f7959230c8c9c023c165ff4f0ca3b26baa4969277ebe45dcbdb73bed1d947565

Analysis

max time kernel
1491s
max time network
1452s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
30-04-2024 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Гуляя по долине теней смерти reverb.wav
Size

1.2MB
MD5

a78786bb94881c48d043b5f004bcf975
SHA1

877f52f42f9a33ce1c0b9175303e75e6573165ab
SHA256

f7959230c8c9c023c165ff4f0ca3b26baa4969277ebe45dcbdb73bed1d947565
SHA512

1e3e6884ed6cdcc7e232b7232cd99641a0a4579363102e576149c5d9cb9d913a45f39055daa96114b5d4778f78aed10b3f5954208735b6d3a4699a4f667aaa86
SSDEEP

12288:KReV5xUD0XKA4x+hDqH3VKdMwy4vR5VJ5Z+nG26jEHD760naUu3g5RwohybPxGsw:VPWXQLyej+nnKWDNaUjRwZEwkXfnN

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
1148	winrar-x64-701b1.exe
4660	winrar-x64-701b1.exe
8	winrar-x64-701b1 (1).exe
3148	winrar-x64-700.exe
5796	Solara.exe
6120	Solara.exe

Loads dropped DLL 10 IoCs

pid	Process
5796	Solara.exe
5796	Solara.exe
5796	Solara.exe
5796	Solara.exe
5796	Solara.exe
5796	Solara.exe
5796	Solara.exe
5796	Solara.exe
6120	Solara.exe
6120	Solara.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
169	raw.githubusercontent.com
178	raw.githubusercontent.com
207	raw.githubusercontent.com

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\eventvwr.msc	mmc.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe

Checks processor information in registry 2 TTPs 25 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\MRUListEx = ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 8c0031000000000093581c54110050524f4752417e310000740009000400efbec552596193581c542e0000003f0000000000010000000000000000004a000000000040468900500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Applications	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 19002f433a5c000000000000000000000000000000000000000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings	Taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe

NTFS ADS 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 786829.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701b1.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 784144.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701b1 (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 461198.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-700.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SolaraBETA.rar_pass_123.zip:Zone.Identifier	msedge.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
720	NOTEPAD.EXE
6036	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3400	Winword.exe
3400	Winword.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
1052	msedge.exe
1052	msedge.exe
3292	msedge.exe
3292	msedge.exe
2100	identity_helper.exe
2100	identity_helper.exe
5000	msedge.exe
5000	msedge.exe
3104	msedge.exe
3104	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2700	msedge.exe
2700	msedge.exe
2672	msedge.exe
2672	msedge.exe
3064	msedge.exe
3064	msedge.exe
5484	msedgewebview2.exe
5484	msedgewebview2.exe
6844	msedgewebview2.exe
6844	msedgewebview2.exe
5796	Solara.exe
5796	Solara.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 11 IoCs

pid	Process
2732	OpenWith.exe
4752	OpenWith.exe
1360	OpenWith.exe
1352	OpenWith.exe
4072	OpenWith.exe
1696	firefox.exe
5496	7zFM.exe
5264	Taskmgr.exe
6008	mmc.exe
6180	Taskmgr.exe
7120	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 37 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
5160	msedgewebview2.exe
1492	msedgewebview2.exe
4704	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4400	unregmp2.exe
Token: SeCreatePagefilePrivilege	4400	unregmp2.exe
Token: SeRestorePrivilege	4988	7z.exe
Token: 35	4988	7z.exe
Token: SeRestorePrivilege	2016	7z.exe
Token: 35	2016	7z.exe
Token: SeRestorePrivilege	4800	7z.exe
Token: 35	4800	7z.exe
Token: SeRestorePrivilege	4216	7z.exe
Token: 35	4216	7z.exe
Token: SeRestorePrivilege	2700	7z.exe
Token: 35	2700	7z.exe
Token: SeRestorePrivilege	4112	7z.exe
Token: 35	4112	7z.exe
Token: SeRestorePrivilege	4880	7z.exe
Token: 35	4880	7z.exe
Token: SeRestorePrivilege	872	7z.exe
Token: 35	872	7z.exe
Token: SeRestorePrivilege	1184	7z.exe
Token: 35	1184	7z.exe
Token: SeRestorePrivilege	1352	7z.exe
Token: 35	1352	7z.exe
Token: SeRestorePrivilege	5100	7z.exe
Token: 35	5100	7z.exe
Token: SeRestorePrivilege	1272	7z.exe
Token: 35	1272	7z.exe
Token: SeRestorePrivilege	2220	7z.exe
Token: 35	2220	7z.exe
Token: SeRestorePrivilege	2552	7z.exe
Token: 35	2552	7z.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe
Token: SeDebugPrivilege	1696	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe
5264	Taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe
4752	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 4280	3452	wmplayer.exe	80
PID 3452 wrote to memory of 4280	3452	wmplayer.exe	80
PID 3452 wrote to memory of 4280	3452	wmplayer.exe	80
PID 3452 wrote to memory of 3568	3452	wmplayer.exe	81
PID 3452 wrote to memory of 3568	3452	wmplayer.exe	81
PID 3452 wrote to memory of 3568	3452	wmplayer.exe	81
PID 3568 wrote to memory of 4400	3568	unregmp2.exe	82
PID 3568 wrote to memory of 4400	3568	unregmp2.exe	82
PID 4704 wrote to memory of 3480	4704	msedge.exe	87
PID 4704 wrote to memory of 3480	4704	msedge.exe	87
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 3448	4704	msedge.exe	88
PID 4704 wrote to memory of 1052	4704	msedge.exe	89
PID 4704 wrote to memory of 1052	4704	msedge.exe	89
PID 4704 wrote to memory of 3688	4704	msedge.exe	90
PID 4704 wrote to memory of 3688	4704	msedge.exe	90
PID 4704 wrote to memory of 3688	4704	msedge.exe	90
PID 4704 wrote to memory of 3688	4704	msedge.exe	90
PID 4704 wrote to memory of 3688	4704	msedge.exe	90
PID 4704 wrote to memory of 3688	4704	msedge.exe	90
PID 4704 wrote to memory of 3688	4704	msedge.exe	90
PID 4704 wrote to memory of 3688	4704	msedge.exe	90
PID 4704 wrote to memory of 3688	4704	msedge.exe	90
PID 4704 wrote to memory of 3688	4704	msedge.exe	90
PID 4704 wrote to memory of 3688	4704	msedge.exe	90
PID 4704 wrote to memory of 3688	4704	msedge.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\Гуляя по долине теней смерти reverb.wav"
1⤵
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\Гуляя по долине теней смерти reverb.wav"
  2⤵
  PID:4280
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3568
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaa9e73cb8,0x7ffaa9e73cc8,0x7ffaa9e73cd8
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3832 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1884 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2440 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7248 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7320 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2700
- C:\Users\Admin\Downloads\winrar-x64-701b1.exe
  "C:\Users\Admin\Downloads\winrar-x64-701b1.exe"
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Users\Admin\Downloads\winrar-x64-701b1.exe
  "C:\Users\Admin\Downloads\winrar-x64-701b1.exe"
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7384 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2672
- C:\Users\Admin\Downloads\winrar-x64-701b1 (1).exe
  "C:\Users\Admin\Downloads\winrar-x64-701b1 (1).exe"
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7068 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7552 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3064
- C:\Users\Admin\Downloads\winrar-x64-700.exe
  "C:\Users\Admin\Downloads\winrar-x64-700.exe"
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2920 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1908,15757228743963455718,16330169271150442896,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7668 /prefetch:8
  2⤵
  PID:6496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2344

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3116

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2732
- C:\Program Files\7-Zip\7z.exe
  "C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_SolaraBETA.rar_pass_123.zip\SolaraBETA.rar"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4988

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_SolaraBETA.rar_pass_123.zip\SolaraBETA.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2016

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_SolaraBETA.rar_pass_123.zip\SolaraBETA.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4800

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_SolaraBETA.rar_pass_123.zip\SolaraBETA.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4216

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4752

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\SolaraBETA.rar_pass_123.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2700

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\SolaraBETA.rar_pass_123.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4112

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\SolaraBETA.rar_pass_123.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4880

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\SolaraBETA.rar_pass_123.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:872

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Desktop\SolaraBETA.rar_pass_123.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1184

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Desktop\SolaraBETA.rar_pass_123.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1352

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Desktop\SolaraBETA.rar_pass_123.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5100

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Desktop\SolaraBETA.rar_pass_123.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1272

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1280

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:1360

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_SolaraBETA.rar_pass_123.zip\SolaraBETA.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2220

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Desktop\SolaraBETA.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2552

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:1352

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\8ea8b01874dd41a989ddd31a95d736bf /t 2672 /p 1148
1⤵
PID:1812

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\1b6263022621480892934db8b39d97c5 /t 2344 /p 4660
1⤵
PID:1616

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\c6efc26d19c1407dadb44c65234c61ca /t 3976 /p 3148
1⤵
PID:1732

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\56296b7a7c904a8ab1b443076e90af28 /t 2284 /p 8
1⤵
PID:236

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:4072
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\SolaraBETA.rar"
  2⤵
  PID:1572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Desktop\SolaraBETA.rar
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    PID:1696
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fac3e0f7-51e3-4dbd-a333-8fb190162780} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" gpu
      4⤵
      PID:3640
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2364 -prefsLen 26379 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15a1bf99-b6bc-4a36-9cb1-cfe200687ffb} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" socket
      4⤵
      PID:4784
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2712 -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3084 -prefsLen 26520 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10088a1e-e1e8-461e-aa80-3413d67baec3} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
      4⤵
      PID:3044
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3468 -childID 2 -isForBrowser -prefsHandle 3128 -prefMapHandle 3460 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1dc8a87-8aa5-41e9-b7e9-d562692e8003} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
      4⤵
      PID:2696
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4668 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4616 -prefMapHandle 4548 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fc742f7-1543-4b1f-a1a0-79f20910c9b8} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" utility
      4⤵
      Checks processor information in registry
      PID:5656
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 3 -isForBrowser -prefsHandle 5516 -prefMapHandle 5492 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10de35c8-dfa7-47e3-9fed-26af2ac7c401} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
      4⤵
      PID:3472
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5684 -childID 4 -isForBrowser -prefsHandle 5760 -prefMapHandle 5756 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e816aa4-bfa4-4926-9d16-fa8ca1f4057b} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
      4⤵
      PID:4764
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5872 -childID 5 -isForBrowser -prefsHandle 5952 -prefMapHandle 5948 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82a247e0-436c-4f0c-b6bb-ef4151cd3815} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" tab
      4⤵
      PID:1412
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1972 -prefMapHandle 3276 -prefsLen 32422 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab65dc8f-986c-4277-98f8-c95cfeeeb9ed} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" gpu
      4⤵
      PID:6636

