3b117feed881152b4d0a4bb9856ae90521d2e9aceabf63b0126502483b4274fd

Analysis

max time kernel
316s
max time network
317s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
01/05/2024, 10:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SolaraBETA_2.rar
Size

17.2MB
MD5

f9e8217fedf29857bdbf27881dcc4f52
SHA1

1287993809b1643f7873573b6892e352df811cf1
SHA256

3b117feed881152b4d0a4bb9856ae90521d2e9aceabf63b0126502483b4274fd
SHA512

feca2ca549a330903af83498f8cd17994590240cef49e6b9d44d54813f451237f24d64689bf3115463c450b49587ec2d04c56903a728de16c1328cfc1bef0774
SSDEEP

393216:u9gLlxFZN4NrakRF9rr0lO+R+7fy72bbWkl/npNca+6Cd:n4htv63cr3ikVpN+rd

Score

8^/10

discovery evasion persistence trojan

Malware Config

Signatures

Downloads MZ/PE file

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Executes dropped EXE 22 IoCs

pid	Process
3444	MicrosoftEdgeWebView2RuntimeInstallerX64.exe
248	MicrosoftEdgeUpdate.exe
4924	MicrosoftEdgeUpdate.exe
564	MicrosoftEdgeUpdate.exe
2572	MicrosoftEdgeUpdateComRegisterShell64.exe
2888	MicrosoftEdgeUpdateComRegisterShell64.exe
4264	MicrosoftEdgeUpdateComRegisterShell64.exe
1984	MicrosoftEdgeUpdate.exe
4488	MicrosoftEdgeUpdate.exe
4692	MicrosoftEdgeUpdate.exe
3208	MicrosoftEdgeUpdate.exe
924	MicrosoftEdgeWebview_X64_124.0.2478.67.exe
4644	setup.exe
2552	setup.exe
2156	MicrosoftEdgeUpdate.exe
3252	Solara.exe
1852	msedgewebview2.exe
4600	msedgewebview2.exe
3888	msedgewebview2.exe
2836	msedgewebview2.exe
3236	msedgewebview2.exe
1820	msedgewebview2.exe

Loads dropped DLL 44 IoCs

pid	Process
248	MicrosoftEdgeUpdate.exe
4924	MicrosoftEdgeUpdate.exe
564	MicrosoftEdgeUpdate.exe
2572	MicrosoftEdgeUpdateComRegisterShell64.exe
564	MicrosoftEdgeUpdate.exe
2888	MicrosoftEdgeUpdateComRegisterShell64.exe
564	MicrosoftEdgeUpdate.exe
4264	MicrosoftEdgeUpdateComRegisterShell64.exe
564	MicrosoftEdgeUpdate.exe
1984	MicrosoftEdgeUpdate.exe
4488	MicrosoftEdgeUpdate.exe
4692	MicrosoftEdgeUpdate.exe
4692	MicrosoftEdgeUpdate.exe
4488	MicrosoftEdgeUpdate.exe
3208	MicrosoftEdgeUpdate.exe
2156	MicrosoftEdgeUpdate.exe
3252	Solara.exe
3252	Solara.exe
3252	Solara.exe
1852	msedgewebview2.exe
4600	msedgewebview2.exe
1852	msedgewebview2.exe
1852	msedgewebview2.exe
1852	msedgewebview2.exe
3888	msedgewebview2.exe
2836	msedgewebview2.exe
2836	msedgewebview2.exe
3888	msedgewebview2.exe
3236	msedgewebview2.exe
3236	msedgewebview2.exe
3888	msedgewebview2.exe
3888	msedgewebview2.exe
3888	msedgewebview2.exe
3888	msedgewebview2.exe
1820	msedgewebview2.exe
1820	msedgewebview2.exe
1820	msedgewebview2.exe
1852	msedgewebview2.exe
3252	Solara.exe
3252	Solara.exe
3252	Solara.exe
3252	Solara.exe
3252	Solara.exe
3252	Solara.exe

Registers COM server for autorun 1 TTPs 31 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
54	raw.githubusercontent.com
55	raw.githubusercontent.com
56	raw.githubusercontent.com

Checks system information in the registry 2 TTPs 12 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	msedgewebview2.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\tr.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Mu\TransparentAdvertisers	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\msvcp140.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\bn-IN.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\edge_feedback\camera_mf_trace.wprp	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_sv.dll	MicrosoftEdgeWebView2RuntimeInstallerX64.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\ca.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\et.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_am.dll	MicrosoftEdgeWebView2RuntimeInstallerX64.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\webview2_integration.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\identity_proxy\beta.identity_helper.exe.manifest	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\identity_proxy\win10\identity_helper.Sparse.Dev.msix	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\sv.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_sl.dll	MicrosoftEdgeWebView2RuntimeInstallerX64.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_as.dll	MicrosoftEdgeWebView2RuntimeInstallerX64.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\VisualElements\SmallLogo.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\VisualElements\Logo.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\da.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\mk.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\pa.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\et.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\edge_feedback\mf_trace.wprp	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\identity_helper.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\km.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Trust Protection Lists\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\mr.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\augloop_client.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Mu\Advertising	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\BHO\ie_to_edge_stub.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\identity_proxy\win10\identity_helper.Sparse.Internal.msix	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\msedgewebview2.exe.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\msedge_elf.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\gd.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\copilot_provider_msix\package_metadata	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Notifications\SoftLandingAssetLight.gif	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Sigma\Fingerprinting	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\dxcompiler.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\identity_helper.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\vccorlib140.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\uk.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\nb.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Installer\setup.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\identity_proxy\win10\identity_helper.Sparse.Stable.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\EdgeWebView.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\icudtl.dat	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\mspdf.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Mu\Advertising	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\sr-Cyrl-BA.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\MEIPreload\preloaded_data.pb	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\cs.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\nn.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\gd.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\dxil.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\augloop_client.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\oneds.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Sigma\Other	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\lb.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\124.0.2478.67.manifest	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\msedge.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\lb.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\te.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Mu\Content	setup.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	msedgewebview2.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590330876445307"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ServiceParameters = "/comsvc"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0\CLSID\ = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ = "Update3COMClass"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation\Enabled = "1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\CLSID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\CLSID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CLSID\ = "{5F6A18BB-6231-424B-8242-19E5BB94F8ED}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\Enabled = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\CurVer	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\ = "PSFactoryBuffer"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4560	chrome.exe
4560	chrome.exe
248	MicrosoftEdgeUpdate.exe
248	MicrosoftEdgeUpdate.exe
3480	chrome.exe
3480	chrome.exe
248	MicrosoftEdgeUpdate.exe
248	MicrosoftEdgeUpdate.exe
248	MicrosoftEdgeUpdate.exe
248	MicrosoftEdgeUpdate.exe
3252	Solara.exe
3252	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
1852	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3396	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 3884	4560	chrome.exe	86
PID 4560 wrote to memory of 3884	4560	chrome.exe	86
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 2092	4560	chrome.exe	87
PID 4560 wrote to memory of 1376	4560	chrome.exe	88
PID 4560 wrote to memory of 1376	4560	chrome.exe	88
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89
PID 4560 wrote to memory of 2088	4560	chrome.exe	89

