49648660aaff778d897c6de

SHA1
d4fdd81f2ee4c8a4572affbfd1830a0c574a8715

SHA256
47ec07ddf9bbd0082b3a2dfea39491090e73a09106945982e395a9f3cb6d88ae

SHA512
ed53d0804a2ef1bc779af76aa39f5eb8ce2edc7f301f365eeaa0cf5a9ab49f2a21a24f52dd0eb07c480078ce2dd03c7fbb088082aea9b7cdd88a6482ae072037

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\ab326b5a64fa2db7\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a1beebd2e9e3a3cc4e4ae120aff4ed8e

SHA1
0792c0350c43f517c5845a9ea0f409ada81298ae

SHA256
4f6a53b229bde804a98528868a79661e08378758e753dd02a39faddba759ef11

SHA512
265f44f7dbea0f229167e327dbb3e9359195cdc65005efeedabf81af966d1916d92437cfcd3c13a32af77f529738d7d0fcc6e1050c30ceeaea8f98590b502209

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
92KB

MD5
8d90806f43872941b53aafae7b6257ba

SHA1
b96d82a48808a027b07ebeeed7d8b1b1541bc7fd

SHA256
2d4901efd03b3da3cf7205a2205576d12e4d75e73d951babe1210b9bc8ae3e16

SHA512
a07c8789733f2fd109962649255854e53f7b62466adbaeb1499e0c00848572f35763f3c68f27dac5b7d27de25ef82a77f2ad7d5a177b11b8d5c352931c8db83d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
88b78ea9d5e36db93c6b61bd1d014f1e

SHA1
daabad08ddf383d65c235d9a17cc5d8703d4c480

SHA256
ef2004846f3e9e35bd442b38f7e9290936c2c41f85ffaebbdff9e05b59bbc5dc

SHA512
412590cba6d213ad70fd4e86473dc234dfcfd82ddc00e9a5f059fcdf8f9a45b234672905d06a8a642bfcff47ff2dda51a655811ce832aaf6dde3b2d86fca5d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
079559c2152429f3e18fa0efc4a782cb

SHA1
3598a3d0fc050505f1958e26b12c39db8b740b14

SHA256
5b0721ca5d943e89edc9a170f456029e68cbe7d497d0264018117eb78ade9b8d

SHA512
18d039e60edc0de62e95f42ff250b30f72e06aff8c25ef2a3b2816ac4adec4b2be2f60a10e4f31d2e5afe4e7bdff7a338fef69e9001d8ac956675fa642ed18f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f47faaa6768c8f57ef7a1e6a559a0e92

SHA1
adfd81719a2a0f0828cb0665f473242f966fd5b5

SHA256
43fa28c43358838da4760eb313c38a64de2332b50458e23cfc70eef92b736866

SHA512
76c1f4b55fb2b594466e9a7bd5f97dd9da0ed9ba4cef96cdf88a51b7e40791a471c7271024add1532b563de7b1e345cd8c82080fb815eaa58420fe6b6ab8094a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
38c7cdf023a9c3639f93ab9b8fff8aea

SHA1
0947fdfa7e769d891369a805c5aca959b2ab22d5

SHA256
71a78bdcee694ded3df8eed7518f9a5933aa8a1ab1bb9e51d940bf9c0d238295

SHA512
1b5d856a1a0c1d81126333ac631e6b2ce73c5b16d31fa807ce5c6d323a142c2c01587716db6378a979f217581afb9661b2c78defb4daf7dfe475641faf4c2363

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
ffc65956de34f6a0342d8b9c84a16a03

SHA1
5647ef7e31df1849488ad5846a23354b7a1bffa2

SHA256
5a24b7af59a90b7c4766f1a98429774a70fa6c1c1bba68451ba8065bf67ca6a0

SHA512
b8bd9e9b16cb71157bf3e4e8284a111972036ea3d11c3a10dd0ca38f27acbc5c53bdf3ccd790d573609f47182b7ec58a4065ce4edf4f07b38ef1dc072f3279af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
bddf5c5b293d4e75139a69be2d17d93d

SHA1
46b577f1e8c26e135a9dd450b622471fc0c03914

SHA256
642ac2488511a57fbeae454462d13d75c8dd29976145df0b50a0a150ebfd84e7

SHA512
17ff4ee66db5a235e99233618efc56f0f11671c851348c210649f6ce18f4a99c1636586fc8b0995921f3fd3401f0f0dc56410c614410a39cfbbad5dfd3920150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5a47a9.TMP

Filesize
510B

MD5
e322bc522d70277ce4ecaafe83b75041

SHA1
b63533eab5888175a6822ce986cddc724957f279

SHA256
724b2a8ef44fd4c03845f3a8075f2bf4fc1c73235abe0032308ddd4958428e78

SHA512
dbe5e9490a235011ae74995c2ea2ea14931811da28fae4f427c507aac0b79c7f4f95799155d01a80c33d072d3d9e85f8c505b1a4b2944d61a00cdab589b3ba36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\17bfa7e1-388d-4806-bda4-ca56ad6f0bbc.tmp

Filesize
4KB

MD5
379038026fd9d504c6b4da4b3231e475

SHA1
4ed044e2b70c91d7a1ef396d1db151abc1c9691c

SHA256
bac7c325ca45ecad3384548763a87e1e1598eebd821cce6afc8740c27db0154b

SHA512
91ca1d69eda5fdb8fb3e353fd2fc26403ee47c2e00547df1eda2b7a7983f1f0caae2d43811a566be1c726c05e7b1e32e02650a878bc2bc329c2300919901f037

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1aad21f3e155797cf61adcd6fef645a4

SHA1
553bee59e01e60e2616f25721adca795ec4e5cb9

SHA256
27783cf7c3a6cbbb54c87b9ff4157b7674cec8c196b58e8010edcbe8b397649f

SHA512
13b8f3a823fa931ce678944a88521c6f253254ea239390e077ea6bd8b8aa910fa9a2c58363f249457c233b0349d97ebcf99d9d866e60dce5261f46320a0805c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
aa0ab6538ec910992c4063e9bbcf9293

SHA1
678dc7bc25104f66a79e3cd1d51c4846655513e5

SHA256
079cfb0644561682f4340cf67ae4c780a2d79da883000e52d1514ceb20dfa266

SHA512
7ea7cce20ee8637317fa4909d8b74cd73e36f5aacf11156c424ee35a9d759bcde8b7c25631327f537113c832227b2aa106c336fd3e63f8a091e88d4f75d3d21b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
dbfa8d48ccdbbb3566d479cc0c0e4820