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\SolaraBETA.rar"
1⤵
PID:5652
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Desktop\SolaraBETA.rar
  2⤵
  - Checks processor information in registry
  PID:5628

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\SolaraBETA.rar"
1⤵
PID:5708
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Desktop\SolaraBETA.rar
  2⤵
  - Checks processor information in registry
  PID:5688

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" C:\Users\Admin\Desktop\SolaraBETA.rar
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:5496

C:\Users\Admin\Desktop\SolaraBETA\Solara.exe
"C:\Users\Admin\Desktop\SolaraBETA\Solara.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5796
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=5796.1864.3887865327369355870
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:5160
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x130,0x7ffaa9e73cb8,0x7ffaa9e73cc8,0x7ffaa9e73cd8
    3⤵
    PID:5884
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1984,5952659226849201552,14774802072465660000,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:5512
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,5952659226849201552,14774802072465660000,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2496 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5484
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,5952659226849201552,14774802072465660000,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2972 /prefetch:8
    3⤵
    PID:5236
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1984,5952659226849201552,14774802072465660000,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
    3⤵
    PID:5800
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1984,5952659226849201552,14774802072465660000,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4480 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1500

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:728

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\TraceSuspend.bat" "
1⤵
PID:5824

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\TraceSuspend.bat" "
1⤵
PID:6712

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\TraceSuspend.bat" "
1⤵
PID:6820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\TraceSuspend.bat" C:\Users\Admin\Desktop\SolaraBETA\Solara.exe"
1⤵
PID:6876

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\TraceSuspend.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:720

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6556

C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_90fb210207715818\Taskmgr.exe
"C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_90fb210207715818\Taskmgr.exe"
1⤵
PID:5312

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\SysWOW64\Taskmgr.exe"
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:5264

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
PID:5128

C:\Users\Admin\Desktop\SolaraBETA\Solara.exe
"C:\Users\Admin\Desktop\SolaraBETA\Solara.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6120
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=6120.4840.2284034568661581026
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:1492
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x118,0x7ffaa9e73cb8,0x7ffaa9e73cc8,0x7ffaa9e73cd8
    3⤵
    PID:6984
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1824,7921176425281502998,2494924156862772090,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1852 /prefetch:2
    3⤵
    PID:6464
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,7921176425281502998,2494924156862772090,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2292 /prefetch:3
    3⤵
    PID:1192
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1824,7921176425281502998,2494924156862772090,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2672 /prefetch:8
    3⤵
    PID:2848
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1824,7921176425281502998,2494924156862772090,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
    3⤵
    PID:5216
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1824,7921176425281502998,2494924156862772090,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2636 /prefetch:8
    3⤵
    PID:5312
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1824,7921176425281502998,2494924156862772090,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2996 /prefetch:8
    3⤵
    PID:7056
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1824,7921176425281502998,2494924156862772090,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4844 /prefetch:8
    3⤵
    PID:6416
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1824,7921176425281502998,2494924156862772090,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4872 /prefetch:2
    3⤵
    PID:6180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=3jpiwn.exe 3jpiwn"
1⤵
PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaa9e73cb8,0x7ffaa9e73cc8,0x7ffaa9e73cd8
  2⤵
  PID:5620

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
PID:356

C:\Windows\system32\eventvwr.exe
"C:\Windows\system32\eventvwr.exe"
1⤵
PID:4812
- C:\Windows\system32\mmc.exe
  "C:\Windows\system32\mmc.exe" "C:\Windows\system32\eventvwr.msc"
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: GetForegroundWindowSpam
  PID:6008

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\SysWOW64\Taskmgr.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
PID:6180

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
PID:3360

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:7120
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\Login Data"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  PID:3400

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\Login Data.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:6036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5710c39b3d1cd6dd0e5d30fbe1146d6

SHA1
bf018f8a3e87605bfeca89d5a71776bfc8de0b47

SHA256
770d04df1484883a18accb258ecfa407d328c32c0ccbd8866c1203c5dfb4981f

SHA512
0f868e4ce284984662d8f0ff6e76f1a53e074a7223122a75efa7bb90d0204bc59bee4b36c215d219a03707c642e13f5efce0c3c57f46659a0cb1e7fd2f4d3cf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8d5e555f6429eb64461265a024abf016

SHA1
05a5dca6408d473d82fe45ebc8e4843653ad55af

SHA256
0344fd65882ba51695a10e1312e65f08d58afca83771c9d545e181829d6b5ed1

SHA512
be5edfdcda1ba0db9fbab48ee1b643f1b03821e24048892d18033094fec14171035179e987a08dd91a1c25d91d9256837a4105f6765afd225a868f3e95050b8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
37KB

MD5
47cd0f9ecdb7f3ce3c16db7abc2f46d5

SHA1
307c836095a2a73635133ba3c0a7753c5851cddd

SHA256
8b3342a18aaa96aa2eb22adb9011a32ffd0b23a1760350bd89811c17fe003f46

SHA512
9d5caaeaa31c3626c8f8a02ecf108f1fb53a82a930a17352a2fb06bf16915b4b27435af09fd7e0921b80cf66355299ab23f9c96b8443d2f29e6649cc575ea895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
798e76073abe579251a34ee1dacf9b3e

SHA1
7e9294eec6545c8e1bbdb7849a73820cdca2fbd2

SHA256
8657f6d3867c20699a230df7939c02ca5fe065db2efcfecf5d8d864ca4873666

SHA512
cf5d69395e47fd4da4de0019a77162736c38f88ef0dd803d114388fbfb139a66083f51bbedd8ab205ab5d41f8464a685f4e0f6b5d3a13f7b91cbb211de14c7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
74KB

MD5
bc9faa8bb6aae687766b2db2e055a494

SHA1
34b2395d1b6908afcd60f92cdd8e7153939191e4

SHA256
4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

SHA512
621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
f43e1d07770ccb5f1506f3e0119f4572

SHA1
c5862365ef021db149c9fd00db9586c924138a02

SHA256
9e874631f780de08fb1de832b8ff34cbf1724ec8e74ad00f28ce420dcaad776e

SHA512
f072b8c0d108302768cb3385aecddc56a87267cb84528bff64cfa5dc470b0fbabba6870fc3efb64c611ad230d615f0fece70ce7cfa9fc4814b318fff2283bb1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0b0642232c5e45ad_0

Filesize
1KB

MD5
b75130ece8e8cfff261706abb4325cc1

SHA1
07ad6c9b817f8b0f825375ab18b2a532e448b7f1

SHA256
abca00f091a349fe1b92f052e90b245e1ab1281bb07b76df8e5beba7ea561f46

SHA512
17bdb803f7fae87298322fc99b2552c34f109bd11dc7a9cbb0f3cb88d8da1c34ff538d281bc34f1fad72e52b372486b9592a610349fde998645b981d02246d9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
d9e6bce2e24b3ab87afad933c34de9f1

SHA1
34f98a090742f9f50715d2e35a22c125030cd269

SHA256
660e91dd7b4ba5b761bdcc8b464d9541de7fad68c666d99eb3cff68221c49611

SHA512
f185fa76c89db5b33a1bf9dc8d4c1aae836d49bdb520478973e736bbd34f72864a4983393a69c22334d2a936a459cf2a1ca9802f2f5f9829abf526dd4617e5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0

Filesize
3KB

MD5
d34d9c6997cb716e1f9a50982f37b50c

SHA1
74df627e0d9da4db7d735d68141f0ff22904c243

SHA256
61638a5d65edc6ce79a8573a2419498b181e8a7ce367189c4e3464cc105e393e

SHA512
60a78ca9b8905548267fd7b35bbd5101469036914f34f8d7611115afaabb41cc3be514b348dfa142e6b98efc0f4fb3483cbceacf6a1b80c46f61ba990a5ba175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
4a96c1fb4fc8c52851e66bd28546de40

SHA1
f5ba491b0723bea6c2e236ba64234a1bbcc5f55b

SHA256
6208c0d7c958276498788d68a9b174976573c32e8b08338c0e3083403036f8a4

SHA512
2b7506d09a356feb2382f58ffb6a855804a65ab596e0bd10a64cca12ad2af1f347eb609a3f01a79b265de7ccd75b1f0e0ace513c8e668111913c243095830957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295f5e2112efe00a_0

Filesize
5KB

MD5
a1cbbf31851ca64e30b8dc3ff7a83406

SHA1
869a2b02f6f449432cc17313f055ff311750e9e9

SHA256
41a92cb304723ab51f2e13581000406606c4ae79dc4816892525003cafa0c3f1

SHA512
1ab74d408f7902fc0b418ec8b7d5884c66665a878859d0acbd8f2c6acf4721d1fcb24e637e319fdab1765ef9fc0b6211f36968535c7e1cbc7997496647ca1e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
d8ebd5681164f6b231b000a2b4c2bb8a

SHA1
0b6a58b394d3c001a40ffc81de68e9a39f065c61

SHA256
6500c9b9ce50eec286b97b64a92da230cd0f6f19119df004568c72c75cf79c5b

SHA512
28616ec984761338a99051f115e5f8c5383c31023e7c7496b53c8debd8921049dbe5cd7643426d4bfd0aeac1197e7a692a54c430e5551228f66aafa937403860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
b22f6ac54a4a534be53e7875c95a92c5

SHA1
0de7769edbb5861512f05bc7cf95adfd9f532bf9

SHA256
a85ed6b0fdf431aa4998de0468c652302ab761b5252f2dc6f62c46954f6226c3

SHA512
7914acbc3602da2c0e297b0f9a161bca6c42f3a97464fd78319383534b8a1aa1865c8135962b5f2288bf48932d45416b7b7b62242998c8733f5c2ac7c4f12e83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
6KB

MD5
281bb83efe79ee4794adbfa4c821eaa7

SHA1
35b046773cbf46522206aca84ae3cfb2160ba47c

SHA256
83dbb45d6e76615a3d6b1b2170364c81508941bfeadd9111e10cf385a6cd21ae

SHA512
97cb5f038465d2836058883cecf7239e8358fbb1358d0276b1540408aae96c616a60c533daba73b6390ddbfc15f868525aca423b03bbb90641c473739544993d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
c7afb911db2a5552d8829b97b7b50788

SHA1
665eab2ddafd482341904dec737366ad23a6ea7b

SHA256
d58e490d7ebe5fc34d9bf13e4f96891996f0d8f7b5c0e3686f9a7ec5951d4cdb

SHA512
7383fb5ae42f70b5cdeff45076dc9b5b06a9a170834eb2c345da36627f6a9021c0b85d205104d419da65f4ba2be4b9f0da0e0c0404afa605e1ef81d8c42c9ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
dfab53f6e2778692fb6e11d5cdf049f3