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection	msedgewebview2.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2.rar
1⤵
PID:4420

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb947bab58,0x7ffb947bab68,0x7ffb947bab78
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:2
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4236 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4392 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4548 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:8
  2⤵
  PID:252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4808 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4120 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:1
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3820 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4832 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1192 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4244 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4992 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1916 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3244 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:8
  2⤵
  PID:4796
- C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
  "C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3444
- - C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"
    3⤵
    - Sets file execution options in registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Suspicious behavior: EnumeratesProcesses
    PID:248
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:4924
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:564
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:2572
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:2888
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4264
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkY0MTFBQUUtRDIzQi00MjVFLTg0RDYtOTI2N0YyNEE2MzIzfSIgdXNlcmlkPSJ7RDc4QjFEREItQjEyQy00MTUyLTlFMTAtRTNCNDcxOTU2MjdGfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0FBQzFGQzFELUU5RTQtNDcxNC04MzBGLTQwRTdCMjE1MDcwM30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTQzLjU3IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjU2NjUxNDYzNSIgaW5zdGFsbF90aW1lX21zPSI2NjUiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      PID:1984
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers" /installsource offline /sessionid "{2F411AAE-D23B-425E-84D6-9267F24A6323}" /offlinedir "{51D29A17-43DA-4144-BB31-B3E1AF5163BF}"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2704 --field-trial-handle=1820,i,6251767506276304536,3045005860130702857,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2148

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:4692
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkY0MTFBQUUtRDIzQi00MjVFLTg0RDYtOTI2N0YyNEE2MzIzfSIgdXNlcmlkPSJ7RDc4QjFEREItQjEyQy00MTUyLTlFMTAtRTNCNDcxOTU2MjdGfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MDZCQjJDM0UtRjZCQy00NjM3LTkxQjItNTFCQ0U5NzVGMERBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI0IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTQxNDQ1MDYiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1ODY0MjQwODAxMDAxNzUiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MDY4IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NTcwOTMwMDc4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:3208
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B7E6F0A-84ED-417B-BFC5-CBC62FDED82D}\MicrosoftEdgeWebview_X64_124.0.2478.67.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B7E6F0A-84ED-417B-BFC5-CBC62FDED82D}\MicrosoftEdgeWebview_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:924
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B7E6F0A-84ED-417B-BFC5-CBC62FDED82D}\EDGEMITMP_BBE03.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B7E6F0A-84ED-417B-BFC5-CBC62FDED82D}\EDGEMITMP_BBE03.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B7E6F0A-84ED-417B-BFC5-CBC62FDED82D}\MicrosoftEdgeWebview_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:4644
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B7E6F0A-84ED-417B-BFC5-CBC62FDED82D}\EDGEMITMP_BBE03.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B7E6F0A-84ED-417B-BFC5-CBC62FDED82D}\EDGEMITMP_BBE03.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B7E6F0A-84ED-417B-BFC5-CBC62FDED82D}\EDGEMITMP_BBE03.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6b18a88c0,0x7ff6b18a88cc,0x7ff6b18a88d8
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:2552
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkY0MTFBQUUtRDIzQi00MjVFLTg0RDYtOTI2N0YyNEE2MzIzfSIgdXNlcmlkPSJ7RDc4QjFEREItQjEyQy00MTUyLTlFMTAtRTNCNDcxOTU2MjdGfSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7OTBDODEzN0EtNjREOC00RTBBLTg2MEUtNTExQkIyNjM5Q0I4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI0LjAuMjQ3OC42NyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjU3NTMwNDkzNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY1NzU2MTc0OTYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NTg1NTg1MDgyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjYwMDI0MDQ2MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzAzMDEzMTI0NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlZD0iMTcyNzIzNzY4IiB0b3RhbD0iMTcyNzIzNzY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMSIgaW5zdGFsbF90aW1lX21zPSI0Mjk4OSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:2156

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2844

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\" -spe -an -ai#7zMap3530:104:7zEvent2324
1⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:3252
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3252.2192.14601662218080547375
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - System policy modification
  PID:1852
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=124.0.2478.67 --initial-client-data=0x184,0x188,0x18c,0x160,0x194,0x7ffb775cceb8,0x7ffb775ccec4,0x7ffb775cced0
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4600
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1744,i,7783165148395305822,7653779706756043234,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1728 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3888
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --field-trial-handle=1912,i,7783165148395305822,7653779706756043234,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1852 /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2836
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --field-trial-handle=2204,i,7783165148395305822,7653779706756043234,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3236
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3488,i,7783165148395305822,7653779706756043234,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Installer\setup.exe