SHA1
abe6d017ac3af7924cd495daf4517781e5b59eb3

SHA256
9065828a8cd4df17a4381a71da8431674707b4d26da41dc5914177fe5a155ef0

SHA512
6f236ee9a29098a6fd3838c561061a111fb1069705458d6d0aaa9280987bbcfb02946a5a63253440878d1623a945a58944dc4cd4aeed0b500f7f5531dcea8894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
6ccd7ba80d9c09db64ccd122ceda040c

SHA1
d49a0ca98e0ac96d720f6ea48424582254de5716

SHA256
613c15c8823c301b80d28892cf1a0a0c87d0cf7be6096e410fe608726681b259

SHA512
05d399d6c75e871639313a89592fbf4053dd6d0918bf38550056e80b34cfe48b439bb08e14d3535708ca43d8879aff75d4313e2344749c9e02c74860105d4006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
889daa585a9857a245e2aa321e8d7109

SHA1
9e478962cb36a64bea3f38b5b8cae1c05013161f

SHA256
36c970cebce176b998bd59bd84614994518dc32f27b737f02ae29e335c121bf3

SHA512
977dbdeaefdb7a5d80c739bfd28129221e243a603a60b53103af5b0282492fa786d1a0cbbf655d3aca23622b80dfa6cc2ec7b5862149575c98e5a0ddc128e27c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9cd7bbca4c7f4a1ad6978a1e855baf1e

SHA1
9de9b153380bb06e73883a2d3a03cedcdfa4db57

SHA256
f4a6f7418984287307a520b1faf50e13ea128a1bbb9a2aaacc09fdf30ead3d71

SHA512
9d9cd8e17fd4de16eaec566b4602d6d5fb94088e2014e344da633a7c276943b42378f4027f35da2183b711c95eaeb4fd1a449ca4272c2cf3909bdb01832cda65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
95246b3fd4f494f487893c17400b42ae

SHA1
5fcb08fd9c30d84ad8225b7545c76ed72054a54e

SHA256
bdbf4e18bdb92c8cc95a5a5eabfdb27f11b0ffb2ae57e47155424632523850a9

SHA512
2e239b967cc0895e0cac60a701de8e8f84b6c10d51d3b0aafa4b6bb181c36891a6e950a629a01e53ea21c19207f4c3074f2e1a27d393192bfe000816a83bceb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fabf8ca6b3a531298f3ec274acd7846a

SHA1
9f9c3f3514e91876763b492a56ffe009cec3be6c

SHA256
02dfe21e4e42b0292a44814d43c501cd8d31e4bc7e5c8a4e367af12c2f6c2112

SHA512
728aac7af3a903aa2eff584306976c6012f558da85f10159e35f0149875b8ff0bee112ab9bd80cef880f8f7f7c3c9f6bc7d4c3c4c1fc396b581d5b45c2c1035c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b19041ac1ec2ab49a73834bd89c327fa

SHA1
9b9439b10107f880d160f208888b5e640b83b2a1

SHA256
bd34b0abaf7391076f18d01ee543ef0156ea2c706109825985c61efee2345ef1

SHA512
68f2a407b493e3563762a0cbd732ef2cc66be472f0e1196ab38f621f8b5be507236d52502ae45c198d3f7943ede3c2780f0419261fd2fd1f8fed96fdd2d52609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c4690b844168cdddda486294bd027b11

SHA1
f530b345201c5fd1cb6f51806374f4fd453315b2

SHA256
a2d5c3f1890f725818fce7d146a3075e6985cb134a7caa6e88cdfe2b4368cb31

SHA512
1f2ac8c8b284127554bda5f99ecab4f1d03ff8cb79e9f567b71697f8710777446934c222d4feb3a5a73e9f2aa0006a8a251e10ef3169cbe9e540acaaa9e845d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7e4dafd08ba2d74804d60ff40c15afe8

SHA1
0c95da2994929673f5d0dab8b859cbe01d34d82e

SHA256
4508e439b233e7d134c5add9502b48965be58c456507cb120286332ab73b26f2

SHA512
e84ed19f168f1c348c57902826bc9a0523b57f7423e78727e925294b343afb5e68abf0bc347d17534a3c55bcdc4d1281912755c7ef704182bee5e744fbf8f1db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a6d33d840b54bfbcaa715fd8bedede4a

SHA1
92126eb40b9ec00c1fa60c8e718c2ce1fece0746

SHA256
4933d9b5395e21cd3adda17f1337b783850bd8cfc2f535d395046456a617eefa

SHA512
754ca1565e728bb8f2420a367a9837fe782c8007f634b243fffaf128525bb53d6254cf9a33efffa445f5599c0ea8d5d763688a277b1ae55e14f5fbbdad26ffeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a519ebbcce002625d0dc01e0282fbb3e

SHA1
ab21db41caa4c080e2aaaf1511935eb4778d387c

SHA256
99188329f51b52c1bf6aec0b00a01833822622f223ce3d8f3d469118800a3af1

SHA512
b75dc98bc1c209309299d2d28d85df26f8d2699f6ae1e87159fdfdc60e60f4dbc45dbf44308fd45d641058f61f25b6579b1b58f52db52476ce58d641d51d159b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
d6048a6caf316918078933dc17d361c5

SHA1
a82663e6a643b7bc82fc2d1a90fbeefd0f1c73bd

SHA256
3471ccd89c11684095072e2c197fd224fc07aee25386b9a07c19acf8110836fc

SHA512
541071f1c72a7ef122b39d129629901da0bb2b51c2989d30f7ca6ed415e2c6cfa39e3308dc48716e14f4d6e85a3f142702910e7ef8f8f9f84e73e56c74d31bb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7ce7f5ef0157075c2fb1a3ca44b0c017

SHA1
fdb5fe56ebafdb87be034dc07ff16b0e9bf2ab3f

SHA256
212267c3265271b5b3b254d568d85cc12fbb773835b032c706fba0a11048a976

SHA512
2d038efd7c5423bc0101c37c403b447c3405fcd1cb5a3b33f87d4593c93c35986545ca9ea59301eb36e493c20fc4b5e48b276ebe8dd28079fd38c1f1648ad8ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
8a0edc6a84f79d0111b8b84cf97de7a3

SHA1
22155ef75ed61ec6e5ef63a517c61977cc9d5a53

SHA256
ef88a9a3cd1ab26831a508489374879116001944dd2512cbf96a918466a27e92

SHA512
326cc7692a19c43d2f486e6b12d2793007ff88abc30c2025afce267cf2384672e9a6f69f48536ce3b4494a9935d2e1bc9e4a047f84db5773be87e34d177e46f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2cd35f554001dc82333dcbcf613b3b58