SHA1
265fef78f7289a2d1c91f749daa36dc032e7c9db

SHA256
b4310c8037c092eb26577978b370bf838d3a01d56073627a23002e1500317310

SHA512
5159293c528e8ec5c6cd077ccf1bd8ad84ab8572de99e0809069170e5f10618bbe3fde75027cebff8f5beff6a45a6da292923505e4188ad8791a032bddfe8985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ade1e231c05cc17d_0

Filesize
20KB

MD5
878c26c794e06579e7ebfa52c1dab8f5

SHA1
20a59d14c758f8eb0fb8f3140dbcc603168665c2

SHA256
22e1253add73d3ea18ea9abdcc8453de7f5fcd25b99578b0ce7f3564f65673dd

SHA512
629a86284ee5ce191d18871b1aa7e4ab76a68530031c5b3f764cbe8376171cc02ba71e8646255af6ccc112384d1e6eef45a33ec6d812a9d5e04d089b48ca11fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

Filesize
2KB

MD5
a4db9441b06e19e06b1543778c2d1bc1

SHA1
95e56e29b8be78d172ca583904de6d9f3e328004

SHA256
d44ca28ec593ce2c2edc4e58b53e2921b36d29bd2a5ec4f6e13fad9f37426413

SHA512
e470cca49b0b7a3d1eef05285fce708aaafffdd8d70cd7ea32f3e589c610e751a0561e213f0f2f15ccf9d826b10c41651b806a3809089daaf7241af8a1bd20cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0

Filesize
2KB

MD5
03d251261a3c3acd28eb061589614220

SHA1
4b4ca853bd96e637892caba3e7a429005885a420

SHA256
00773fca202baac4d8e0ebf0c93dd001ed8364204a3367b4581ddefb13716ac5

SHA512
a0478f3cd5f3c7670a7eed741e29982bf7bd2435bde6d4d6f8d0f1ed7707f55f4e69e5331097b03917948300051af992f83b2475e7c47e944a17383133594a45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
2KB

MD5
bd6b0a7aeafca9e34fb0e1b0baf91a37

SHA1
8dac1dea947dd9effa8bdaf8198eb9a4178a2568

SHA256
f5addbb26a5ca559f2fcc4f101f16eb885d37fddae1ab9fa1f825765fc4e6cf0

SHA512
e92c0cc0a720c195bd2d9f2fe32931b443eb33052199861204624e8191784b33b924862b52ed4acd63d4003b763304edaba14813eea831ef157c7fcc8a24e00c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
ee1bbcd93e33847ab94d638cb2b6a62d

SHA1
28a1f51a7e3e720008230a64cef4464d604bb489

SHA256
b7749b720c7ae1f22319be2a8443c715f92c038be9bc17912e111f4e1cf4d3af

SHA512
1cf683665fbf9c897a8aa539bf3855f9a9d3443458b8dc977faaff00526e37610df79f236529acfef5a871985e76cc60e89cacc5adc06ed66d6c265d2ead2133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ed26cd2dcd561670_0

Filesize
3KB

MD5
aa53c1bddd0be55d541361902b7e05d2

SHA1
888560d74d3ce0aa7f109f49616d2168b8527ccc

SHA256
6d590dee096571f983ea389620333be89ceea42f8112abbaa107f60e04e5e168

SHA512
53b3c293c8bf03fd0a43652c221b84e090cf4ee719b1eff22fdd94bd57c15d3db16c02f1b57a8ef615558237c9a81e75059192be9a775f1eed510b43fd5a8d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
2768e5639f1c2c612900fdd8a4113a39

SHA1
daa53b3938a5e402c963991e29b9256a3888f3ef

SHA256
11a8549f78fd756452ee6edfc4f601e876aff8c163ed28986d46d562df4664d5

SHA512
f1bc055db884f9b018587c57afc19090383dab4c71bea6c7efbb092493205d4e5430247e592cf7a709cf3949d0bb8dee28feb926617c59b840a1215eebcb7363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
75e432843f09b71f92c6610491f92eb1

SHA1
4d7dca8710a539d9caa0d44e95bff3e26deea034

SHA256
4ac9f0fc1728e396ecc823c7d797ff646339e385d88ecab26a80c562c192f376

SHA512
7fb099be20b8e11dda1b6229ec8f76b9bfc6237518ba29bdedc055ef7329cb8084df7e824e64e9f04c5ac11eb4b8ed5967a8ce0d45e42b3b52701e233e3c516a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2a69124902f1828f05515fba22c7afce

SHA1
b95718ebfd5eea620211ee62d99464b15d9719cd

SHA256
bfde566d8784d937b3723c8f1a27817ccd236d9c52ef7d663501fee8657ad591

SHA512
5a5ccd6d869bb73c7e18373c39e1e783d71dffc706cfe19d539afe38145d31a8f15fe4b8a9a664d1345ac6286ea643e80fe22a113aad6d9c90d3d84b51defd93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
31efe8f7c591f8754b09a5087694a174

SHA1
2eb8992e505d4c1a59331a093e93b75e632d2eea

SHA256
3d88a900c2f2c32ad8391e519a1a82dc3dbf7662f3723fa76737cf70a7a1892a

SHA512
ac0c75c1a048037fd3498ae382443e6a7a1796e3366769f9e32b9e7e3508b2fc0500554fbf1b20957d011ad0e67ef0dbea482af5583a0c4ae5cb4796a7756b87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4dd3b2d42bae1a18bf5fd5ddd7ca39c7

SHA1
536104afe3233ba971f309c6d836b235ce4bdd43

SHA256
323496ae155637c86538736ae169f485656ab462e7027206aacab2b4a9e786c1

SHA512
63adf5104ed811f605634715cf0ff8d8f0c1cee4e5a1e9a5f23180839b5884406a6358d9439d9500be75cfee5666ca091b1f419b769702e7518d97894d855e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1329237888e0448c5602255cfbaeb875

SHA1
050303ad946e2a5a8fecc7ff0519bc94b15480ea

SHA256
c05ac9ff27c0a00f522449f29b317f59d3b1141e724dcd2aff15e7a6f9caed63

SHA512
704d5e8e92bb09f2225d32648230a15aae3ea4f2e55ff6c2cc553278bae7f59fdc1eeb23fb189bdec61ab8be6dc6acddcde7b6e4d723bc9a1c68644e2223fc95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
508e13d422f47accbda6370f72e4320b

SHA1
4588f4c2152de2fc089684a2f23a6066c41fc97d

SHA256
251ddf140755401e76c2bd2dddfa68007d8fb238ace5ecfd4a66a134aba59fb3

SHA512
f362daf5edade52357062d27b250d67d19131687ddf16544d4a703dd73e908d7c65484bc71c7dffa176b504fd6205e8f07f4db16c74b0bc8308681d94cf20d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
eeffa2f6a09e6d3b0d87c394fb32bf57

SHA1
761913ed96c8816014986d5d4eda810e2a4f3c72

SHA256
105cee91761d6d2f65dc9d6a8b14a989fcc42736f516f85c71ae78e3ae75b63b

SHA512
f235c15eb94293f471ded56fd64d95f5d962a9f1c4c3e5a9482626be58d10a9b69b70670f991035f2249b90ea9c263d15bbbd77f25b9f4f13512446bfebad459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
99ed2bfbd92ffe012ebc68e2b4b612a7

SHA1
f40eb3b267f737929a82808aef2cb3585c85dd52

SHA256
f58ca7778b4f6bb52ff0638c14a576fc930ad58b3d2f94b72b81a0304b170c24

SHA512
d4696c6272a5d8538f82d8381593c45a31c642f7f7b1fa1d954815099643818c5a95fe930f59200aa063dd803c85236fe564338672f65a4df5b1a47990e5bff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
97cdb6ecbad7f22c1289f7311dc8c255

SHA1
c14e2b1d7a31d51b7512e2884630dbfbadbaf124

SHA256
6f0846bb9040daaf11bb01f32c50d802d9a4b795e6471f0810ef951702f778da

SHA512
8fef6314ba64adc08ef6702d09290f65611da45fee4660ab983229d8624798116088d812fadff92d5f4640ddf90b12467341a4c890fe5ff061ecca0483a04059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
5b2a5b81f97eb665273f5155a70a5ae6

SHA1
4d0639de74b9f41bb0520a5324975fa63b7d3a19

SHA256
d7ca4c1b70060a27dc23cc64bab36c8cf96877ddcfb25f5e4ec527ce078a5880

SHA512
c864e4deb490db169fe33730cd5edd6ccd5c6d3d55146818d059e51e0137029da0d78a04d201fe910988aad036b0c0be67e8c7f75df8cf7f1e7ce57b44f84c16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
47274cbf754dfb015b3e8930a443eade

SHA1
6ef9b7b6d1ee429c54bf4d3d593960082f9ae295

SHA256
152787120521cfa7166a7bf1ece2898b70604d113bb44a2f54e74c7a7b149cb6

SHA512
3458829b4e3da0f532eb6a9a6a974eca1ce974af637b54bc76ba37462b8738820d87a2d9b3aa7db5de4068db8d1343a89336f4e30487279968ecb6b32a1232e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
01d52154ec565ee982481cb647788b06

SHA1
163318ed24d7cc534532e3829f4d0bbe231a674b

SHA256
0a6c604c52514aa2bc298383b342268d61f084459a420f23978b075d0ba15664

SHA512
e2b658217b08940efbd78d1ae02a4ebdc44f4218b708fd863cbf31eb830273645b5bfb432463932446317abdfa79f468cadaf86995211b2e54691cfaa524876b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
3fc9f58fd3a3dd26b3d8f512a2564806

SHA1
0a8f25c16d54e10f3f4dc6c33784d639fa3ea949

SHA256
0c8df83121bc93fb10c8fa5fbb8846937cfada9e4e72b8da715304506b4cdb8b

SHA512
b56316c02fb9172faec2044554f5390662746f54057548ff43dfef73fadb73126a0d04c882c53f557dfcc60293f177af7881dd3f15024f2571deba46dc38e17f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f91adaea984b86d0c23a10e641344916

SHA1
d35ed86b7b99196a997307d2f8cdddb1a2695ce7

SHA256
005c9e1f21819bb64ac0f6d663502c6b959de199f2a5520b94cedce3ecf00acd

SHA512
18c7db61ce26ce350db229c5b749f298de9ca8a9da705b11e42eb4e8b55bef1d9985e42f52bcf410bb6f98e3edd05dbb667c645f38809553984a620a9eaf0d55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a6008b216d3981b1f0b10d4284a7cf7a