Filesize
6.8MB

MD5
c31297188ec9fbaa60449f769339963e

SHA1
8502d9e0cef18137529f0a46ad6e69a1577e6cae

SHA256
2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9

SHA512
9525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
182KB

MD5
e0a4142f6fd7098661dd27f41f6b51d3

SHA1
b92bed61c6b66f958878f498d4e7bb3d23e8975d

SHA256
52496289bd868f12474d9dca3f063853923f541803388b427487ef63f52c6e8a

SHA512
42d071c4990cd2d5aefe53ba91cf0880810a003236675d7f251588a507d2654db332b940962479f97811b7b83f5f686f5ff662df4ffa124552fdb0a1be8d1cb5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
24e62a7c8d7f60336e60c003af843a87

SHA1
9576d1924d37113c301cadfd36481586cdef870c

SHA256
43f7de9fae6b79a844d7da6056ac82beadf028a347e227c2bc33d503f7eb402c

SHA512
34f33015d3e7cabdea2ef39f7f149aaf39caa534b188a34021e577d68bbc48d1d99b7b13a1303d4ebaf5c29fda0bb573f3a6cb171aa2db67cc4b25292eac4a36

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
215KB

MD5
8200a55843c5c0da5ca8e01f77038bcc

SHA1
cdf2588a010fd6ac5536f9083076c480e05eb43d

SHA256
098eb4c373a48ee49681d83f9f03e3701f6dfd5361b6a071242ca23b3162ee96

SHA512
10780aa7a9d2021f7dfa2273a641f64ca37a941ec5ef08486becf2422e76382f424f9aca03925adb964e2423322b62ba4ff87b4ae8731e7d5743ac82e33b75f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
261KB

MD5
8f559de7fab651b2a31caed79ac2600d

SHA1
46c7ce06e6592c391dfb54634b5caf136f5f6d7f

SHA256
a1b818b507c87bab9e3b4643ff68e6e35f05872ebcd1e8075a68a4cc87650df6

SHA512
e975ab0175a363c56da03e43730abfd0dc90e14a486a0f04ecb40c4f2279eafd29254ff69748930d102fb8480bdcbc86611105fccb18028f60e7b3f451c6a69d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdate.dll

Filesize
2.1MB

MD5
c1c4e3a4d49561dd0f6bc85f8062530d

SHA1
5394c3a4a2601a6bf7b06b5ae9119a3f0c95c974

SHA256
e9f1d362867beb3a767233de9d5af3a6e2762bb0627f291c6cb8f9faffb922ea

SHA512
0e7f6d2a29c48d99fb417c630287d8d9e9f0365f1c1f2e415f0fc64e12e577c9d4e93bf6573a589e88c75a9dc6c5758fcfd970588c3d187621f8aff8e5ffc5b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_af.dll

Filesize
29KB

MD5
bd6f3d4a46abc156e47fe0d6c312a203

SHA1
dedb517b1d75993df4d7140cea0a84afebbfb22b

SHA256
5294a6e08b6f9818e89931eda4a0bd4ac3949c3f17ff036c1c5e2a6de8df458e

SHA512
bee57ee4c14d4c93a125f5219894d10f68982e3f03fac8acc90f2f9e159553ed82aee373107d0ab3b6d5aac2ea8cd58ecb0138de8f6ab28d5d963c28d0d84039

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
914899c76f15e4eb33455f50f60e9e25

SHA1
a66113325b547638824d5fa020e4b1eb0c3a4a96

SHA256
5c0b6bcb983b3ec422c1459802c993219b66318e8b69ffb09f07ccb28f607ffd

SHA512
ee2699489c6496d9db21484771a957acff27e39f2535d74f91dd352432b33ff15581ce4d9023a7ae273b7f2d8729103c5c06859e6cbcdef2c6ebda32ebfca3e8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
b06ae2aaa639338686ec4f4445173ae8

SHA1
842f67cab1334871e81e6428d23827505055a9bf

SHA256
7e0fbc3af82b58dfc244d17d18335fac1c7e72d87d9593a359a2390a241450a7

SHA512
4b8bb12b11074ce21314072577a7172dec62926a7a628d6526db46062354ad23c2e76b2dcc93e489c9ad17bf2a1b3782d155193f1ea24eb50c8fa551d40486bf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
7310b6ae3b95e9a1ca5b60b3fbd619f9

SHA1
03fd7d4d53fd38cc8b48d837d5a43788a6bd8ea1

SHA256
65dcfc983496529b89c575451c6a897b4491f886783228526e06417499b124f9

SHA512
d012d3a27bd7ac166c3ec3614423b89216ff7dcb165d99462f01ac204117fb5afc525d448f8c250638f0ee11929e2c5be61447f83089a4cee9cdd26459656687

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
af0364c9356845870577374bc5609ea1

SHA1
be464b53d5dc8a31a32bffec2413081a330f0170

SHA256
813220adb207a07ec609a757a10217bccf22bd3742e3ca658324add81849121c

SHA512
68fecac6bf4e00fcd5c6c201c1756da13a3d87e4cbfa64fd2d1ab986bf3124303724f5ab9576bf33542d8a0f64d70069becd61182e4c6ab46801fe49a2e5be93

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
e3d3b90ed17afc3312b22051de516aba

SHA1
6dfd177bda02980ddcb21459969c8d21b4a42df0

SHA256
ee36812f90b3a1b5f72c512d44d312dc0d72404d98222bca8ea27ccc8ef106ae

SHA512
dbbe7499f0218e2628c357b5195e1f19349e79c53309daa972e294b19582c86d91a23b642c3bace74b0b7d7c94920931db7548178e0b7324feb29b0bae156a70

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
690f6eaa05e17f94ef59f988f052a4b6

SHA1
a3703cd237aa460e2729657a339febcbf8b8a863

SHA256
5a6dd9d9fdf372b723e8043881d4c39fcaa4f70c838fefbfb192f9c11b18fdf4

SHA512
47aa48f8de124d928c0b5d7f635909b3bbb6e640da67a0f014e00c238e06b060540b98a99fa51c9ce1c37baf9ee149502e05a753a25608b00ec7da39526f88d8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
93a91259d51cf1260bcea708c44319d8