SHA1
269240a6c9128a79ecdaf466cb507558b95368a4

SHA256
6f2a2bb1c0a2885cc6e9c03ec247074a20c96418e3d87c0bdfd0bcf6dd0b3d9b

SHA512
4609b55a9e7301cb8fb1537da1605d0c0dd936ddb22b19351bfb02488fa9d0259249b5d17a4c4f7ecbe4fb1ba44114697aa26234644af600dd2450d2a641954e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
ecca9373a1091c83f2fd2b057171c3d1

SHA1
d79dff6d2e3dd6963e7a9c386a03cfbbda4818de

SHA256
07f7e7b3ba4496fe48c58c24a59bab97b548693cc524c310927d83fdcc341d7c

SHA512
590a359e42ac7c160899a5c3db50123d0069f524d5bd72b4a47b0443262d9a5b034aba76415d76dea5b656a1ca6283d3e44189c8617d259eb9fc639da00af219

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d59f12c5192b8d1b3003fdb054d11921

SHA1
04ae0b315c7260b48e14c2525e1ec45bbd287112

SHA256
66eecbe246a6700f391aa65a7ec9be443419bcadf8371c085b15b2f50f322b7a

SHA512
c80722971598ebd83a6e52559ad4eb0fa1836317e2e98ac01874899c4a3ad181212fb6de23c871bedf1068e18ed976caf1cdaee004b532de3372907215dc40f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
29bc66a33bd0947be5ec3917e9a1819c

SHA1
d773780df6abf7804a2fb9315a831eb57dd7282b

SHA256
b5dbf1cd1f5fa53cc57acd1fbb5e0a426bb41a1b865835d568a0c521e9b64eac

SHA512
602897a1e813e85503d337549e870b1f4dae0e132af6cb6ddc77b6835e39a5a83d0899b5a9905e06748638e5aea951a5c50ec78d2f3d25bfd1f0eb94647ee9fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
360e0376daf437b698fda9b968c2b30d

SHA1
661efa938cddca38877797f01d3bd3fd6815d730

SHA256
b418941c8fa8eeadc85f19390242e5f62556629d3a9c932c3d140ba454a2d515

SHA512
41eb7f89b0247b3dd9a5c05664ad2511f0114d981d55f9a93014f7dacf6d575494da94945167c32ed34deacd25581a16b7bd780a2f4069bde03eabe112c983b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7128ade00854b7d7d4ff8cf3762df387

SHA1
10c797d0b18b03a6b19fc6665160eeaaaa0702cd

SHA256
3396513fbf9dd621c38ada42c3bdcc16d28ea1f637e583bde6bdaea1ede71c80

SHA512
3a296a9b2ca83fe6d515e6ff743ab43533c0c6ecd3a13e418b4bb2de4f5de680b0e593ea26d24fa4402b8aaaf6369bce6620641977f8899a5bc5e10bba0b14a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f9ed458e2df9c29039b6b86f3bd64a5e

SHA1
64f0c73d678ecce0fc814c2760db76bc66da5736

SHA256
3363fe2698bd9e3bc68c69ecca3d229b1b9ec29a8289249c0e48ecb2068a71ba

SHA512
869655fb3cc299c1e263d56c292418952be0ec3b284476651dce46c6e75ea4c5167aa770e5d579e7e84b5172c2f82837448d4eae4858f1a91ec6ba18c1fbe6e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e01efcbe611bedf8f883d9bb2a844da3

SHA1
a3da62366ffacf3417a92546ad83fbf9b1f65873

SHA256
15df13ce8a226ec91d948af9ccaedb8ff9ae757e2155f47e22fb9fc478abf547

SHA512
9e4197aef4a81d55cb966347d1d15140a6c15367991a6888fa9d1f8a5cdf69a397732d9aa8fc82276f562aecb95a4eec6ba6e75315a75bbdbef4e2008800b738

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
6b5394ace001bb26116ce912da14ecfc

SHA1
c0b0e7287c8464b03fbfc70becc06e3738486f7b

SHA256
6bdf77b30baa39c484683c0e1e35db33d4ae8bc19f80913a931c80fc1ca4b8e2

SHA512
d36f4e4c1bcc4f44a5508459eb64478a36534469b60ba657980fd536efd3f7248f0a43a4e32ac706fef8f20c0c84f00dd583143b777c66d5228ccb811ba95328

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
44a8bd480de3355a8f8839bc774a69e0

SHA1
d4063a54ff943bd6657576c2b8728af06c52f355

SHA256
af9f573ea0dd09b3b26ac160711f3eb1339d73b7ca78235d92454a8d1b2aed9f

SHA512
7750d0260570f9b2e8ecfbd3bf577ee8d74d3f1a7b0b2ae21502181a83a9adb2bb423ec1e482397b8503527fa40a8af52daa572c1f584c4ae56d8e91af66dbdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
fda043234756a0f2b6d05a02f14918f4

SHA1
9ff341666e1c6011637a2bf03a90fcc47c21f299

SHA256
cdf0514d399d2020ec4b94ad30ed247c194739695989d859eb48580ae83228cd

SHA512
e1457e6b700c0b52497402d01996965153b1e83c27155fe744bfc59002d3e213b1b51a760522941fbf43e0ba8dfdef220f2959861ed836b29e8803827c478d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c71b780608188df42b8e82a969fa9d10

SHA1
c4a06f285f46f0dd0c8382212266c1cacf10be8d

SHA256
86a2bef1b5caa789645c157223133cc8d3d8a7373ce0c474e29277c5c2da77f2

SHA512
94822562468d18fb51efc702539870707797dc23a19baaa921490daee5265372b8a42a53ef05a66d60fed5a6d977286235b8dcd6ffbf4936692a177f2a640b75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
086b28e38cedb94463542f3d9e32e1f4

SHA1
3883f7533730b9e6dc34007f7d384a51093c2700

SHA256
5a402212c2b9c1ca163f38da9f1b1e0652d3e07b565bd6986a96cdebe8a13d6c

SHA512
74015f42fee579686224c62b0d38c955798464f42e174d1bce9e7b6cd8df9575fed5f72c4bd89b343176158eb5da2e31c0da8ee8f2cf8e16a1304437dce68147

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b6bd5d20a848ef068b5b46d3b5c39e90