SHA1
9b922491dd561336f6b9721595fe69680847221d

SHA256
71b480b58a7a1510629676a658798083daae2f1d3570c4f55f8db4832ccf624f

SHA512
1bf27ab9dd5088a462c4f6e247034512caac25cea3abcb64076cfea06eab2e12214e1e1e83d1ee8d46ee27b7055441fa7db3c0d479096a8e2de83a2607881b7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ff35e0e67c7cd68a11411dd1f1660015

SHA1
f9bd7e159058f1f54dd17a909646d48a1d842969

SHA256
da4283da73a2fa12eac4e60775602d26756833d257c0c302373c06f537bfbdf1

SHA512
aebe1ad367658dbe9020ee8dc4a4ff6ce9d9572e104df3c0677b8b23d1f6be02f1c179a14aac8819cfe43c2d8cf988ece30c9ff1f7c7b14e8e46909a3b8a15c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f8a1cde2d0e225ff5a7994b0d499fd0c

SHA1
bbc308f066e8ca294557e76a220364fa03838096

SHA256
651d79726e8b9fafe1827f3f6c88ee46b90397739edfc85c697ea645d5545da9

SHA512
5d8deab616048b3c466e60f042b2a0bf2e2b264430244923b81b5e6e30ed23d15fe51af87358792ea2f6f949b98049a93da495fae9c1dabbcf685d459f3cdc24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
21259b43f85504c544143cc073b2a37f

SHA1
fb93a023fc2d7ddd4e118a941182909033183fae

SHA256
f2d2dd516b60a04bca386dcf3f113bf46f223c49d07fa4cd05839ce6089b9688

SHA512
f26420fcde92c85ea740f16a369ea07a914ec2b6de69d2ffd8d74dc30bed31428c4995aac26f25f75dcaf6d8c4ba695a31757390c107f84d229027c155b7c49a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
55554d1066adcd65df182005dbd56609

SHA1
51265966febcba14c4303e3f37ec5c423be77520

SHA256
9808d80de3647214c6486e632196a64ac9572c34b6c1653ad6a160c7abc2249f

SHA512
7823bd98ab999c6ed13bfd0d0f3b66de8237113d564924e256fe2d86516eab577fd098c2c455c6318785009051b57002caf40a30145499ea47a2f3ce88d8c3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
226b6c8e9839e9a430ded171706b484e

SHA1
13c4d3d0657fae87968fc9d8845606f60567dda0

SHA256
2f671771e217f2eff2eb16d9241e89ed3994da1a29d9f1c8bfa5b6b2260f39ac

SHA512
234daaebcab93e09ab9d0a376c6401010a7da7164229a7b79674c13a3c9ff32585a7e08bbaf711d76e658ee047eac0dbcdae92e32adc11cddfaa0577ebc95941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0aca40854c11faf41d67e820acb0718b

SHA1
5e6be74b1f130180b062b3739e30f03a36d150d3

SHA256
1c5d104485775da67ef503ba2e447de424c829b422ace9e04c09346ff3fe10ff

SHA512
7264ef545e9ff8b095cc343498f643e9ba38c5206842432453b03d24ce6a3034bc0e9bda1481899f0089758dadb153a4909e7ebc113d67badec950fb3421324f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d851ee21a15211c604e4db364a65223

SHA1
d32bff136594fbaa2a1e60f4857495b8c5c61bfe

SHA256
27d5655d8a1ea7a7058b0d32ec8b3a547ca00af0531f1ad70c1a7e494eed95fe

SHA512
a72ae1be1da2d9b9e64d6c15c113fc8a7a991f87740cbf7577cf6689469bfe9f42d09258e697442bd316e87a254a6e61abdfe507ca891d91bf0b4dc64fbb17a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
96b5e25a0364022bf67335dab4dd96e7

SHA1
860947ca0d2e92f2596609db892da442680a8328

SHA256
731ca0175996c12a484205a9f075986ff943e3bcc54cc658f2ef7664a6878854

SHA512
6b6815adb06dcce99970ba3c8767926f81e0a2dcb9b554983d52cfd7e050b239a9328bbb28fac804976b460c8079c059df138c68a342114af3f79676a740327a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d7e0815e3c5db59754d178bede8fd623

SHA1
f2dd64f965802ca4e2213c3eb3e3ad608945c076

SHA256
d5a04e893293712a5824f33b0a66113054f6f9e4042d842d1c01b5819c386145

SHA512
0386196e64465092f0d544b4dea3f3818d6b584ad87def19cbab6038741869ff9ebb50983ba3c8503319fb005c64c0b7706408fb70c60b5606541cc3f9b89aec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0206a032331c900c17add872acf0db43

SHA1
39561600ebfa8f60ee3ab878d62afd9ac8d5297e

SHA256
9ad0ee30e68297d305f89daf453770e76ef6a73c1e7a224cd8d3b254612aa66e

SHA512
7f6cc5e8fb0f9b5bb6a943b912f4bc9bd419b8032c649517e81b456e363ce89eec132e7084115588f9de1eb632b21a42453dc07dedb54ddbce45e0d7160bef99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8e8a00d1a255b8241c4451e132566701

SHA1
9b46f7b1562c5e8dcb06336fce12fd7860a38ec2

SHA256
56d552169d95c18178bb349b8af3d3a3b230122b929b833d15c13ab33c9df93f

SHA512
9438aebd85632ae54634d3717cac93bd2e4edd5d8bfb88495b1855d8fe070479c3aa0d5c7b94910c3cc8e5e9603ac2c04e5409fcdb5e469181fd85efa03fbb3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
08b305216da9c4760f389c35f69b6fc5

SHA1
20c7ce50338495cc743eb635790705f7db8a6996

SHA256
a864af786ae2e57d8c92bb7a8ce1260413e3198f9c997b6d3e5f85ca12e5942f

SHA512
1ce354438ab6c4caf8ba29ca67efd88313b17831dbb5daadb097fdfeae8915ce8a8ec21172296b1a410e689565cc54bbb85482ba51986a51c8efe16443688fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fa3982903f80b1c6c0383ba4d14c1945

SHA1
ed923f60dae261e2d942f181d62f13fa6fb976d6

SHA256
eaba66d1b2206d58128b064c0714d316a76ec64959769bead0480dc716988b00

SHA512
e2fd14d332873235f7f4f022bb39fc5ff33e3555f855f3035cf49d6d7e1ff6fe65189193946e44f9428393996c660a878e722645ef8f7ab26983d0a72d11852e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f77fbadaf093bedbaee8e83e164689fe

SHA1
bc1f311c7c7633bb823947a3cb12efd459ff5405

SHA256
c94edee4eecf29d25f5262a37b01dce6cad2d6fe8a7abfe2090a5ce75ff46754

SHA512
ef7563d8f9488654f0bfeac6d0c84caac18ed020e819227bcf78c7ae241d3fb9f7fb479e07cebf4568cea80b13eb1b84930d09a511fef936309be79fb22ab26f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7277c70b8e386f5f8503815b910f4200

SHA1
0c5fd04ed08ffde5b28dd6fe4d67ead894a47500

SHA256
fe9749965bb0eff19c16b12a54544d21c1a5e6cbb9422616415b9e768a80d38f

SHA512
f5f0f06c77fb1ab30f9eb05ea49045b1cc097005fc1824ac498d96189c84ca02f3862b70e22949ac895374b4ac651416ad6a774d642b1097c15f83062124994b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\49105401-230d-4ef5-a4df-006ccf16c94b\index-dir\the-real-index

Filesize
72B

MD5
86d12e89c75f064292bcafb998505d1e

SHA1
1ec356711ad1fe42c13e961190974bce9fb2e4e1

SHA256
4dd987dc9f52a2d9cfb89f1d47df4a950576a25089aed50a96d4859606d4e966

SHA512
984df1a78d4e8c5990e5a8de5e37a899571efa0814f6156969222034b130f17c749989c4281e7251f1a16d3b1e62dd4ad7ca8c1975198c459f7ab544c6f42861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\49105401-230d-4ef5-a4df-006ccf16c94b\index-dir\the-real-index~RFe5e1720.TMP

Filesize
48B

MD5
d982b66b706903d19c617d538bb8782e

SHA1
ac4afff5688544fc443698ed3cbfe24eb40ac2d2

SHA256
0b7f88be62ac1796bb547b05e80ff730a320ca37e484e10d6c76ebb5754ec24e

SHA512
f24e90e581e12201b4fa9b91793dae872cafba455bb20646d61d5db04c44666787572f0bcfb757a21e5e2be9fd587e8f748a03fb1d1bd04069c2977aaede781d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\6c38bc2e-2b13-48c8-8f18-d1417dffae59\index-dir\the-real-index

Filesize
1KB

MD5
c1760e593c42ffd63a903ccc628b377e

SHA1
281830477c876789ca6a84fc06c999ae783abeca

SHA256
d6af3819409720c60faddecbb34b424c494b8c8d11135226180490e262f9f909

SHA512
7b12fd26c37e2036982c1a49d40b0de8c3b491c3985ec874fbf16dc6e54f946bba945fb56e3453bfd342e43032054556c56f4dededbb4ab7ef7615e3757c4d93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\6c38bc2e-2b13-48c8-8f18-d1417dffae59\index-dir\the-real-index~RFe5e1fda.TMP

Filesize
48B

MD5
26d1fb0a39861e6032c718a6860611b8

SHA1
5bcb4058db6fc6e755b2bc28ea4bc90a875a3e69

SHA256
7bd49c0c4062560968182c28fad00f8ba0336a7b3ad30982745a515a76183aeb

SHA512
222a5a1e9a2c0eb0162fb873140efa2f516681cf08f153c4087d05ebebd3515cad4b02215641670c4dbf1f8192b711785cc7e6d396ed680b45f06208b7d7b86c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
109B

MD5
7a1390758e8a0869b5dc4623e18b4142

SHA1
500f4f56f12c7b2696bf1bea42a6896ce76a4cd2

SHA256
8d6e1bebbee0c54da66bdf699b11103f55672ddf881c243b27559e8b30c7ef89

SHA512
252a8df6a2002b364e36c75fc57c919bdfb2248e69ad38e91d77ee1b24eadd3113d956e6332d353e24f7e750db8fe11126603b3fb289044f8b692944767ecb61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
204B

MD5
3a1b27195712f7d1f84886eda41f214b

SHA1
d7acf30102f69579e953a9d00d9dd25ae73f0a43

SHA256
b781522e5b2cc48878b776be55ca66448b47c5c642ce1530e0bf2f6322ca163b

SHA512
2f2154e0efa553e3ad709bdd72240d34fdb69bf0b506ca1508e71d33bd07bab1256bbd7ecb8d061234b87c63bc4388dcb0199119e96085df399af8846582fcfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
201B