SHA1
2d76d5f7afa1be815838e1aab109973006e3d0fb

SHA256
a1ab052c365976ae66b6b851a2282636c2c1f1b838a929e761f374472f0bcc55

SHA512
8c3d7bf11796adb998362343399a85ab5127f36f7ce64d575cf9918724e09a21ca8cae0cc0123290db5bcf6254a7b10d979ad0c2a7251c43529edebce85279e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
c7fb8690962bd9a9051cfb04b87d3ec3

SHA1
d843498bbc3ae01fc0f0fce13160db723696767b

SHA256
12330d302841d37fd8bb5b74df7d454062524fac88e954041ce485ac818122c0

SHA512
ed074b0890e5cfc2beadab8dab624687f2838ecebafc3da760e248c315201d2230ac6197e016ce480e1798d34e6bd2329e5bda2ef2d329207f1ed7f9d00491aa

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
97dc17c19ea5196783b2a20ce423697a

SHA1
693744a6f679cb111fca1134dd5efddf90b4b13a

SHA256
05b78e67f9400c654ad368d3e63b988602cb2cb89ad486ea340bfe05acefa040

SHA512
cbd980f7a99244bc47bf631bf6e661adece2c5d3f998172cbcdef59aab9cedf8226f15222cc9d96c56153c08d2424de70967dd96b76ab629492e25ca8660c974

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
6212f397ffe20c6cef27ce0ff4fef439

SHA1
7910895fb0b9ff6f954ece32aa069507e6914a45

SHA256
e94189425823ef69f9bf1f3cc133c23e67ad46419cc455a21d4090bf73a11ea6

SHA512
5f04d8c9bd0269ba87bbf4b6a8af07ba426784c08b0a88af4fda3555e1c4e192b56db3c6f0214433fed23675ffde8b0590e5b39bd6b1011c2aad71599ec47ed5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
85f99091263667f3b5e10ef585c6e31f

SHA1
de83594f08a9cf2df74b4100827d2a68d0304961

SHA256
c73bdd7c4c4d89f9e0c6827f4f2feb78efd4cb047253aab3cf48412b9a78fb7a

SHA512
272d8d8e45c5c9d96af41431747b09814b11ae7b08955e598b07f639277cfee8cac11455db43530d78a85ecb095ad83a8735d3e80f0e745629b0091fb0b8a2ad

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
6ce4b22b621bf021bf79117a13118280

SHA1
1b35ca44973ac7bbdadc4d6f3d160ab15ceb47f7

SHA256
7aa813b3bb3fbbec5d56da83d5b1db923be9c365511b1b02588336213fede938

SHA512
f8deca730042198c2b4fe506b6ef1af62b0e1dd1983b9e92e8d4247027f30d07cec7ff097a8304226ff96cdd528208961754d33403f20463d0b6802ade2cfde0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_da.dll

Filesize
29KB

MD5
bf382a14c9546ca8a6311f6b5df66d75

SHA1
10b61ba1e20da2b1b01e760caaa179256aa844e8

SHA256
5e516cb414cd8adf278cdceb2ae537cfd7c49c277cb5d7718bcf97897350ce70

SHA512
0172c495cc6213b073056dab89979a05ae9eabb7a04d2cc7c16206628f7eb98396909a1914055575b0edde75e53479739c54eae1b9282eb96172930ee10935d0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_de.dll

Filesize
31KB

MD5
642225f16e2c841a23eb51dfc6e0e1f6

SHA1
bcb8ed686351cc56f8c5c326b1032eea7e07c4bc

SHA256
95643c34f8ba13738ad3d19a4eb6cd52eaf39f55cd46b21e148627866b4ea30f

SHA512
d9fe06e5a81dbdb457f93435966e4321c1b0020e68ca0c466d870e599206a9f1b245653259a051e885cd8b88117881456d248308d278af86e6b3f75f41918b1d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_el.dll

Filesize
31KB

MD5
2c1b44a6c27b8510335dfe8c22d01840

SHA1
e2c291fbf5a709a7a1e3c5ad507fcecf25e11554

SHA256
b15d11ec96c712d102125d2e1de19507889562f857910e6f76a400d412c4afe4

SHA512
adc4171a9335721c13d9d4c71ec0eaa3e873ec1729443b258eebe9ad723380bbf3eb912415f650ac3c8a13d31b658acbcc8cfbbb6fc6453eeb82b619a35e805d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
985d279b815e130a790eaecd697bb5ad

SHA1
bed21cdb6b3983a86fc7fd3d4e0bdf2a7690807a

SHA256
22a5f81e478dcc8d54e0a0ca10a66ff98117698883d9fbdee36a110d6554f14f

SHA512
018c9dd127a8b8900236c4c10c7770384db82946f6f1646878683960dee06b150558e52bf55a8003e7467eb9b1359d24f081539c644b7c11efa5e661e645ba4e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
f5f1ed2d55637a183674959e82cab3c2

SHA1
9472086a62950c6b40e1ecefc1fda4573e36ef3c

SHA256
cfbe36dac5d40f221f377aeaf2e983dc76ab3667f4672676a8fb37c7bd4f9fbd

SHA512
9c4635f791608f815e359ce49f7535bcaca404dd4932efb23f638bc9900cd77854b1d38b5ca60e5dbf3e252cf06bb179b4d9a77368b524233117f48bef345013

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
67ca727bdf1e5fd6686fe3e6c1b1d43d

SHA1
d3ee7ce26c3b1eb4e0fcd5af6f83bbf3c949e8df

SHA256
c54a461e2eeb79d7462a4f3810f720835a2827ca752282c01520b8fede5c65da

SHA512
68e93cae35433f27593f92d1741ba98a430c6a408394de4f10ce0219fe8213e7878df71747c597c7384660ed696e35dedc08a1d15d5175f9b781fa70d92a3dfe

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_es.dll

Filesize
29KB

MD5
4dce98d8ab8857371dc4f787c77b91b7

SHA1
9d8569edcb1af0e122e5293495f94b388a3c6f3d

SHA256
7b79d2f66bdfea60aed02eb60f3d28d396c23c147e1d42f3f10a82b5d3afeb47

SHA512
6f4ec5f3fc6f5dcc77d2e811b9fbc4dd00dd15385739888e81835624bbc5e5d32c11eb23bc5dc4e6e9c2b66c77c923efd7edb81f9d8b88b446ba244455881fb2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
28777e8a0de15e07d365f375b71796c3

