623297ad94e0bbeb1be875922e8e41883fab4ca577ed92698750dc9980b97026

Analysis

max time kernel
131s
max time network
135s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
11-05-2024 09:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ZHacks____SolaraBETA3/Monaco/fileaccess/node_modules/depd/Readme.js
Size

9KB
MD5

42d9d887a8cce3b2ab9c8da4faed33e3
SHA1

dee99fab95a6441191c709b010babb1a7015b575
SHA256

11deb26eafa25a465ffb8a8e3c28195eb40e679fda52b760132dbe9c9b21fb5c
SHA512

d9b07553c1c5fc505732d1435b81accbfe5d164728fd0c7ea0e179582bc6f4fb9da7047e119468e6431903dda8564d4a26608cdfab5e2f7344d2f56a25b021ad
SSDEEP

192:pC3g93tCl7wTGdJfXkSCbkIwtN49jTgokqtEnKwGqM0J5GcTYGphchGvna:KM960TGAS/IwtN49jTgoksEnKwq0J5M9

Score

7^/10

execution

Malware Config

Signatures

Loads dropped DLL 2 IoCs

Processes:

SolaraBETA3.exe

pid process

3540 SolaraBETA3.exe
3540 SolaraBETA3.exe
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

pid	process
3540	SolaraBETA3.exe
3540	SolaraBETA3.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1230210488-3096403634-4129516247-1000\{00ACB71E-E0F5-445F-9E3B-0374C9D4D9C7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\ZHacks____SolaraBETA3.zip:Zone.Identifier msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\ZHacks____SolaraBETA3.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid	process
4920	msedge.exe
4920	msedge.exe
1304	msedge.exe
1304	msedge.exe
2216	identity_helper.exe
2216	identity_helper.exe
2800	msedge.exe
2800	msedge.exe
2068	msedge.exe
2068	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

Processes:

msedge.exe

pid	process
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe

Suspicious use of FindShellTrayWindow 44 IoCs

Processes:

msedge.exe

pid	process
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1304 wrote to memory of 5008	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 5008	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 1836	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4920	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4920	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4956	1304	msedge.exe	msedge.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\ZHacks____SolaraBETA3\Monaco\fileaccess\node_modules\depd\Readme.js
1⤵
PID:2652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe8,0x114,0x7ffd6ba13cb8,0x7ffd6ba13cc8,0x7ffd6ba13cd8
2⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
2⤵
PID:1836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
2⤵
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
2⤵
PID:5088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
2⤵
PID:2260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
2⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:3116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
2⤵
PID:4200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4476 /prefetch:8
2⤵
PID:2556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5016 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5480 /prefetch:8
2⤵
PID:2512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
2⤵
PID:700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
2⤵
PID:712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
2⤵
PID:752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
2⤵
PID:4204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
2⤵
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
2⤵
PID:2088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
2⤵
PID:1368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
2⤵
PID:3740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
2⤵
PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
2⤵
PID:2924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
2⤵
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
2⤵
PID:4232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
2⤵
PID:1848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1808,16790896354592314620,7880236065016841180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6432 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:664

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4000

C:\Users\Admin\Downloads\ZHacks____SolaraBETA3\SolaraBETA3.exe
"C:\Users\Admin\Downloads\ZHacks____SolaraBETA3\SolaraBETA3.exe"
1⤵
PID:4916

C:\Users\Admin\Downloads\ZHacks____SolaraBETA3\SolaraBETA3.exe
"C:\Users\Admin\Downloads\ZHacks____SolaraBETA3\SolaraBETA3.exe"
2⤵
- Loads dropped DLL
PID:3540

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8e1dd984856ef51f4512d3bf2c7aef54

SHA1
81cb28f2153ec7ae0cbf79c04c1a445efedd125f

SHA256
34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7

SHA512
d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ffa07b9a59daf025c30d00d26391d66f