MD5
57ddf497a35a863df940569dd0d8b0de

SHA1
a8b5c4d4b7b81bc5b33a2fa21ecadb0826db8228

SHA256
9cf297dfe5ce7beb3cc19bddd399be0eb813a90d816b6728962069bdff46588e

SHA512
76d96de54898c64a44cc2fafa0ba9efb4f67d883b373a549663002a2be56f4b5c6d7982fe87cbf707b5703a2bc67aef91b72473bfedd5d0ab0acd1a2719d0578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ed0bfba81a607e0a259b377a3d748173

SHA1
9b41661fa565b07ab05562aa2b91c1e453fda7e2

SHA256
664dcec8789ed37ba99456b036eb20617d6d34b8bd97a7ea5f817ca8f65b9474

SHA512
f4e1995c2ba99e37194d364c35e746799c359cacf3bf3d04cff066f06d6c95f1ef0e17a98a4b27efd15e5820419e37320c11d50c8041cc441c81c5094b1e6a90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e16d2.TMP

Filesize
48B

MD5
5fe6afdef6226a6c289e0312e62cd772

SHA1
acfe44e3705adf63a2cf80e5350c710d09533dbf

SHA256
a772e98d9caa20253624c017e17f3865af6a91c865ed03205b41e8ecc8d90639

SHA512
3decb87b14452cf20fe2234368821034f73713fab89b4716cc5724d7561c9575e3a43c4481943ca57524385f64c4db8cfd1817d3b1f8bd6ac052604d47f9437d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e1b5a8ea27f486fde2ffaf58be03e779

SHA1
439a9a06cd51318828371660cb245f1b6f22a815

SHA256
4bd1642df5ea6d9bafa5c85021964fd930e2cda7b51dbd44840631597fde6291

SHA512
1357697b15149ac74e464bdd41524e093e850498044f25a2d6ebf3172d328ed818a65aee9c1b4dca994522a0dbef7a0a70db7bff5eda591388cc115f22c1aa62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
591086cce478ef0a9ae03ec5695e7cd2

SHA1
2f49ae1d783f28a905a471c3c3d87948c2c43922

SHA256
4af5022d909ea9b8b8d0a0b91a1fe2ce1209a77469f26f054b21faa602ec4038

SHA512
73d7e10eb145d7efdb23105b05db36c0b1334289e52fad8af249a30e4648008a6b45915e97b7c2ba4887a3370282b0feef9da6d1b146290862e6bc892d01d2ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
276c7273b60ff29bf0b3294370811f4a

SHA1
4277466215d15a4b9edc2b9413d03aa2abfa82c1

SHA256
9c408ea4c1808c7f89806a6f8674e1afead0a3d1b0547664fdce6a1a00c77253

SHA512
b50021899a8bbbefff4c6e0c8425a96995858b9d7231b8ad88a44eabf54bec3df9f5cd32cd7618b93ead89151a9c5d9502c136a0e51403e8ceb4e683582ae3cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0465f1688780b3b83b110ea0dac4315f

SHA1
4741743a531cf674e26a32827d4fb14f7e22eaf0

SHA256
3373aada53d6859c5c246671c37fadd4a87d37e317cc0719615da1f0c3366e42

SHA512
ee268be53297ca5fc3c1f62837b626a0fb48e86df39953a1b8d283ac25d9a58ed14239c82af0f51798259f7e588440a054b3e26818a89d438b7ae5b3ce62b287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
907c82bcf1e24993a55b18227ce88377

SHA1
8f74e58629b59df5fb204cde0836186916f5dd94

SHA256
7e0b5678e6618035ec072004848e941c71caf732fab10d26528ed7701bf48964

SHA512
b33d0d2f12fa9aacdd1552d04899960cee8e0aa02ad8c74b8318b0e42d6d212c942c2276cbf4c406cd578d0278a573d49ae32c47bd3a1ea8cd912ba00adac5f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4acc602f5ef69c586cfb48f826435579

SHA1
7e3f6e23293d6ddd03984dcfe7a52d2b7a039086

SHA256
c096a1b416a00dca2a5bf936ef4755606c527983ed7cdf227a091b5b051c3084

SHA512
019ca44e5358eb433e6bab2ceddb8677129efcb326505c34d31c9d270f0164e72694bef58d90591a10ad5f90798b5d7345c30f7fca320198fe6baa677eb5e511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e67bd1511a0121675c1af5896e2965b8

SHA1
e096ac24319e42a3b83c4edb8cca12a50700e8a6

SHA256
f4fa330429997ead1a35a82b6121dbf7af45c0f76d4011e8c6530dbaeb58e9c0

SHA512
35e93823f3cd9d5c51d4928b797a1c52d9a26b39da0cd120ed23edc7b133e30fde9569a40db5fd1a0c3d2bedca9bee9ca4ff3dd96dada5534ba7c464b1d0d82c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
70d421b8965a51db15eed3b2cf68ac6b

SHA1
9549425aac3ac2dd0239cc19631a9d6b5db8c860

SHA256
319e075fb451f13a3142ec658dc3a567f24ed3a793f56097e4f1f006aa0464a2

SHA512
9b3de1961f9f1e343b2a28d4f106e16f46c8ddda1dd373afabdb2c8c5b3eaa7c63419cee816d42cf87d2f205eff1eca9517d2890585a0418d2f2e0709a55c359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b05dffb5b8e24163026db358d310ff34

SHA1
0701f4f53536c2c4977e8a394d543604cd0376b5

SHA256
2d5b9a5d576da9cf9a234f53376de90b01add375a5b2bb280f9dcbf9e7924505

SHA512
fce402715fcef27a036cb3c1b77a42356512117fb055d442ff62290cefedf6f701410e3621db6449fa403b3b181e8fcd8a5819d686556727a7d67312242616b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8728affd23113e2de44aed7e9159664f

SHA1
c4e1c6d74e4988a152b58f614148e86231ee878f

SHA256
ae300c2302e2648af5fcbef34b95c9e23b924abc4d4a17096afd17b75e511308

SHA512
140ec3f98fedb09b66a31a67d09d385dd33bd350652fff0463273528f17e1435f03b101d70b28ddcb4419b6a794cd6733ff125ab16e4ea955d4e4299e1d68a51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5be35eb3a50bff30910377d69af47782

SHA1
6301d0d498fe6422f256c92b35331b296387c95b

SHA256
8ba6fc1432a9c8fbbe6a01bf90f65ea7b3d40c4c63c6ee098c6dab3aaaefd2fe

SHA512
0ab975804d2ea436ee153d833a1b579c4d3990713061ae91ebe6386bd7120e0f21acc6519aa589b4f0a1ed1e5c8d7da160729465739f03c1aa4a686a995af94b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ab41b509b668ce41cb67eb5c65ad39a7

SHA1
82c0bd93b7270151aae9dfb1572525dab3981e8b

SHA256
c118b6e2ddb90ad0857511c61fad935ba1882d5a121dadf5889db3538edce839

SHA512
6f311f56d1457807eec4b31985a9b3f05da31202c0e761c2d16756b6c6d0c66f6462c8fc2f545916afed9406ecc449c8b64a41200f7724468fe65d7312da385e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e11871aa8315194adcbafcd396ce7547

SHA1
bec007841a016f833092a0bff7854fc71b1837a5

SHA256
505c484efee33f897e2b86bac1e52f8f649f37e30c3d8122e7e6726c0b77cf20

SHA512
8f4d2b3dbf75eab7f86242b079002c59f1344cb87ddb44ce288bb75a14f399e61bf1a6952661f2406724244e3b42136a628ee063268370dfacc85ff7f6045808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581855.TMP

Filesize
1KB

MD5
0580095e220c37ca97c2051ba5695b94

SHA1
7526a288989e92368eaef7f54cc26d4c9dbc89b7

SHA256
9e2cf932b632a421e2b9e6ec8de6a1aa91b49259303532427b47f23148d5bcd6

SHA512
a87cbace63ae71839fdfc346acbc5434dbe015b8a269d77ee812388ed72d191ccc9dc0358a13aefebde25ef8f882a162febdd6a8453574d9eed0e5078e3b87e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c37f206f-de6b-4161-9d07-c268c944a7ee.tmp

Filesize
2KB

MD5
1c318640be156c7cff520c10afc55418

SHA1
5fc6aaf04d174edddb2a4dee3a8468372f382aba

SHA256
f9f7e3143424cff9546a4c8b862201f5cfcf99b8454f1993d90225da1bb9a2e7

SHA512
e76d35d5fd54f8778feee74692bb518c551af91fdb9cafb2ae7a8004f17c27d9f78b27821b413098f58de741cd7bf58dcd373f6fb025421b69de074fae855746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
378755f83695afb1d3a6566655b1540f

SHA1
3f17b8502ed872376b3eefdb36a03aa605685bb6

SHA256
c560feddf1d1024c8bf971c08036186b6a55aa063863b4afdbb26bd9b4ef2f6a

SHA512
af640771c8577f55e047751ca155ca9d845ff302db13b5ad494c61645ba117cd1beba766750a91ab0b07ae28a0c57233ef4730eebf028d85ed40ee289f12949b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b36e5dc85478e1804640c3c83ad4b422

SHA1
f65a6013d6feca11660a960514bb7272770c724c

SHA256
a65babafafc36608f875c40612d23a06edf9927125c46fd6c3789a5bd8ab7167

SHA512
43390ba0f16ddd6e759eb27b25cb7ff881391dd1f0ee4de2aed23ddefd27319496714370950eb93addd7c722339a6099573dd10ad826d956328d85edeb827fe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2637a7e29db262886cb124a65ce0e3a1

SHA1
498e61de5c09deb113ff521cb48e12719351a5f3

SHA256
fdbc99ee3f42f282b8001e97eb7e32c62d9bb2c3de9496d86eee95136ed7c089

SHA512
a68dd625c64e598085c72b8a749ed73e2e5470299c1f1a67e6185c0d07c37ef6a835609cebeaef1203da2054d297e3fb79d7a673cffb4edf17d4d78a96a8ad74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b93206c76037cae71b375507a72d04d6

SHA1
ddfe69e728471a5c7d91da85f96392958a8c4364

SHA256
557ef34db3587fbd5f42f82c2a0d3ee8bd1182e673f96fd2ca960d4597cd05bb

SHA512
443203cc3a4a5f59cd2d4635beb96d6fb5e3e61c5745bdfe81f0659cf91debfc07d57cf747eea967499dfecfc94df5797576342441ce15aac8a6878230ca4c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
abae969ff26b22f6f46d08add403c146