SHA1
4f3231a68e7d4817c5f6ab20bcfbc208ba63b6ea

SHA256
571aa6917ccbfe221dbeeb485b9f9b358dc2b3ec72271854f880fbadeebc9665

SHA512
87a14421ba72f5255d568c1be6f8e108db587525909ae33cd84526714ff89a3ea2bf9c9a78c11718fc3f22c0139ec2bb4d9cde2327cfd4a8dbdd51e992d7381a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_eu.dll

Filesize
28KB

MD5
7ee4925d3b4e4116b0b4d61a03ffdc96

SHA1
7f6e1116374314527100ee854ef5befcb962ce77

SHA256
99fd8800699829fd0ad767eff54dafeb913a6261ccb5c31825fdef6835653ae9

SHA512
c6ef896870d427fc2ee783bc38b187fc5485dfa9c29f14f4b044b060f2385b445dd051c83a9412d3fde79f929755239061ddcefb012f8fc38ce257c87dd9a8b5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_fa.dll

Filesize
27KB

MD5
f1e551e10354047b68ec1aa1b36327c4

SHA1
417b267661838c0626a74e1232154d8245c4bb0c

SHA256
171ef4f700c8bdfe146e9ac7306c72b7a41153796d23e526aa6852a150207463

SHA512
674ba129c8e1b2d9dc57e77595a994afd8e19f81cff86dbd749c855aff1ffec9c7e9920e1d45b193d83ec6f20ee4fe5966415006a0dff357b471d97b271fa067

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
73b893cd1d2d759f98944e8809db3ce4

SHA1
70fae4564f9eeb3c503a13eebbcbe725e9c2caae

SHA256
bc9ed2615e5e6c185c20bbbef898e5ba1543b6dedb15330080dc41e74a0a5df1

SHA512
255ef2552a35cba6fd41b53cebee1b9749485017a053668c1271aaf0056bd08107dba6c842a926c83d78472c92aa92f54fbd84678557dc911d20fc190ee242ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
06fc13625ead1257583224eae1afe1c3

SHA1
02f3de2d81c4c2868a73211d8096ae79c506d846

SHA256
ef3f30691b45838caff42db92a4d6cb8857c8c36ba4b3ed9bd600bae8dc0fcf6

SHA512
b2fb89890c6ebf54a325bb1023194f461b532f94113b3ddbe337aa556b0db38159643c57e41b121b3bb21c4e547bd3e89137462a3fa29608e0dbcba00aa9cae5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
30c5a417363b47f3a58d08e44198dd17

SHA1
1e979631e34cefee21b8a0e0aa22f4dd6e30dedd

SHA256
1e76475df6a8a5889f0757584787112745a3775c8dcb04257a4ec0a2cfa58b9a

SHA512
691e25436186bbda91b471b5451d06950943e6efe653362be50a3f0d21f341f4b8f751c617f39ab04571d92ef93c04b9db04192220173b66d879cbd5128f7287

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
46b4263a73c35d717d65eae93c781f81

SHA1
3f8678c63d174aa8289d20b7f821a326c33ec07d

SHA256
88661266d279b161264678af48fbfbdcaf28b1f8821336b3fb16e2126c5e5e11

SHA512
3453b80619277b9efe19f2302a2a2c94372ed2ccec2a01d07741fe037f64e93b281757669750db8e6cc2efdef96b0eb1e373211da51ab887d8f0eb748931cce6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_ga.dll

Filesize
29KB

MD5
5381426201e98d1e6efd86d24e341f62

SHA1
2b2df88be65d0512e140931c2878563345c77dc0

SHA256
e3f7c7d612945fc79d2e47872898ae3831d4bcc73bed8d24513780612fbc0523

SHA512
9e6aed7dcc33f7c9e9a888da580c2d1e4732e3a61a04bc7e682c11aea53391c82d849e341a98edff7d4792b2d2f5f0e61730d12e19fc5b2a77a5a1087c2b9fab

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
6feb8258912fca8354160c02d70de767

SHA1
d04f918370da6a637f5a032c8bb616ab8d0d9b64

SHA256
6b13e8b6149be225e7f35fbccfd84cedeed9219f06b70630db6bf4be598fa25d

SHA512
f69ae204b6569b1cea77fbcaab30d556d325fd18989a347837cd08eb669dbc6bb7794820cb3028f864be7109af84c8532525242063fc2d1901f588fb458dc02a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU45E4.tmp\msedgeupdateres_gl.dll

Filesize
29KB

MD5
75c582abc6e13902afae51da71cdb3ec

SHA1
0f1813d9992209d9fe60bcafae8f8652658832eb

SHA256
587b4af55922cbf961852d0a9234c77eebf0ded6e561b18b09bdb2b2d8b2190e

SHA512
7afa52772caf93df7cba83fcffb8b427860dcd92fee4ac732f42b5db11c3c5ef086b212bda555cb095e23d89669e0e8a31c55ca59d9b00e564c5b7ddc43de4ad

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
15KB

MD5
0f6f7a620c03ca2e516f816c37986947

SHA1
a64932c16407c04583cd1807629fa6c4e47f30b9

SHA256
7389fa0527066fd5c5153734f282b4031667088df214a40fefdf2ee7faa85e35

SHA512
6fe833f92d0f397cc50443c4dc201f2c4b4faea79c5ba6df8a7680fa17ab3436130b81bb7cd138d0f51af5b652d95ef9319c9b068e484ce8d6255eda5a893f38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
7451022af59d97b65f3ec30bd924a02e

SHA1
40a2f56a7b4084d31bd62c36dc6ca020663aa72d

SHA256
24b993d79dc070be951c5d09dbd0e773999b271038f79cdb3bfb7af8ef5b633a

SHA512
9743b634430a2291bf15a10c0188e6f553f6df6caf9f49a60ce0cf3b89af695691aaca278e5357fcba5d179c5bfebed460c1563fc4c63ab3bdf73a838f148070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
0ba38b4cc7c965815069522b3d106db0