SHA1
5fc00d24f08b12c7e86195068943eaf62cf87db6

SHA256
558c071e2878699dc77c05efa3c14e913283cecf94ae359f40efeea42e2aa323

SHA512
4e837ad6cb547ccabd6788e0fc09937cd8fcc4258e3fe3f35bdd5e3e851dd17eade9c8c7043b9b287a7636ee2e50b58742b22b2467b6a4f283dd5d43ded1ef7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
637e4420c788446ebdc670b0b2e9023c

SHA1
6ccf4fb45854b0979e8e6f415cc3357ae0e0420e

SHA256
9c14650e18fd9532a2b7b98f96eab5bcb49becc19ff03c0ea9bd783948d0e921

SHA512
ad69a06231bff92082a0d8fac83a20c62acb45146ac41be6b3499b60dd5c0fa1899e6adf3f156950b006ef92d95ba64d644084034c3ba22388f8cf78e38f255d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
936dad387623056b3f6baaf13b5835a7

SHA1
1809d43bac54e32743a6ade1d090dd0e9840e062

SHA256
8b8f6ddbc293e2a0ec081f2e16e046baf3ab6185924bfe0c197e47b48deae99e

SHA512
73fc35c64f4ad152f1a73c7dfdb667e235a58ceb9328157fa2f72daaabccd65cc197eab3cb8815ea3927abe2dfc213ed3bda95c971c307e767db470ad92f6e4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
58ce7e2ad72b970d83d7c74186c999c6

SHA1
8223254ba2af89861116d562cc87c295c5b5fae2

SHA256
a8722e96639fc6ee1e04917373b8270e6f01695b95508711933b410e58fe8811

SHA512
5c1c84a9bedffc39c4ac8737686d10559577f988ee7b6a484088cf6d3b98f8e79a0236c7a87a6ca845b5b3e6ac3325e5ba25e90b8c2831dc6b07d6b102b5aec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
0a4b22ee54302bf45c81f37def0205bd

SHA1
67b99c955e8d3004bde89ffa0904d2df9669ea7f

SHA256
24e26ba18e4f42de30e9f9ade8166417e9cfe803e31428e5f0e74bdf10fa402d

SHA512
d6c1b1e14c0a4580db1e8f4d689b3aeca4744575829e39cd920dec61e34df1a14b6deb83da691db53e33b51bf9b733a1342b4885e24a12b633b7057504b3deeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b233a837124e157af42b07f224b17be0

SHA1
1f8d3cd2135357a87a211c0db319dcb02ffbeb85

SHA256
bbd3174b1003059c34365d5dd0235c6a9b4f6d3671f7103d831e6bb309ae95b3

SHA512
b227f0d76856763509665218aa8d96784bcaecfcc6d2c15dea1af0b0633475c9d5bb2c44af5407c33d02c30112872c21a9cc32e80bb459019d3b7b01c90af295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
eb99a2be42f85abf113f414bc629c568

SHA1
74e6f0529b9fbe4b8624a33a750e9b809ce719eb

SHA256
b5b87c152760bafd75129ddf0ba6bd4ab0bdb6887798600c2088c6baf953a2be

SHA512
4fa129e9a67889e187dfabbc1c1315a72b594d9e7b4879d36657f739d3d7d3870feb2911b5b34739002fa9fd978a1c98ecf9c837a0bc8c43a317ca020c1aced7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1aa60f2c1f4db730d867228a7329226f

SHA1
2899dbbc5cb14b2fad8baa3ca1c2bc3b8340b1d8

SHA256
876fdd4fc20e1d0d75d3e6c58ced6588ba0f57bb2a5e105f68c2ca256c054e4e

SHA512
2ec11ab04d316f1c52aa6da3bbfd678ae48dc1258fec4f078868cfff2d81f54ff33d7fbcc20dc7c12a8119f7775bc0dced395d1aed095c3160f14026384356c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ec53885f626a99f958aa29d63070c86a

SHA1
c73823ac02a56348af0e8feac5d11c9a733a1a4b

SHA256
3bfc9d4c638e443083ca7854c842caa717e657ec1e958c24e0111b0fb359924a

SHA512
cf62a268aaa9a173ef58eae28cddb4d79cac26fa5eb8443be30f68ee364119a46650c9292df583ee3f66efbcc981e048cebbe513bf4675e7be6243d8b80de1e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
5cfc2d4f108eafa2e433a48f73bd1a48

SHA1
381134a42d9d21e4a39856b9187ad31cea7d4e62

SHA256
072a4a12c94bd96900c015a98c81a7e56fc49e6e4a38e8b347351cdba7a86b6a

SHA512
b7229d4ebd386e92e11817227315ba41ef91ba29001cc8819327e1c403948f3eac0fa35cc5fff85f39c66fd1c59fda4adb657bcd60a2de2bb6a8db13cad134a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
44b421e22226fdb14f7577f94eb432ef

SHA1
901a8a39a423a39b81c2d806ba5171cabd3961ff

SHA256
711f6a99af339a99467826333819fc60b64bb3296f166d62111f41dfa012bac2

SHA512
ff0e049910acd7aa3f625abf7a0c667041ff758a51e28efe0ba1b5f6ed4dd9c9fb37703ee5b2ab29f85fadb5a44cea19c71d7288c327d636860972160fee066b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1e8e5067db20056ec8ca047496c1a739

SHA1
3bf86c5b0b19735e2bc5a60d46055e4283403b92

SHA256
3e4051886daff011cd971bd85f94f2fcea66d0c8d5a8c1ee477b4f3f06bedf28

SHA512
41a0c12631901cbda3127e6638ee6d3ca771af40144b09eeb25dbb34cfe90fe65f4ef05a828a11d0088b63565acc1d37457453edff6f48017e9a9fdf6535d17e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
798efa637bb1bf19e426b3f04e41da48

SHA1
31f762ff4aea2d7b6c5f105e99b4c6269065b6b9

SHA256
db626161eab7119f3df51824c4d159a8e8c819a180bf5f9b6d884edb11e50186

SHA512
3e07f442d5a4c84b5f7bea721aecf2d30238bac244344f2b342dd20303b7b1951b72e4cff3510c0bca4c2b9b3adf0b2524aa1a202db2a013753cfbd8101dbcb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0053e13b6cff79c29e65b00ac10986be

SHA1
78988c41279f99697659930497ea05120114814e

SHA256
c0834b5ad047be8435e824f9ec6f23a1eed8bbbde7d8eec1690adb5f9b24f579

SHA512
0ca8ebbfb4fc6c81e0b620439ac8beb491cd253ce63f9d002f710634138c2569325b785184c334c6922a4c06588acc0f3f7b5d3154eb56a345526882c97fa676

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1d40248f304de65e33c62779d8658dba