SHA1
9687bbfd3f1640a11c1fa676dfb850de54b488ce

SHA256
d62d69584749f3d96b45c47d77553abce6d3881f424d7a92152b0b33d5138ebd

SHA512
26f32cf17b35d0c7b1548576576e3ae310dd2e30146640875bd31b1a199e66817766554f0fc8aa1a96f88f07280fc2407fab005b7aa587c04d9ecee476ec78f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e5f78214f000f9bb68bddc5bf5e9bb2a

SHA1
d311d9e6157f2f7e681b10b5827bb243223438fb

SHA256
c846d242ed040da09427c9cd6893bb24a661e06b0b62be4e992870b50965faae

SHA512
810f739235ea92bb8550cbb2376f75b2bed14df58576754627341403b42f87fa61aeb0a021fa456bdf9810b052f4777f4ee7af6588d6c165998c8e385b1f3459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
107ea5f326359a2c900b886c4e08b350

SHA1
df846e77ddcedfafea640db2289eb56b98b32ab4

SHA256
1a36dcaf6410c30a72426b90fd628ccf5dadf95d624862ca27a5f622800ab69f

SHA512
49146bd6f406cb005d33b563fc54f50cb74a27ca402752d94d376e408294ea5719aedf8b997809997eabfbd35749211aed5cccf3c9d1b2ab07bb124dbe2b540c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6fcd23b70a6a28f065f80c3cbab0d883

SHA1
180e95930f5e693bbb6d65d36d7af91c3bed6095

SHA256
58af0d947794e3e7dbc4e0abad2b7b0e33dc729132170259fe29edc8b5093880

SHA512
45ccc641c9bd5ecdb2d2f2da3153aacda76aa86b83fda13454d7f4c1c0b437ba9fe33b0465f806e237c7777155cb66582288ee579e22b8d730e65e6491a9ba85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
7229b481967197e1f848dfaee07fb7e5

SHA1
df091f7998f9e45c2e516a278c601423b75147b2

SHA256
f99282e05598337335fc8e4cc445be34ed1ab49544f2dc593e8af66cfe1a88ef

SHA512
28d6b076c3e9fea0d12fb66adc68343d2e1e75c43ba5b2bb7c9b409483aa79b10bd5540507a999cdb0843aaad7007fede9fdaf8b79eb13c515393ab40398e3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
488fb293f54c7986cc01d8b5b2ee4f45

SHA1
ae138e6b1ea4d58619e0193ec47b0928a6506914

SHA256
b93b943f969d4c2eb49633db24200e2198847b03fa93f47da15f3758401b760f

SHA512
8a56ae10eadf7e2d06cfa7c6d33e160e9969cf94d6306d21f5772a4ace77d886bcbaa1788200545b40deb86912400bf3aad3228f4a9ba049871095d377761158

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
fade983aa9160f2b7e40456fdec2bcdc

SHA1
8365fa43bd0ea027666c0f5b3f5dda26b4414a67

SHA256
7439902fb2297ef5b339676d5941efa5884815150c88fd17ebd64c54e4049591

SHA512
01edc7b5fb328c847ca1a2f24f451a4d87432f48803b02d3d6b395d2073f2bf1f9abd20444a90b467f72b1d0737040a4f94f894ac5c1cc56dd2226bc5e08d966

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE875FFC40\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE875FFC40\SolaraBETA\Solara.exe.WebView2\EBWebView\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE875FFC40\SolaraBETA\Solara.exe.WebView2\EBWebView\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d9d7577120ca65ce86e5b88cb08ebd4b

SHA1
89564eb3ba29fed2fda88db5931ba02e154fd5fc

SHA256
4acba60bc53a48d063d6f657858592f865e6470064f5e5555b8d1d049c677b1e

SHA512
7ce164f3c8623936b8bf605cf4208f095c9e74fc9701d7b5eb4e8956d736d6d497b012653a99819ab569929e5cda618c8ff167ad354573c9aeb7bec3936f3ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE875FFC40\SolaraBETA\Solara.exe.WebView2\EBWebView\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE875FFC40\SolaraBETA\Solara.exe.WebView2\EBWebView\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE875FFC40\SolaraBETA\Solara.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE875FFC40\SolaraBETA\Solara.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE875FFC40\SolaraBETA\Solara.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE875FFC40\SolaraBETA\WpfApp1.exe.WebView2\EBWebView\Default\Extension Rules\000003.log

Filesize
38B

MD5
51a2cbb807f5085530dec18e45cb8569

SHA1
7ad88cd3de5844c7fc269c4500228a630016ab5b

SHA256
1c43a1bda1e458863c46dfae7fb43bfb3e27802169f37320399b1dd799a819ac

SHA512
b643a8fa75eda90c89ab98f79d4d022bb81f1f62f50ed4e5440f487f22d1163671ec3ae73c4742c11830214173ff2935c785018318f4a4cad413ae4eeef985df

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE875FFC40\SolaraBETA\WpfApp1.exe.WebView2\EBWebView\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE875FFC40\SolaraBETA\WpfApp1.exe.WebView2\EBWebView\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
26fc054d6e2537d0eefc2adccd8aed48

SHA1
57d91cc39566739e53ee686fdf54a54db586225e

SHA256
f1f4cab488693f20a1daa0d0d9bf8d5f4bd066d939fbcb78e3c1eb5b44582e4d

SHA512
b674081966ad1cf5318e3e86c628c13cdc67bb53cbea5a49992551033fe9730206d7133aaf0535c95a6245a2e20522a9ea9bc7c414a72cf08be8f5c2d81611b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE875FFC40\SolaraBETA\WpfApp1.exe.WebView2\EBWebView\GrShaderCache\f_000001

Filesize
16KB

MD5
93b26a977cf99c9d7038ce067f3f6c19

SHA1
daae119d188382adec6aad4c5c34c64adba38ca8

SHA256
63c283447cef315cb5165e4f0b879f2554c854f8de5b9919d2578441b4f92e80

SHA512
c3ef41ba6bde3aa36479efae3f15c9dc45487615c58a240728b03b1c2b06e31c14810a1344a22f923387c33de731ab70994c3265a023c13dbaaba3f829884464

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE875FFC40\SolaraBETA\WpfApp1.exe.WebView2\EBWebView\Subresource Filter\Indexed Rules\36\10.34.0.52\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
a6fbd33b19323bdc36864c3c8cacac3a

SHA1
f9fc983adabe02497ee532afe37844dc16610fcd

SHA256
6424b7c46d2466657c52f7efced531913fc513a238d5bce1ba5f6075dd6fac4d

SHA512
947c96b7e62f9817b29e7d957b0c450bd55c6344802b3db4cee4913b83376cf5218b39d06def83e794a8022dc74187f6cc3e5f71dc5d67f68f71972b0e782024

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
dc0dfd10e371f28ea6bb029450ec27a6

SHA1
529ffbe799baae52ddc70f21749e81b2d766e813

SHA256
6f53d9e77f282c8a909f00de3a0ab34d7a2200eb63ca795c78f6b384a0d5ff09

SHA512
58fd134040996d0fd870b14f6343a2f5656db75d2715fba65ed1e9638acff82615073590df7b4b32a471ac4daed62434ea14435be2ab4be8a5e18a9b4b3dff7f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
dcd1f8059d7720d3c9486673f18ce6bc

SHA1
92d9d9ae864f7e052bc327c9d4d87affd07fffa6

SHA256
c8c70828aa67ee3faa7957effa83a9f47a014b0f06d5da47f4db2bd45202f5d8

SHA512
cd5fd94b8357b947b0c711794fecd2e8da9564cd923d2b416f7e5ee47589ba1cf977073c5150d57327afcb995558e04e5d175fe83024011df9cbfab3669d8973

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
32b0428292e2528460c0c0ed5339f0ef

SHA1
627e83e6a770751095f8f1b031980132ed44df39

SHA256
71ed933e76066185c47d50de88cc0afb852f660944ac50974b3ce794a95ec2b6

SHA512
70f79bbc2531e60ef8ec9a4a38a06bed25c67e7f0c78ec821f9a353edc51883110162e9e85d3219999dc688b76c4c40ac1b0323da7828f614817170be6c968d1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
32e96567cc3b42097134de12ba038364

SHA1
4b6fe115791aded3c2a1c8563414abd7b093f22d

SHA256
371292a632047213fe9948bfe73a3f99e0c2cdea08ffdd0a68754d4f12595c0c

SHA512
b30167b776caf3e06f58277f521b03f4f704ea67dcd7fa28ae53bba759d98273c96e1718e1a7fe8990d982ce039768e9bf9b7785a05a1d8e8d005e6c9590ca8e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
97dc07d4b664a894f96fd4a99f7d4159

SHA1
d33f3980f0924cec0dfff76eeac35e457736da94

SHA256
83110472df941b6c0351f5e1d3ab1837a781be3b06a5e0458be58e893ea6587a

SHA512
b5678f2e0d6ec0f003626e2aac1a05c1df3ad1cb04246d10564e0be50378675ed9a0b32736f400921e24cca47633cbeb988d5917eccfdba3c50ff040d6ae86a4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a52fdcca32b1c37f21e8a8d5f43676d5

SHA1
b1d13828880bea9b7847d658f058f34cc3c3a00c

SHA256
afc3ffa6c0bb400ff006f9e1919951e779e53b9b4c0a9f90ddf2012fbac2fb85

SHA512
4b8f96fb588f589c49444cdd31f3215118c5df3fc9071e469733f686cf7366e00f95997198c8dd023d86d6115c1e4cfa5fd6cd27f706968464701bbf1cf4ff26

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8a59de35b6a47725485f358d954285bd

SHA1
6a795026721c3f452ff651e04ccfd39b4cdbb298

SHA256
665d4939ce699d25edef36d7619d10689862592a3b20c8dded6d32e5143038d7

SHA512
74319fc18d16febd0f026cb9d7c466bab1d3c3ddee6155f24f217723ffa5e728bf455dba1c624f8c40dda61ee78078d4283a46494d075fdc80ab3383602fe712

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\AlternateServices.bin

Filesize
7KB

MD5
86995314ff8152c85c0f9876f22921c2

SHA1
f22c2850178162672860a665503d76937efd1365

SHA256
e8e5b0b318af9bcee37acd0a1ee582e6ed1bb868629633f46ad8b1cc9db634e4

SHA512
8c191575b1b960cc3118fdedd6926602d4e2e85d6190d7ddd9890ffc8a5506e4be4c6f0506f49b5f18e3f75895eacbbf15dc492403084d03ed25ce28f748c083

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
10286c9259243fb4800e2ef913949ac8

SHA1
5f75395a227e56aa748cbaef0f2d1488a6460b86

SHA256
4e8c473eee61485b033c2697aa370c7d9251b118a9e7c717f7a3747150c9f2b8

SHA512
1ac8444171b9ae6b4f9813b6fc41458739b182a77b8bfbb6840c8352d509de9fa838e5f8af6e0ff776655ec6be9690ef16738d50a2345a4fb62e09a8ac12328f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
27KB