SHA1
40f430788496fbb9d22f2bb4ddac8668cb3f0864

SHA256
fb9b68bef07fc5ec42826e722c78199ad71fe1c5ce9470586f32c5d12108a73d

SHA512
1f5f82bc218f750a54cd246b0f7d72bd5580d8753f5dc37c0b5b7c576d032b4c7ff8e6ab555189112cc9709bf45cb9df3f2d60bee04af946e11894689e601ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\96d3f90a-6734-499d-b392-8ca7443ea141.tmp

Filesize
356B

MD5
3b6d28175b2b6053e91475589a5a331b

SHA1
d21d672e2129d3367756d965fe95d526c796bcca

SHA256
f3163a3760afc2ef26524cb66e50333b7cb3e7b58900354754f2de53dc375781

SHA512
a1a07c64781c2b44172774b76c538b2c6fcbcd255889ae57915265691a359ed5be3524e82abb8d86de11275f67893c1628a8972b9717e6d9db72195a2a40589d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
71d53245737b5f554face723cb5a1784

SHA1
66968f9496bb6719e2ff8aeb13efbbdab29df307

SHA256
3309a8a5b2e04c9bf65375d9042618b83d9502e56ca50cc19d828efe468e15c9

SHA512
17f93c65bd29f5082a3540aa14937c40d5991d7373e83b312da47c16406a04b3c3e6da0e6a12502573e7b79785a5c8dbbdf2cdad7234ac0cf9f3b86e9b6a5556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
acfae60620925161fd28e532abd19c45

SHA1
18efe176b9e1ffdff378657a834fd23998915116

SHA256
bcd2394cc78aa8855f7330c1290e36b6a0d61912679537ad82ad6db544feee0c

SHA512
a391b829f46a236b91a57eadf906139d0116e4d480aca1b6b1833e58cba549b0689a58443db5412ad7854eee4bd9729dfa9beb88f8877e07b15baa944b6d00ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ede334561450d701763b1cb4a5131854

SHA1
6e791ee5754443e6d587212f1dcbd5a60f3c6ca1

SHA256
febd2db0f5862b8208f75c21c76466232816710b760eec182d3d8596f7060a66

SHA512
a485080c6baf36192f81f68a6713ecba1e52a9c1cf1b3c17e66f3aa10e159c3339a1a1182a86e937a44907de0c18f49a7ca6e92c934968d59261445bc755fccc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
07c0240ebbbb440ec6d1554627c28297

SHA1
c93793a4481b061973318398850500c1eb25c966

SHA256
8096d6c142b7db656e3767b7ecc941e92c70ecd8b2a9754e0960f336d1b6aeba

SHA512
3a65f5640c9f24f50cbb2d2418ecb2fc17c460d20d560e8a6f699a54fa062214a655a613b2af3d58692b16d18596363134936e5e59c232ddb53c8201e49c6977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
f2ffffe7e7d375112ebfe8f83bf1dcea

SHA1
aa5d58ae608e4cf05aefd1911b50682dca0cf764

SHA256
ffab3f14428f4bf720d197d89ac102f38a01af34316fe14ccea774356c224885

SHA512
b6492ad8d409a29882310fdf365cc119c0e77a860f6c528328b258807e7dfb1b074ec6dc95849e687f5ac9e8f153d51729dc3655d29885089d3cf97971c48bec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eb41fc325e61eaff082aaab3677c6289

SHA1
6644026e1c12cd9ec919eb41d2c64156bc03630e

SHA256
c380de45384c7729d5493159ddd06d3c0f29d80431e0b64e38e7945b28c939ab

SHA512
acf7b2315c6a2682f36f51307f61b0d4d7e2d6cfdd63adb8e8f9c2e88167b7fbf5a7f81b30feef1c7d80ae22659fc2ce959f0d60aa166e07c4bf3e36ac2a6725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d8ec24267bcbd4353ea9555072b6de88

SHA1
0a7f82138cb736abbabc57f9b4150653a3b91dbb

SHA256
7222c6c653c505da9598c201a13136ad0a536cd49321b534ab570f959c54e8f7

SHA512
ae564808199717cf4972140f7d01220a582da8b054596ce6627c869cf4398a9639d1f9639046d7a679c70b39334b058843bb4b6a7909bc61d17cc7838a33e8e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cb68e4d22ea83f0bd0bb796dcbfddf09

SHA1
4971afc9ad0a59d3ee5dcd1f1b997e072166db51

SHA256
eead4c65591c18a3220a37c2bcbc070a7d55d81d9eac98466d9723e6fc5f92be

SHA512
6f08947871be79b3a6f8a251364498bbe0540008485665e30b5469efecfb5d826c1a867dc738400fd2236499209f8f40a820ad93b65ca1c663f4c5f00e96f598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ba9e3f84d27a3ba126d5c3f48acf3816

SHA1
4714969a5fe9c4f197e2dd12505a37c81b7a71c1

SHA256
31ebd0eb285aa61b66e0ab4e76de490031c8995949504f513c03b4c4b75a5f10

SHA512
e5b0fe9cc4f37dc12f211a577b7e81fe9c1ded0874d8aff6bba6e7816694d62f7d17921485df3cfefddb4639a895e908618268e85f1219bded92fe972aa5f1fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f3fff9cdcced0f01e778cb8623219d0b

SHA1
f570409bb2f4dca67f9a899d7338bf6b95ee8716

SHA256
18a1a8760b21bf1565766b638341d9f3926130af712669748a7137c3b7e126f8

SHA512
e430a2922be0f925ec518d8b991a972d2f38df1a214d51bfc22ec72944efdb8499ec98cb30b37b9d3ee45de7415acc083dead0d9062bd947e7f53d1ecf8c000e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
df520e33ec856f054ec4f90caa798d81

SHA1
23db2d5fca5da0855bfbe87cf4a9cd89302febd4

SHA256
a6241978b03dd27e1efc536cbd288c3fea10c5f34cae6caa596077b05879f812

SHA512
8e8336a6d71453b8da4fc0a2c772e7db131ee28116821d913044fa2f747bf07689b0b5707117217f77c253eced7a8791820089be0e0fd77769cd56cc8d0bf77c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
71023b63feeb18f512a7a28a1ed0db94