SHA1
d1ef71efe96e3746be62be74bd96ac2d95b45efe

SHA256
07795c9e2042fa9188d41fb9196e772223acb146ae6f8f72f5256f16bdad6f46

SHA512
6dc7d20c23eaede213ee86e8da36d171c3264ba080dcbfed6502ad6dab70e7dd9e24fdb81cda70d07390af6feba1f00ac16903ed9db640a7bc10880fe7d6779d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4291f7dffc9529503b545fe28bd1bf7b

SHA1
ec4aea3c2361fc948347c961d3596fd984774ca9

SHA256
a41d7d19d1663433bb8767264138b975753c594399a55b9974e09ee754ae61ee

SHA512
6842fe2f82dfdda5d76832fa7d4fe1eb56ac3c89c33235fc54539c1ca7d478eb59aa8904cf8bcfa3f149cf18143c349cf846e6ec0a57115e468b5c140440f200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e30d0af86496fd15839188d68fd76f49

SHA1
6701336014930b8a626b644dd86d643b0b4c6020

SHA256
ccaa4d8d58832a2622181ceb852ca0909f617600adcd2614733de9bd25df0eba

SHA512
c3927c12b7034a44fd1170712b2a4019b7669be45aa80293b5b7874c49f7aabdc12be813bc1e8b2998b67a56a1bd272570233252f9cdd32e11201649128a1af0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a65c4f51889543be2c3b5f1e1313acd5

SHA1
2c8cd1fafaf9eb5089f22b3ae392db28878e6a9f

SHA256
e1ac044991929d5385195a143444d848199b8065d57a474f599d2f8d2626d87e

SHA512
27fc3332da313f7b17944ef78c549b64a7651d5e168de9c2c6ee92f0d49dd93049d6c53d1680db00c8f82c708ef4f301e777a0e81a5043e73bab5d741ab2253e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
623e887d5651db032e0d8118ad5ed566

SHA1
f5e5752228ae19f3c3fe91feafc34e791bade22c

SHA256
122066999490bbb89a537af9dcd5af6c5a70595e4dddb20f7bfe46e9c77d2fa0

SHA512
f682165a1051b7fe7bd3517e5cdcce07959f6f9ed387f7a964399a8ef342418a18f9b0afd7d0f71b9ff0815f85c1a49d4005bc6bf404dc7fef206cf33ee2e381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
177afdb3458c96e2dcc4f6ca690eba1b

SHA1
231a15de29ad0ab93424806b8eff2474209aaf91

SHA256
87028466295102f4c729ec5413dc0fbc7026917a46a01cae35d596d1448fe072

SHA512
dcd075b4da17c68d49a603eae0d6671363a54195e23b1d77167846e8da9337af4f78c86189b062eb9a35e28c12dc402eda08c0a68549b0fa7ef513d9a6812305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bc33369de7c94cd6d76db98432532dab

SHA1
d1e4c916bb266db67091ebd23cc0eb97d604fa9f

SHA256
9456407428fa770425ff8476aec74bf1990b24a51e8bdcfdd49030b6f7ada425

SHA512
2e2b45903425f784d9fd971f91ae8651d7c745713fb40b3dbdf4bcebbd5b5e083fec11475fa17b382846077f6f670cdba7f220bc9c14852be859fdb5777a98a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
da55954e554689b0ee52361d264c24f8

SHA1
e454a0ababb8e934eb7beba6e9a93fb9be7dfcb0

SHA256
3b12c3f2f42bc7ae522fe8f024b8b085b14dd427a0f62add4d80001c41469781

SHA512
a8d591e3ff2f0102bf2d0e6653011d647836069850a378c2e1f810807b07d6c812b3f50545c6fad45e0d757b3e7a5b6c19aa37bd6114602c7bec739da2c9cf76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fcbe4ec09160187b42987356c887b847

SHA1
fa0490358e54de1997d52f831e41477e3efd3d40

SHA256
e10632ba873e087e88a583bbda7b40d869023af08d94a79b09fa6cb25d34d842

SHA512
ce4fdfe3aff839ed87dfd8589c78cc5251af87de377250b1c327a8296e32f48d554685b9230bd49e154bad03b2f7b9318e6d76c7843717404c0682f9be64d4e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
504af04256ed93b33af5f16e41553439

SHA1
5a96d4d4a1bef7260d0185d6dc167c3962bee07e

SHA256
70247b41db1b932892d59c340737da77f470e58838b11207ed9f4765a5756d29

SHA512
a6d14b5fa399e573362b56b9ca374737bad099c68a60bc7913995debd2a9e7498b98bbefdf50e487fd5fcf4868d4ea4bd6d08213c05454a9d0b8134d1f1e3c95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b70034d575e114511d2e90a2219c16c2

SHA1
79f557127f29afad7cb807c1985e14b1bd8ac1b1

SHA256
875402bff01832513294a6949f4315b40d8fab742793a0ee0d9102d30805aed8

SHA512
e05bddf31d28a2752304713835c76409449ddcfb22ef21e684ede6826656c82e68b43a02a676ffad2156c3f46c7302609baebfa9c1ad8c9cf9ea88e9688493f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
edd0cc9525827f5e95b5caa5d9d8217b

SHA1
3ba0bd53bdc621256e28147c0207b7e3ae3869d1

SHA256
aaef8c79fc554e1eeab5e08cf6cd3bdaeed00d729c08f93f322fabc79e832d20

SHA512
ae6960d711bec54348bec36dc661b1a61a4d95ff90b229b9f261f21e5c46c54dc68c62a15a8d616c221b764d0142953ae8ec6817a0d6c489c320126e70a69949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d31a58b08d7496b90baf7fc3831ccf13

SHA1
984f78a614b69550e17f2979a74bc43a64e49b46

SHA256
842b2389a69386de0394c1988ecac6fcc490eb12128ba68cbaf13e95929a156a

SHA512
401606a69f1e1732a83431ea8e8406790e109bff7bff38748bf56f70c7f5eff8b5dada2f9bda5f392a431b6274fd29847f5e576b1c220b0bd2fba6d2a17ed283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
84c062cbb6bed103b593120681588497

SHA1
f94ec7e91851a5b0dff40c589c3bc7fe3abcd4ff

SHA256
88906becef455de3d0078ea070c081611f62fb4513b9c431bdc39a5663f25894

SHA512
d0853f5b950d6e76ad8a2bc48d19f091237f9a243ac3d86b61f9ec2f1849b31ee5ce75775fc04fe1e10fbead0e457d5f45a94f960849a1a1d9cc567de854f3b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5d3608a272e39a594b786a90fdefca9