MD5
92572f729b5a369c5507fe3f9d308d57

SHA1
46f1c55c1fd128a530a264e62aaa7ea856bf4607

SHA256
6131416d6f99654699ccf5f4ed05a64723d31b4f6977825a11c443588ba340f5

SHA512
2cc81a982a8dbc559d69902ef13284cfd9609d66c486f2cd3011b551ca0e8fa2bbf5b13ba4343be1245bd4074b01d228c536f4fb12ddaa6c0ae7b9f92f397333

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
27KB

MD5
7e9eaeb865fc47dd339810fe21ee3fa1

SHA1
8b90154ff63abee4c28831bf976e66c0782074ff

SHA256
6a5f345010f9de70ffa4918549b44e00215568ef3837f98db8801bc703df02bb

SHA512
763e74e6f7703fa480f0e9a4b976e4870dfe1618c376a063cf7851dda24a9949414ab02ee971d54631c1133cac1e77ba1436a3744f1a3d8ac7efd4fd2c32116f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
27KB

MD5
da5b3fab47ea3b6591b58d2e7bcc1bab

SHA1
2093bf59f56af50c78167fef2da20a4a8447246a

SHA256
8872acfe09b72ead2b5a4b580a0c522ccb7af50d43cddabfb2cc28eb04c4056e

SHA512
48ae30b9a80df76ceb61fef48e08fe7a2838e64c0a3323ea0834e8e286ece7bda9ee50bfe8a0f1adc1bd3e4011fdbb017ba467d8442b62a84ed1973ce3f636d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\datareporting\glean\pending_pings\7e653d88-2310-4f31-807f-9f5a2557f732

Filesize
25KB

MD5
de0e2e3e92e81ccaa61aef4b4e29d061

SHA1
8be90d4daeba2ccd45b9dcacdbe8ff4548bbe67b

SHA256
37280657fc632f6b366140e35f3452f31be8fc9cc60d9d3f388e6fc52f192a31

SHA512
0142c91df2f47837999a55682b094ab0c6eea08a93cc4cd8beec2eac6d32c817e9430e773af33850bfd28c76dea45cc31a70970131762e878b87e12d992cd0ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\datareporting\glean\pending_pings\dae1cc9a-3e67-4023-89fb-49b14a5c1394

Filesize
671B

MD5
de60295fe4f00f7c81cd3b614969fda2

SHA1
75d9a30f7c0a4f216c58495b99612a3e4f5bd825

SHA256
235fed51a224ea74a053e7794da5d893e230f50bbdb9da277f27168ae23c30b5

SHA512
90e5e9fa16e0b9d9261f45a4e0a6e4c34e2a7e19c3b208d081e045558ddcb0a2104b72b04b643aee4b932b5ff1ebafc5d793d416aacc3943035f539607e4a41a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\datareporting\glean\pending_pings\efb1e9f9-d606-432d-b749-678d448bd7af

Filesize
982B

MD5
0bc6534b0c77d824d3ea30f1cf821302

SHA1
5e915926f97b53afe7befc0d00f183a97e346ec8

SHA256
0b92421bebdf535a6ed91a78be2bc254bc6980dce9f9a08717d8d88e6fbc613c

SHA512
f530a2c8a95dce3890d41846beb4a93f5588bc243bc1605f8ab5ab47b4936e04bc68e73d36b45b7934011a02c1291420d280c6c128e787abdcad21358eeaad4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\prefs-1.js

Filesize
9KB

MD5
e962adfc4e7f426f302723c35fce6dc7

SHA1
94406e1beefdf308b7a9ef43c6ef024e01224dc1

SHA256
556513ff2c80487ed065a5d9a0f04b2d9efc6bd8c571c30102a11935064af435

SHA512
b421c7df0a51709cbdfbe0f5fe06d2a056a688d782540a9adf50a3097d5f5c0a3f5c0f9a22bb0741969aa66a3bb45fa8ee745c5d9e95585a5d77e5dd7b881b11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\prefs-1.js

Filesize
8KB

MD5
8178fa31170caaed0c505760ec2be98f

SHA1
78d3ffed152da8684c9b52a8d33965765abeb9f5

SHA256
52e692e0d339ec54ed2d08da83ab96960b78434af6e4e4c47eb232c2f7df2527

SHA512
378d71e5c80a0584a095ef82c0a93f34fa4c8ef0ac60f09fd3af1ea23ff124c48c7c350dadaf20b069392d43a0c74dc0bffa5246225031e00c64d83b4b81f938

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
fe850ff9d3802e5b059377a0b471c55d

SHA1
ebb574d9a16bf8eb164e55d10b2bbf819a993822

SHA256
059201aa911618ca830bf030b38da5181b52dafb106307da41c0870b653633e9

SHA512
a653e9f2e163d11e2043ef609764a3b503c97c70edd0ac15f59fae78f2cb70036ce128ea10848e7c3d2725c165d92fc9117d6def43ee0b52659c458340a5ec7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
413c66d1fe781c38b13f01dc061d3c43

SHA1
d63c80ab6bfab18eb127b6395a388388aa466183

SHA256
371d5e96d742727c86a5b9c9366c137a50223922fa213c0bb2b622386efdee16

SHA512
5316a7f326c7eec2617901cabf2f6c6e462cf4fdde7cbbc3ea501949a8a10fa919831807eb2ef0dd99ed31f9dbb1fab9aca9e0993199d70fca54487f8aec6090

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Microsoft.Web.WebView2.Wpf.dll

Filesize
43KB

MD5
34ec990ed346ec6a4f14841b12280c20

SHA1
6587164274a1ae7f47bdb9d71d066b83241576f0

SHA256
1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

SHA512
b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe

Filesize
56KB

MD5
c3256c5f0046841c566b77f0c86eedd8

SHA1
48ab4b19274e8bb4859236e73e8e2ce3b6957c59

SHA256
d51b22a5d11d05453349ef55d319f950f6b1d05ecb3c6d4f34f3f2d2dc55c63c

SHA512
cb5a224f26aade0499ca0fbc6cabe2f348eaed86812e8f5b1b271019744830dbba46544ba7d974af404fcd556f487f790affa814aae6cbd6946bb935d3de37f2

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
47dd83f9814694bdfb9fac5a53fcd383

SHA1
e4ad45960197003319ee0b3670524dda31a0b051

SHA256
5f579a8da2febfb5e033dbf679ba479918da788dc7370f25db7280a22a96b4e5

SHA512
4d2adc53e57c526509bdcc73a8625a5e58f0adfbb3664fc8e3de2d6b0c275214ac8079e8b6fc5c6acde16853b39d6ddd96bfc18b69df2c2ad43ccfdde1a8030f

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
8c4aae4dd417f9c26afc4fb78490684d

SHA1
316fa2eacea08a8daa1e843bc98eaa79455e648e

SHA256
c877a52f1240843ab9be4a24b127889a731eed032a01fb85c21f5b6c0ed36431

SHA512
d08fd05619383047c3282efd97a0e04b225e2cbc492c85d2f4d86fe3e89127644629f933ab240e928a14e93689cb4810129075a47af6fe34197adaecba467342

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
88b92458f60221190ba9a3b1a987bb39

SHA1
089bb3d3b84a6f15652a628844e7b0cc38a43263

SHA256
d80a76b43a6577a22b67d7401d1e2fcbba7aecb98627242587e64aed60ab7f1b

SHA512
12bcf52d7f47cc1c46b4bbd949ca189c352bb269ed60ac54c11daa5be8cfba37162e7e20e4e38fac4589d88216c63ac11e74d2287bcc1170455b5618f9c468e0

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\8964f1ff-9a1a-4d6b-b0bc-6cfa96861198.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\Cache\data_0

Filesize
44KB

MD5
c1fb20458857d300ee8c9862fa6e15b5

SHA1
25f02f54cef4829912e2407bc9286c3b6de30bf6

SHA256
aa3a2ebc0ff9a1ad0faf97dc83f5ae48fbbbafab901ed6b3dfcc83ceb349cce2

SHA512
29f643b6c0c847154e4dc53cb8f7b34968712a5cfec436467c2f915a67b69359f71027988fb070346dc2c054440ae6af6ceb0b618497134b884199c2e2950915

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\Cache\data_1

Filesize
264KB

MD5
667a324f12f2125472c61c338ac0849f

SHA1
45594a3bb3a8a684421fd467b106db3815e4a17d

SHA256
901f92a5d447dc870c9578f3c76bcba930fc4b570adc033db9af31403e1c4fbb

SHA512
44d015f830e35d61dcabd5843460bff50cc0c8e92797e3194edea0a08d24540dff4dfa3a7c11cec7313a0cc75d8572d22a1ca923a773ac851076ac0f73d560ff

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\Cache\data_3

Filesize
4.0MB

MD5
a9dccd37b2a6e2f5a922d6a7185ee9d3

SHA1
73858c597ba401c09de044f8ee6b023457a6be8b

SHA256
a6ac037e5b798d0d4379c9ba9dcc26357ed68b1280ff3527e485f0fc83a29a4b

SHA512
945eb736ee0e9bc334e0942a7bd6b63fa1b2a97db96f59a934e1f4fcaf2e83e3ebe59e97851e8af7a81ebef69ef8bce66510738a26896699e8b212d759be8066

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\Network Persistent State

Filesize
382B

MD5
26d8a77273749f8ea0eb477d38752407

SHA1
a7e1830e264b7a050882ad9364afac33d5afcd8d

SHA256
2f121774ce24877b710a92ae915f9e627745011249814855435a76b87a0f1a7a

SHA512
c1177e50cc3067e35a92be3f16439922d29950acd88088c13e6ba6de54c070afd84b1583ff9846f8582b0e14fe705447c0e0601180aa7a6e909fe69ff8e5d550

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\Network Persistent State

Filesize
473B

MD5
f0aa4cde537c0707a7accae1f5f99338

SHA1
e5c1a06896ede756502ec53bc273ad7776b82319

SHA256
982313a5dca5f46cb4ca34de288c8a02629a37c9438dcb6065410e7cb737be96

SHA512
50a7fe92fcfe2e6758364c70205b7f34b69053c97a94a35fba802e014906f721f244aad32c454105f09c4a2c151c6936d20019317018e3faf12ea882917e122f

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\Network Persistent State~RFe61184a.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
9KB

MD5
4aad84db16dbc2b6b4c92a70663c512f

SHA1
7b5035197c881090a5d8bc736c107e626dbe9def

SHA256
0adc8d5d7cdaff9b2427ee3bf47885837190d4d1d1d5ad49caf33156a9644114

SHA512
f96b77b3b1f057a0c3f9c122c1b2eca7ab33958e9a504538255c9ca96980aa997044c88fe714400956d5d170b56b263c23d39e038093fdf23e90a77a7599e2a8