SHA1
c5929891606ec0113193e16db56d639558f234e0

SHA256
898f9031854eb2b90584a06b8fd6e489ba234f62d11841bb2a356c2dde58a08e

SHA512
093bea02060b258c06de6d4f3fb987eba20f3e53dd05265bdd9cc5e202d6f515e8b5c66cb24a818600e99a67b64489f4029870b42a17bc12d13faefa49c0389c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
988abfe963b65c08e57a1852c0b0766c

SHA1
350e9861ccac54f3968b0b4588e46058cb58dce3

SHA256
32f79d83e4e49b3e8be325dd864fd7bf69e3c3888527c37936c3390f7c42dc15

SHA512
ce59d78787cd84bd2f027dc54223028c5193ebe11785ddd215268279a35261716a8d19bc75f8bf8b97b0e793e048ffcf31639c0fc5db0023b5f8c3bb0d819292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
3e7d2d205dbc1aa9befa4339d3cb2a0a

SHA1
414fc13e80e419ebc9db0a78d207417176ddc87e

SHA256
bf3213fffb65623ea9d93f5900cb34af1f15746a4e2a50592dff55017fcb8a2c

SHA512
b92b0014ce91eb10b507c522d0836a59e905d078df269d32bd26903cd8679a1184c2db2d7efb02bd23fef36e2b5d4f107a721e148ede7edc0e00d2913b73588f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a0e49.TMP

Filesize
83KB

MD5
2a09328629de3ab5149e88da7888d60d

SHA1
17da4964bb42d455c0166972dbd503677a1eb60f

SHA256
83c33e9e2f2e9be4332d6e3092a1743364eb72a2dd64f122eba480bebe2fc52e

SHA512
61e40c9010003462ce6bf4c76085630c095e4ae41259593790438b297e0f4e5f27c39211f3ea4cf5b5fe679eabe46db7beeedb42974679c98cf260dada5fcb68

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\00e8c58e-268b-4234-9051-71be18c013c0.tmp

Filesize
19KB

MD5
ce693a1e7e2b6d86762f837ad2306888

SHA1
b954604ea905a5d467100b15fb3d705180d20272

SHA256
33725dbf133ef9a7399c13c6f64eda276a243e3138df5ad295dc4e2fd955e083

SHA512
ddeb14bd5d394ac3318e8aa05452d3f9a179f4088aed3503180a6657cc82d6a42c3bcc176ead6aea0b8e1c58f64634fd79db106c6854d64c16416d1c4a62bc96

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
f8058cce5851daab684ae71563ea6c89

SHA1
b1f8a591a7f8f1486131fdf2438d84afa8b3cdc0

SHA256
9972da59971932c2518c6cbe92915fcf8a422c3aa26024ec5932e2e9bbe0a529

SHA512
f2b2dd50f5f1ab6fcfe6b97af78de59459554dab377a2b057a3231280ad15303d8d0e60ff9d9349edada73045a40e63247b9146f3fcc69def85b38a1b43dbaeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Network\TransportSecurity

Filesize
356B

MD5
ed4f24d1641fdeabc167c8ad45f1e983

SHA1
adb28f8c827c8cec32565c88afc4fcd78bc8161a

SHA256
d67f78a4074122f682fec580d53b0977bc87571f423bb622252ab92882321215

SHA512
876aa770d5b5d51efde37b12ca8cafa41fc8f84c1fbc06eb2dd5a2837aea989c96ed69a6016989adcf1363752171ffd319766df7995ef8447ce6a81b107cab69

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Network\a80cd417-d667-4858-9fe6-d9fe7173d3c2.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
8KB

MD5
a1c270efa492117b6dd21aa2493b42f7

SHA1
ec46bb5bbcd62851035e77cc101a5db5de6bb247

SHA256
02ba42b64d5836baf86260c87db9609c5384348a490a79a70237b6a1b6977584

SHA512
eb390a33b78f5f02096bb4aac4a7ad6443403d42474caa989b62f0b431b524d5a63d1e8448c8d3166ecd84b23cfb891c79036fd580b4abddab83cab7de976f28

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
8KB

MD5
2e9c9c42a99e5da5645d3637d197c305

SHA1
284507b5be477e5528be477edbdbd14622c419a9

SHA256
3a3e4c6f3e89781a4993017ca656faadc4cf747976d0ab968d4e61ff9051882a

SHA512
033f0c0f94bb3f141db18602a570a5798a1b20fe7752054cfccaad5e75e53c1cacebfc960ca09e4ed85e3aa527d1cfc0093a38dfd19e4966fbd83aeeb148deae

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Secure Preferences

Filesize
6KB

MD5
430ec2f3fcf4bc813c3492dffc2d61e4

SHA1
c906cb8b4fb1f9b9f24de7f6f2be52625ab88834

SHA256
a0b50e4bd2510b0959d1b8f27deb5e5016811989f8c3b4f624004477ce85734f

SHA512
85016303bcfbb121e89357ee9d5bb184449421d511fef1183eca6f084ad7ccae3cfc1a1d6fd98e43dd7b85eb42070896c12235cd474ff30445d7ff535a6749e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\GraphiteDawnCache\data_1

Filesize
264KB

MD5
f879b4106e4918ffd7c7321eadfc8897

SHA1
1b7bf5e81e0127e4073830e8252772a146161f89

SHA256
872ae3c16c371716c520601ed5aa97cbec7935206e17b70948d264bfe65d924d

SHA512
8a961792e7b2a40739cbaeda680f0563d067d1c18732225a14c63633930e112a383321a3c2f827c2d0836782b5df8f8f8f74b33b698567e4569875921c04342b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Last Version

Filesize
13B

MD5
74bd4224363cebca955afc92998ff33f

SHA1
1ced64f905e5c7207fc65c9259eca486b14a8d22

SHA256
0e56a94d9c4031c9321db88c23baaf5a18e8b9c38e00d912198877276a55e4a2

SHA512
4c5a660420a588e3c2c2008225d95ffc68d1dbde2b3833c83dd474b684bfe4ec5eac56a16b1df820823be0c9f2c82152e6f379a631336386794ff39961c2ea31