SHA1
e7742432ec3ad24a9594f27e9012c801d640b1f8

SHA256
88a000ce54fd6440fcf128f7f77dc5320f8fa7b3988df04ecbb0ece46fb68fc1

SHA512
0da8d9575c77eea60804382775cf4b5953d964ae4196e8b560b8492f451ef99d3c135b83a74dfe253757536afc60aba6163c5d50a535203b2a3c5d6dd4ae919f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4f81d8874859d87da5302fb5b64a3d13

SHA1
a824d6edab44ad5e95515bd05fb66d648add49e6

SHA256
77d5e32570e321b62f73c0a19c02575742e05e8d992a5618aa93ff08bb5f9f14

SHA512
87bbb95ef147247d3695effb75d445436cc52ee13719ac80d84a86d86f1e274bf88de36e343fbd06e4e568555d55da365413fa1dc089b69639b0214de9af3aec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dd295426d0187d2d7996e04872a2dc00

SHA1
1a2d89da1ced54e61082ee571cf5cf675cc89a15

SHA256
ab631927b60efb76fc6ecc24beba93872072772ac76dc9b6d062aa81e1fcb2f4

SHA512
8fdeb14a6cfdd24f558fb8cfc1a7edb24dc8d3ad2894b18ae57fa4232e329c843c6124c3c02b14879572957e69f678b8ff5651c5fbb5e1e92a47cda5bf27a6bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
16e7ce0944de14433cd7a5b1dc2ac222

SHA1
986a88557727283cda08dd1e7f396c4e7d95aacb

SHA256
c22a3763ed10c4d260792615ba08ca061a37de91cd3c16ed34c75083ed8f07c5

SHA512
6ab9de76909a82298107c35f934d707c6510f0e1d7f94a92ee712dfcd5ca72b087455e46058dea8d7a39376594d67bec7f1b7ce2536607d7947a69646bf2f7ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
23c6982028470ef1d415d128282a029a

SHA1
2117d900b3bd86a4a21fa5ad6392251ec9cad7b0

SHA256
e67787b876198f41265253bd8e88eef7be5855c7d537b2a42c82560872761a2e

SHA512
bae33e7087537b482b10c454bd098f2e51ce09a2ff228cfdf883c87d1898c0273ccbc6534d8bcec4e78e4873cff0b625b8ece97cb0d47fc6c2309812075d3fa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a783788e74098956e13230aee4a2cd4c

SHA1
ad7e4954508c34547a14d526bd0db7c7a5b3dea8

SHA256
df389e7334d08b646e0079467e208df2431e2208443f8ed96fb0bae9062826c6

SHA512
392d24deb6d822172bedf4b32c43643fa5da9df34394c0265ed869363baaa78ca26b57b83f1e1872c4b9b63ab2363f2941724c92ddb60eda6606aee38d6eda32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1e35625f5def9973be012cce0a7932c6

SHA1
1b1ed3d07de71df70f77d4beb1b43a713fd0a3f4

SHA256
55d23d5258829c2b1c8ee6a7ee3b4848bd82094f42aab75442cc008b64d1c3df

SHA512
63b2230f66ded5f566d842b42f68296f17eb8476fd139c52d73c04b30d48fee3edaa1b09c556d840613d95205c588f9a2edf43a96b3d7c896fba748275a44439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b8656e6c297691ad6c5acf46ab3ddeb5

SHA1
89d85cdf357730c2caed313259fa3d21c81395e3

SHA256
c4fbb12f0257d54a56424c6827be630fe459be3d90583c2c28585cbe38de457e

SHA512
208009809e31c322d12b6117384e3db170a3f7f324bc196ebfb478648c96bd5f3602980c4583691d94d556da0ed13ce847809369f55d1eec7d045638a19cc246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
abc8642045b846190ce0037692ddf40f

SHA1
38adc19d90049117704d44802a699385293fdf99

SHA256
e81660ccbb6942efea52564f16828b7a2feb33e8826decba22734dc916f34782

SHA512
2cc3b1de91fa8bce4b10665d4eb724c919a5830365cefe4c4283e69c7a3ca0bf9b325ae612bf72ee74479e57826067e6cb71ce4889b868b6d9444136e1634100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
89b2c64137745c888d6ad76fc5c27409

SHA1
5a6576b29ee3122e85435950aad8da0a40c78a38

SHA256
bb0bf0b10f02bf4289a25fbc8e0fa0dae43e600644efeb3d38b5ace8ec064c30

SHA512
6039f11ef6dc3937c95834185e0530daa6b9c51b3ec5d41b729b7bf1dd47f6e57be4c66214b54956781e15b23b27b8797211fbc8ad1b63b6e4b127add5dc432e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
599749c7313130100c892f946b7fdc57

SHA1
cf01ad90d77862f5ecf4544b50ac213a9a90ec0a

SHA256
c01ae297dc6b47e4cc2e1f6ba7de4ad2dd5506d9192ed7d36719d972482c9977

SHA512
4606d44b2364ea36eb98b8635b87cf48477ca8bd4226ed1de9df6ad3aa1f65e4899b7650803b5b00099385bc5d32317246a3351973f7ed057d35fa69fa9135ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3cabf1c1ed0e85243117b6a14c7e6c0c

SHA1
3855065c33c95d1b8e3601858c4e68319d206e7c

SHA256
bff830b5e912b75eee0b9eaca9fb63e7f74504ce26b47f34cebbcdb0273b70c3

SHA512
df05055cc0065113ff5e68914054ac940af7d023a92117dcc3f89a97402d4edabb07219e1c60ab2e711b0e8b0999286e3f2826f68c15f0814aa4abf287789dfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4f06b88432ec1137e3e2ab03c614d7f7

SHA1
6434c0e7904b7b894807ea8abd58004775270cd0

SHA256
93dd137b860956acf1c8c7524806f0fa4172d57aef7759d36594ad8781093664

SHA512
e90fb063dc275bdfdce50939aded27304e4be9d448f625cd4d32b997e06c121221f80a2340fbbfec3e57a892bdc4c609e7848a148d40b8242f74bf2a30db2f9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6c1accf3874a0d493c1bdcc68edaeb61

SHA1
ca82c2b229fdcfc3a58d45bc5005f2cd94b320b3

SHA256
9323bdf801c1db2101150ea36bdb192e6013297a53f8e12c29d60df12761335e

SHA512
b75912a9b91d1e519d0d0bcc0aeb9ffcb7eec07c6823a0b34a726a9fcdfd5ffd444fbd67b7953394f437b00174a8ba39b5c1a84045907f4ae575fabd672db16f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4fef191b08cbe9fc37adc7d9ee8f6d44