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
9KB

MD5
d4e9117ccfe7f24625406ecb13034478

SHA1
0a2f92d8e8f16247e454bd62e708a582bf3ce822

SHA256
dff4d9c585f73b6aec307b1dad08dcf43721a4e9f37a24e1cf2a448655e26cac

SHA512
dd522bc9b1d4a53a54dc60621913a7a53c7c0ea9fc6dfa016ff676733cc2593be5edd5d1503af1c205d36818a0680656bf2a73a89aaa2e89b3af1e94ef4913f7

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
9KB

MD5
b0ef06305892f67362f739baf803da2d

SHA1
05356d1498ae4dd7951470105cd9f1f1edc8e880

SHA256
1efc73a3d553676023f17d4277e5b2e190ebf870bc68b992d4bd40db3c63924b

SHA512
d54e89293708698a5acfef7856895c2de9fbc2ead21b9799f1f2e6923c63d0bdc8a8d1855a460ec9d2c7e8caf88d183f711f094b7f8c79d93f34986a822a5269

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
9KB

MD5
1105faf3de3991bd9558f94c3bac62be

SHA1
529ead72528d9dd4e0727279f00e0c45ac78587b

SHA256
962630ffc758cc636d22fbe92599cbf39fd3b11e7fa8167f7a1090815ef2d9f5

SHA512
475e8c391d9e12bb60cae0f55e0a2ce0ecaa1c9214f2e54e710845b0831e44535ae3dfd4213337d29e87823a705eafc74c2911dfb0d4de236224e2d886b9e0a6

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\Secure Preferences

Filesize
6KB

MD5
b3ba737286bb34833a3afba2de7cb841

SHA1
59f838b1dc4cf88a36473feac81e73c172220fb2

SHA256
0251633d5f9b2d4838d7cde922a122405de4535841f71ea80cda69d1adeffddd

SHA512
2fd3676a895e701517d41f81764a383932a283431e0bcea25d5a1b185b21de42c766ad8def26278a58d48c73503738d707d8370cd80ae4d507eeeecc69d8abe2

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\TransportSecurity

Filesize
371B

MD5
65cb5af40051c9f9a9b11171dd398540

SHA1
884093f46d557623993fa25ddd98a7c255869c4b

SHA256
c9d936f9bc55a4282af9d6d0b3e2d93ed1dfdaa0437095d49705f84819fc2b65

SHA512
3be2e3f25c3cfac4df4b90158748aac45361388ad8bbbfb7ca14485ea1b243777be1ad9670b0994eb4ff8e543ed9e795107af519d477d3c8b6201d1f007f1fb6

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Local State

Filesize
23KB

MD5
5c450baafac619018c535300981ea3c9

SHA1
abc2844016270acd387f4980544739b4dadd965f

SHA256
b55e93291ac72be6a8c4ddcbe8853b023bd69f3ab669648a9efefa3442aa5924

SHA512
7d002dda231d810437a2645937d01b45a2a9e3dfb21242e4a3c3501686568ddf1c64170b1816aec0f558dc79faa39a1553afac792152341cd202d6f92bf76f30

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Local State

Filesize
23KB

MD5
b516628701f4ebdd67fbb493be826019

SHA1
cd7bdceca733d819d406fb1e5393f7a3a93724fd

SHA256
b2d32af84ed0bff1b2a43885e71edea22e96ec9b3fe1bb2c9b09531bc122e18e

SHA512
75cc7e49c487afa98c66d19519115f2db252b13d00f530e6dfeeee1b8ec099ddd3340bb09cd21face5f155e5b4c000a84747319c6ea5ff7e1bbe139069b5b9c1

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Local State

Filesize
23KB

MD5
f1fd891e96db803608bfdd58514ae0e4

SHA1
074d275ee91e7c4473a2ad28ff2744ec6e2cb02d

SHA256
c873f853ce2969eaaef044cd3249edb215fc0563c9849bf94499a25ed640c502

SHA512
464f41a3d961184ea9373f464dc2e27e46fdcafe7486ed513f721523ec02e4af640c704ef34748086ed7f721f452aa5f5f591f074784a2f3e0b1e0705c4f3168

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Local State

Filesize
23KB

MD5
29e5566a372a757d97ef776bf5fd4f5f

SHA1
bee4ebbb1e4509b79f88a2b798492320058509b7

SHA256
1254b96d66ef36e3389605b6666a1d26b99adb4b6cd33837498f499859494b46

SHA512
ebd4764be03ebcf56e5248c6d5824fbedce96dc23d699eeeb04c087b83e9fc06f764af8931fb7814c20dc6dafb4794966fc371ff9a81e97316efd2fa156e1459

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\Downloads\SolaraBETA.rar_pass_123.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 313755.crdownload

Filesize
17.2MB

MD5
4c5ad3e91698606ea30ea263b4090c00

SHA1
d7ad56f2d7926e1736b109db1a32369bb0373ded

SHA256
4333759028268d4d352781fab284f377f9e0edadee1b3aeca6887ec5fb84d138

SHA512
867cfff7c72d5fc0493b7753bb79505819e31f54ba77fff3fdb0525df9a3e3fb5f0059fd25599c31e53fd8c09e6f41c7fb9f833a028f665e5eaf1f2e365aa77f

Download Submit
C:\Users\Admin\Downloads\Yz5pCXeJ.rar.part

Filesize
17.2MB

MD5
f7cc114170a1efc219a54cd4832e77b3

SHA1
97fd16f8b6e2c58aadebfb24e1b7e4a52f7163db

SHA256
fee765827631c513a0afe7577d84b66839ecce32353c176c32b39cdf6ef3924e

SHA512
ef47912bf9f395cf3957eb3a69ceb62684888bc321c1b5133dc677a056cdf5490b50b3ef06d5fdc3c801314da548c5813bb16c50cb7dece828aecac906cea6cd

Download Submit
C:\Users\Admin\Downloads\winrar-x64-700.exe

Filesize
3.7MB

MD5
fc7776eec30751e169e1089bc2a4c478

SHA1
99cdb78719ca97c7351aa75f1566224396d9033b

SHA256
426b7b38ca6de20f1f6535d2fa63c16e11780c7cd5f2ebc66ff9a0022e246e83

SHA512
bc94f526d4dd751a44071dd6f540f2957d96f5c6500d7e5bb41ec6581bb0a584a6bb91fe13f7a1d9c7749c4601b1fe95f2a12a204b73bdc9a37c83cff7ac35c3

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701b1.exe

Filesize
3.7MB

MD5
7ca6636054e389663e0dcd7ef76ee7e3

SHA1
8cf7704cf76b8be38b41955ccc32081eb2aa30a8

SHA256
becd40fe56241e618eca50dfc456c6fd7cdda623c9e42c1f27df2d7cfa8bfd38

SHA512
843fc055b65156a6d7dee72311a057385ae19cbdd7d76abbfb15203c41e5c8285cb43b20fac1fc849d348b3a412a2f5cec44aa4ccbb73e915a7517fb84738c58

Download Submit
memory/3400-4651-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

Filesize
64KB

Download
memory/3400-4652-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

Filesize
64KB

Download
memory/3400-4656-0x00007FFA77000000-0x00007FFA77010000-memory.dmp

Filesize
64KB

Download
memory/3400-4686-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

Filesize
64KB

Download
memory/3400-4655-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

Filesize
64KB

Download
memory/3400-4684-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

Filesize
64KB

Download
memory/3400-4687-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

Filesize
64KB

Download
memory/3400-4657-0x00007FFA77000000-0x00007FFA77010000-memory.dmp

Filesize
64KB

Download
memory/3400-4685-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

Filesize
64KB

Download
memory/3400-4653-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

Filesize
64KB

Download
memory/3400-4654-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

Filesize
64KB

Download
memory/5264-3771-0x0000000008180000-0x0000000008181000-memory.dmp

Filesize
4KB

Download
memory/5264-3769-0x0000000008180000-0x0000000008181000-memory.dmp

Filesize
4KB

Download
memory/5264-3760-0x0000000008180000-0x0000000008181000-memory.dmp

Filesize
4KB

Download
memory/5264-3765-0x0000000008180000-0x0000000008181000-memory.dmp

Filesize
4KB

Download
memory/5264-3768-0x0000000008180000-0x0000000008181000-memory.dmp

Filesize
4KB

Download
memory/5264-3767-0x0000000008180000-0x0000000008181000-memory.dmp

Filesize
4KB

Download
memory/5264-3759-0x0000000008180000-0x0000000008181000-memory.dmp

Filesize
4KB

Download
memory/5264-3761-0x0000000008180000-0x0000000008181000-memory.dmp

Filesize
4KB

Download
memory/5264-3770-0x0000000008180000-0x0000000008181000-memory.dmp

Filesize
4KB

Download
memory/5264-3766-0x0000000008180000-0x0000000008181000-memory.dmp

Filesize
4KB

Download
memory/5512-3457-0x00007FFAB8670000-0x00007FFAB8671000-memory.dmp

Filesize
4KB

Download
memory/5796-3439-0x000001BBD30D0000-0x000001BBD318A000-memory.dmp

Filesize
744KB

Download
memory/5796-3443-0x000001BBD3290000-0x000001BBD3298000-memory.dmp

Filesize
32KB

Download
memory/5796-3444-0x000001BBD6CB0000-0x000001BBD6CE8000-memory.dmp

Filesize
224KB

Download
memory/5796-3445-0x000001BBD3320000-0x000001BBD332E000-memory.dmp

Filesize
56KB

Download
memory/5796-3577-0x000001BBD7230000-0x000001BBD72E2000-memory.dmp

Filesize
712KB

Download
memory/5796-3578-0x000001BBD71C0000-0x000001BBD71E2000-memory.dmp

Filesize
136KB

Download
memory/5796-3584-0x00007FFAA7C10000-0x00007FFAA7C34000-memory.dmp

Filesize
144KB

Download
memory/5796-3632-0x00007FFAA7C10000-0x00007FFAA7C34000-memory.dmp

Filesize
144KB

Download
memory/5796-3436-0x000001BBB8840000-0x000001BBB8852000-memory.dmp

Filesize
72KB

Download
memory/5796-3438-0x000001BBD3360000-0x000001BBD389C000-memory.dmp

Filesize
5.2MB

Download
memory/5796-3441-0x000001BBBA560000-0x000001BBBA56E000-memory.dmp

Filesize
56KB

Download
memory/5796-3442-0x000001BBD3010000-0x000001BBD308E000-memory.dmp

Filesize
504KB

Download