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Local State

Filesize
21KB

MD5
8e602eda74e2229dda5c532dae8a4b9f

SHA1
bb7b2841b86d44667c4e08a87d7dc8f7b2859c22

SHA256
b964049a743d97b11df4862521d1d9144b44ac2aae6087b52da7e93b418ffa57

SHA512
0b40c6f67a0e7d4e411cdce3653158b1b4d3815d5cf101d621cbd805ecd89a3748d0e6a46416182313694dee5679bc4d897e9678566e795d3f0d263dbaee9633

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\WpfApp1.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\WpfApp1.exe.WebView2\EBWebView\Default\Extension Rules\000003.log

Filesize
38B

MD5
51a2cbb807f5085530dec18e45cb8569

SHA1
7ad88cd3de5844c7fc269c4500228a630016ab5b

SHA256
1c43a1bda1e458863c46dfae7fb43bfb3e27802169f37320399b1dd799a819ac

SHA512
b643a8fa75eda90c89ab98f79d4d022bb81f1f62f50ed4e5440f487f22d1163671ec3ae73c4742c11830214173ff2935c785018318f4a4cad413ae4eeef985df

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\WpfApp1.exe.WebView2\EBWebView\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
26fc054d6e2537d0eefc2adccd8aed48

SHA1
57d91cc39566739e53ee686fdf54a54db586225e

SHA256
f1f4cab488693f20a1daa0d0d9bf8d5f4bd066d939fbcb78e3c1eb5b44582e4d

SHA512
b674081966ad1cf5318e3e86c628c13cdc67bb53cbea5a49992551033fe9730206d7133aaf0535c95a6245a2e20522a9ea9bc7c414a72cf08be8f5c2d81611b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\WpfApp1.exe.WebView2\EBWebView\GrShaderCache\f_000001

Filesize
16KB

MD5
93b26a977cf99c9d7038ce067f3f6c19

SHA1
daae119d188382adec6aad4c5c34c64adba38ca8

SHA256
63c283447cef315cb5165e4f0b879f2554c854f8de5b9919d2578441b4f92e80

SHA512
c3ef41ba6bde3aa36479efae3f15c9dc45487615c58a240728b03b1c2b06e31c14810a1344a22f923387c33de731ab70994c3265a023c13dbaaba3f829884464

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\WpfApp1.exe.WebView2\EBWebView\Subresource Filter\Indexed Rules\36\10.34.0.52\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\WpfApp1.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\WpfApp1.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA_2\SolaraBETA (2)\WpfApp1.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe

Filesize
170.0MB

MD5
f53055075e8e2556e29803bd535c6a59

SHA1
168bad689cfd7530949059b0f3256c578462fa1a

SHA256
2d36895b78a413c31ec160b2d59743e0961747a38e6a142ccb2c697f83fd85cb

SHA512
16c6d242b85d85f8c4f0fefd2cc13040ba64502678e273e2931dd392133136c0ea36f74a12e2da2e2f7ca11bb554fb6b71c4b763559584dfe968f41b3ab4526a

Download Submit
C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
4ec28f3c198e28697a3615dc0d98d54b

SHA1
5fba2fd13503f88a80572591efccd365a034f2a4

SHA256
d088770c6638cad248aa1b1a739a3ff24c297ea6631e9e809b860f45aad6147a

SHA512
169e3a86a28b5afe14511cd926841107d7d0a63369cb12ef2a3155cf9bcd2d6f1c324a7611fe0e524b70a0f03d58a840058d79b7242caf4a0f2b3b598da7ca7e

Download Submit
memory/248-552-0x00000000008B0000-0x00000000008E5000-memory.dmp

Filesize
212KB

Download
memory/248-519-0x0000000074F40000-0x0000000075163000-memory.dmp

Filesize
2.1MB

Download
memory/248-518-0x00000000008B0000-0x00000000008E5000-memory.dmp

Filesize
212KB

Download
memory/248-546-0x0000000074F40000-0x0000000075163000-memory.dmp

Filesize
2.1MB

Download
memory/1820-1997-0x000001D3E0410000-0x000001D3E0788000-memory.dmp

Filesize
3.5MB

Download
memory/1820-1946-0x00007FFBA3D40000-0x00007FFBA3D41000-memory.dmp

Filesize
4KB

Download
memory/3252-1924-0x0000024BCEAC0000-0x0000024BCEB7A000-memory.dmp

Filesize
744KB

Download
memory/3252-1922-0x0000024BB42C0000-0x0000024BB42D2000-memory.dmp

Filesize
72KB

Download
memory/3252-1923-0x0000024BCEE50000-0x0000024BCF38C000-memory.dmp

Filesize
5.2MB

Download
memory/3252-1925-0x0000024BCE8D0000-0x0000024BCE8DE000-memory.dmp

Filesize
56KB

Download
memory/3252-1928-0x0000024BD2710000-0x0000024BD2748000-memory.dmp

Filesize
224KB

Download
memory/3252-1998-0x0000024BD41B0000-0x0000024BD4262000-memory.dmp

Filesize
712KB

Download
memory/3252-1999-0x0000024BD2AD0000-0x0000024BD2AF2000-memory.dmp

Filesize
136KB

Download
memory/3252-1929-0x0000024BD26E0000-0x0000024BD26EE000-memory.dmp

Filesize
56KB

Download
memory/3252-1927-0x0000024BCEE10000-0x0000024BCEE18000-memory.dmp

Filesize
32KB

Download
memory/3252-1926-0x0000024BCEC80000-0x0000024BCECFE000-memory.dmp

Filesize
504KB

Download
memory/3888-1934-0x00007FFBA3D40000-0x00007FFBA3D41000-memory.dmp

Filesize
4KB

Download
memory/3888-1996-0x0000019A300D0000-0x0000019A30448000-memory.dmp

Filesize
3.5MB

Download