SHA1
3bb7b8e7ed33b0e86a410aee27ffcd5d0f134a95

SHA256
82e2d924130eaf4d6303368fd9b0c55e356b67f0563c18e8d95b38bf0da7ffc1

SHA512
30e2534a04a9687cd5c12be619989905ae76922ed954db2ccaeacb82f8ecc627f2c82abb2f11517f5616e16ee6f412b6370af14103f337b756ac75c0c20a8f11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c0ff3e31368b9ce79e88696c7eebeb06

SHA1
a067bcc7c7b323f84de9ba69640391703444bf1e

SHA256
52f2c40d7d0350100e9dcc9827b9d73d9a59d2a73276bbc3e3a1f35b96352f7c

SHA512
adc8eaf1786b69a26b53258549a2c654c1652d780d0623e14458a5f4f3aae80818897c15115198597b011e5b1ceae2925e980e5de09048070acb8afbe042dc42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0233b36670bd3367d47bce94f1e6b209

SHA1
36d4103205349ba82fd5ccb68f4695cd8079b375

SHA256
5c7c9c8dffaf5e43fc33a811cd8c4e237560bfd7c3f6b9938cff5785cad5e534

SHA512
54f3ae03c5d6dac8835675d7df20c601c14be590d1688909aeb6626ffeba59176aaa994fa9bbf24044406ed26c99ef12b809adc2f729a6a5efee282f848907a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bddde23c-98b4-4b5d-9a34-1d3486e76f26.tmp

Filesize
10KB

MD5
350c52749426b00a213090d3224d8ee7

SHA1
2bc20a6e102043856cd2c22caae33270ece6fe0a

SHA256
65cd2c33d661cde526d13731575835138432b661b589ce27ec920f835c3eb0be

SHA512
bd488c9200d71826f08528fad8a582afc089d682e18454b258f15b4705c4ab776c54bfa8909fed8723cca9f49273a33278980e39ad7ed748191fd12571a0b64e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
91861700063f8a5f6142c960e142f957

SHA1
3ac796d4e4ad83a510fa9614596447c82d94f784

SHA256
6c273d0afb032afa3ede1dd3302c2172a5cd089ced5bac56a9e284ff2a36748f

SHA512
89b44f8a3fce08f814d8d034352300b7f32ac45a0b2a0b0bdd3d1c9ed9433c00785954be9f9c1ec485897120ac93d1fc5ed58ba31f439aaed173485c23b1e260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
057934d99d80045c0ccc437ffc107ff4

SHA1
b789be2b7414315202c36602e7c8c272fe7beb77

SHA256
e6278d3bf4281510889f1838b1747f357c77e05c887dc0208201e0db3a5a0fca

SHA512
8dd1bab37a8b6a2c38788adbb4be5d897809e198d96e6add1e3463f0f3f8a37330aacef008b95902a5b1de644d1136a5790108a69fc55e3393106b87e6ad69bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
e79b2c3efaa568e822494b260cf2fd3e

SHA1
0f61f06b334d2f43245f6f6085f7a002f6f13d46

SHA256
696d01dcd124a7997841208c6bece7e9bf529b37e04d4608e255e6f3d1044230

SHA512
3abd3c0674a939244b2e4301b0eb6bd4194c43019ee22e8d2e3907b009b7a274e3f080b58f80f15781a8f3018b396c0426e5f9ef37fa85f40f6eacc0dd625b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
91a23a526bb956132732c175ad23d918

SHA1
1e0e0f70e0587007a7489fbd040ef18a722869ae

SHA256
051d3d777dc208c9723cdf7efe69f84aed8d7cac0454ef763ccebec8a18eb12e

SHA512
d015cd271307ad79540ec0293b3e68135e7134f6402be73fb423eecc31e15b4a62978cf36b2cfd2b1a09b171d676f4aadf8c29e4f518c0c85390732e1228d1db

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4316_1972344980\319f34a8-7513-4fd0-8a02-e7ac3897f365.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4316_1972344980\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
7.2MB

MD5
2a39b191557fe027454094fcb79e4c9f

SHA1
a8c2d42f149ec3d8b8ab2fb38e7b1bac786ca8da

SHA256
1cfa38c4091921ff9231b90989c616f9d73bf8f328a263e9e1621a42b1053201

SHA512
77df1c00cadf139dd4f791555abd927d16ddcc5e696a7760ef5a2901f277997f23b2334fd8b2b50c573567139b3f653afb7a8beef089084e2db7fe4fa10ccafb

Download Submit
C:\Windows\Installer\MSIB3EE.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSIB41F.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSIBD0A.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
memory/112-5220-0x00000198306B0000-0x00000198306B8000-memory.dmp

Filesize
32KB

Download
memory/112-5218-0x0000019830150000-0x0000019830160000-memory.dmp

Filesize
64KB

Download
memory/112-5222-0x00000198344D0000-0x0000019834508000-memory.dmp

Filesize
224KB

Download
memory/112-5223-0x00000198344A0000-0x00000198344AE000-memory.dmp

Filesize
56KB

Download
memory/112-5219-0x0000019830610000-0x00000198306A0000-memory.dmp

Filesize
576KB

Download
memory/2584-5006-0x00007FFF75E50000-0x00007FFF75E80000-memory.dmp

Filesize
192KB

Download
memory/2584-5008-0x00007FFF75E50000-0x00007FFF75E80000-memory.dmp

Filesize
192KB

Download
memory/2584-4998-0x00007FFF77DD0000-0x00007FFF77DE0000-memory.dmp

Filesize
64KB

Download
memory/2584-5011-0x00007FFF772A0000-0x00007FFF772AE000-memory.dmp

Filesize
56KB

Download
memory/2584-4984-0x00007FFF780A0000-0x00007FFF780B0000-memory.dmp

Filesize
64KB

Download
memory/2584-5012-0x00007FFF772A0000-0x00007FFF772AE000-memory.dmp

Filesize
56KB

Download
memory/2584-5009-0x00007FFF771F0000-0x00007FFF77200000-memory.dmp

Filesize
64KB

Download
memory/2584-4997-0x00007FFF77DD0000-0x00007FFF77DE0000-memory.dmp

Filesize
64KB

Download
memory/2584-4988-0x00007FFF780F0000-0x00007FFF78120000-memory.dmp

Filesize
192KB

Download
memory/2584-4990-0x00007FFF78180000-0x00007FFF78185000-memory.dmp

Filesize
20KB

Download
memory/2584-4987-0x00007FFF780F0000-0x00007FFF78120000-memory.dmp

Filesize
192KB

Download
memory/2584-5004-0x00007FFF75E50000-0x00007FFF75E80000-memory.dmp

Filesize
192KB

Download
memory/2584-5013-0x00007FFF772A0000-0x00007FFF772AE000-memory.dmp

Filesize
56KB

Download
memory/2584-5007-0x00007FFF75E50000-0x00007FFF75E80000-memory.dmp

Filesize
192KB

Download
memory/2584-5005-0x00007FFF75E50000-0x00007FFF75E80000-memory.dmp

Filesize
192KB

Download
memory/2584-5010-0x00007FFF771F0000-0x00007FFF77200000-memory.dmp

Filesize
64KB

Download
memory/2584-5016-0x00007FFF77AD0000-0x00007FFF77AE0000-memory.dmp

Filesize
64KB

Download
memory/2584-5014-0x00007FFF772A0000-0x00007FFF772AE000-memory.dmp

Filesize
56KB

Download
memory/2584-4981-0x00007FFF77F90000-0x00007FFF77FA0000-memory.dmp

Filesize
64KB

Download
memory/2584-4989-0x00007FFF780F0000-0x00007FFF78120000-memory.dmp

Filesize
192KB

Download
memory/2584-4982-0x00007FFF77F90000-0x00007FFF77FA0000-memory.dmp

Filesize
64KB

Download
memory/2584-4983-0x00007FFF780A0000-0x00007FFF780B0000-memory.dmp

Filesize
64KB

Download
memory/2584-4985-0x00007FFF780F0000-0x00007FFF78120000-memory.dmp

Filesize
192KB

Download
memory/2584-4986-0x00007FFF780F0000-0x00007FFF78120000-memory.dmp

Filesize
192KB

Download
memory/2584-4991-0x00007FFF77D20000-0x00007FFF77D30000-memory.dmp

Filesize
64KB

Download
memory/2584-4992-0x00007FFF77D20000-0x00007FFF77D30000-memory.dmp

Filesize
64KB

Download
memory/2584-4993-0x00007FFF77DB0000-0x00007FFF77DC0000-memory.dmp

Filesize
64KB

Download
memory/2584-4994-0x00007FFF77DB0000-0x00007FFF77DC0000-memory.dmp

Filesize
64KB

Download
memory/2584-4995-0x00007FFF77DD0000-0x00007FFF77DE0000-memory.dmp

Filesize
64KB

Download
memory/2584-4996-0x00007FFF77DD0000-0x00007FFF77DE0000-memory.dmp

Filesize
64KB

Download
memory/2584-4999-0x00007FFF77DD0000-0x00007FFF77DE0000-memory.dmp

Filesize
64KB

Download
memory/2584-5003-0x00007FFF75CE0000-0x00007FFF75CF0000-memory.dmp

Filesize
64KB

Download
memory/2584-5002-0x00007FFF75CE0000-0x00007FFF75CF0000-memory.dmp

Filesize
64KB

Download
memory/2584-5000-0x00007FFF75BD0000-0x00007FFF75BE0000-memory.dmp

Filesize
64KB

Download
memory/2584-5001-0x00007FFF75BD0000-0x00007FFF75BE0000-memory.dmp

Filesize
64KB

Download
memory/4508-1-0x000001F6BA1A0000-0x000001F6BA26E000-memory.dmp

Filesize
824KB

Download
memory/4508-3273-0x00007FFF59F70000-0x00007FFF5AA31000-memory.dmp

Filesize
10.8MB

Download
memory/4508-2-0x00007FFF59F70000-0x00007FFF5AA31000-memory.dmp

Filesize
10.8MB

Download
memory/4508-0-0x00007FFF59F73000-0x00007FFF59F75000-memory.dmp

Filesize
8KB

Download
memory/4508-29-0x00007FFF59F70000-0x00007FFF5AA31000-memory.dmp

Filesize
10.8MB

Download
memory/4508-2846-0x000001F6D4A70000-0x000001F6D4A7A000-memory.dmp

Filesize
40KB

Download
memory/4508-2848-0x000001F6D6BC0000-0x000001F6D6BD2000-memory.dmp

Filesize
72KB

Download
memory/4508-4-0x000001F6D49F0000-0x000001F6D4A12000-memory.dmp

Filesize
136KB

Download
memory/5012-4812-0x0000000074150000-0x0000000074360000-memory.dmp

Filesize
2.1MB

Download
memory/5012-4976-0x0000000000D70000-0x0000000000DA5000-memory.dmp

Filesize
212KB

Download
memory/5012-4768-0x0000000074150000-0x0000000074360000-memory.dmp

Filesize
2.1MB

Download
memory/5012-4767-0x0000000000D70000-0x0000000000DA5000-memory.dmp

Filesize
212KB

Download
memory/5420-3274-0x0000028880080000-0x000002888013A000-memory.dmp

Filesize
744KB

Download
memory/5420-3276-0x0000028880140000-0x00000288801F2000-memory.dmp

Filesize
712KB

Download
memory/5420-3269-0x0000028865BD0000-0x0000028865BF4000-memory.dmp

Filesize
144KB

Download
memory/5420-3271-0x0000028880500000-0x0000028880A3C000-memory.dmp

Filesize
5.2MB

Download
memory/6116-4800-0x000001CE9C4C0000-0x000001CE9C4C1000-memory.dmp

Filesize
4KB

Download
memory/6116-4799-0x000001CE9C4C0000-0x000001CE9C4C1000-memory.dmp

Filesize
4KB

Download
memory/6116-4798-0x000001CE9C4C0000-0x000001CE9C4C1000-memory.dmp

Filesize
4KB

Download
memory/6116-4797-0x000001CE9C4C0000-0x000001CE9C4C1000-memory.dmp

Filesize
4KB

Download
memory/6116-4791-0x000001CE9C4C0000-0x000001CE9C4C1000-memory.dmp

Filesize
4KB

Download
memory/6116-4795-0x000001CE9C4C0000-0x000001CE9C4C1000-memory.dmp

Filesize
4KB

Download
memory/6116-4789-0x000001CE9C4C0000-0x000001CE9C4C1000-memory.dmp

Filesize
4KB

Download
memory/6116-4790-0x000001CE9C4C0000-0x000001CE9C4C1000-memory.dmp

Filesize
4KB

Download
memory/6116-4796-0x000001CE9C4C0000-0x000001CE9C4C1000-memory.dmp

Filesize
4KB

Download
memory/6116-4801-0x000001CE9C4C0000-0x000001CE9C4C1000-memory.dmp

Filesize
4KB

Download