SHA1
382cb374cf0dda03fa67bd55288eeb588b9353da

SHA256
7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb

SHA512
25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d
Filesize
199KB

MD5
585ac11a4e8628c13c32de68f89f98d6

SHA1
bcea01f9deb8d6711088cb5c344ebd57997839db

SHA256
d692f27c385520c3b4078c35d78cdf154c424d09421dece6de73708659c7e2a6

SHA512
76d2ed3f41df567fe4d04060d9871684244764fc59b81cd574a521bb013a6d61955a6aedf390a1701e3bfc24f82d92fd062ca9e461086f762a3087c142211c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
e9fce52e3a740a40b153cf3ca8bc0fb0

SHA1
17dfb80cb828566fe3dcb86a9fb6894b5f5441f2

SHA256
5cb9a38f6d206d08a7b51f89541e0461d42d5f919e0a06d92f397242c044fc5e

SHA512
11bca9de4638e034441ec8839e1ed2531774540bb4c6105e5478e6fd84eda600ec70e50a8dd5c9681febef52006145d40c4e8041f1e2de54c1ff3959a72b91f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
0529d535ff81006c6431d3267f6b55cb

SHA1
392b94ed11ac46344b4b5f6950e1630e8c4d0f62

SHA256
0601a43116f345910e0639ea9e9f1afc4358e9e6583db23995761bd7af4b446c

SHA512
028232c679f5e45d158a4e3dc5c41aae2b10925f5f9a29dfd0c077371ac72bd3637fc4b0702c626aa76c1c1d172b4be937f676fd4877e71d52e38cab127ad95d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
3cb613fe86040c1fdd066c2ec2b546da

SHA1
ddcc96538417e7a3690f524a7f454b673371b8a7

SHA256
a680f9e6c2c04c6576682a0963b2d7ea699c9e8989a46aefeacdc06df2daa4e3

SHA512
8f3bdb941f562c2bd293d99d95b9a691b3ed39d2ac5a8cc9c0daceae720ca78e9e6f38e9beab41f2464c4bb0ad7a03bac54d42d1c27d50e38a79d19884110bf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8063d71bcad62848cbff694eb34e8c79

SHA1
90e61a77ae15aeddc707d21e944576e32dcada33

SHA256
9a170cd378a63eb41e35b20989229407e92167dc41e420ab1d62a50e83123662

SHA512
174562e0a6ec2e7f4e245cdb3e4bfcfe5b213e5e6744c762ecfd203cb8f16efc58634f2939ab84983be578f48649d8efec3b9d52387611754b8fee46b607320d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1e28e62f73cdb27edc64d2e3247dcdaf

SHA1
18251166a51d4f2ac5e7cc84dba42630c2c5f609

SHA256
604cece58c66c0e9f3388286863607eef4525027058b7c4567a1fd3344e1ffa3

SHA512
48f96ff47e771ba05faaf8c63a2bfed440899b9bd2419d3e41ac1b8996567041be8ffe2f9321b470a694397948cd80585a4ce259db7afd69b6985d097d71b251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
8d6c6f68d08675a29c0161bd95e31e1b

SHA1
265c833d4d608a1d3ccd8035d6887002f3b51e66

SHA256
8bfc0cfa78143d91d92bfbd105e7203dcdd8ad8df8ca715a72901b4a77071070

SHA512
df0d93eac7ae4fdbc62b370278a129ea0d716333cabad173f7bb208d865d295b10c3b0994828958f41bd9e969bfd8661252666fa3b9732dcdeb53378e04304d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
83e7ec34c8f0b7ee1e361cc71b888562

SHA1
02dbed9668a14fd9e7a75216565e8bfcfff30731

SHA256
9423d26596d65ffacda14b1b59cd2eb116c5eb38bac0859896920210378acc93

SHA512
ee2574c2db40819c7cd1403fb15ee3e54f384ee01864ba74505d2680c8ec8beb4f7f570f95acdcc8d767b836efbb4060fbcdf46d1d826f0a864dd94e2cb63b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2c45486d16b4f2697afc56c7ad94c108

SHA1
7904823cc6fb4d6459d590d8177e0ddb24c54652

SHA256
f7f2327772307c155f152a4105795d59d6913f3a2f5777d48abb2b057ac19292

SHA512
71ab2082d04b076a3eeec08368abd77e3c5e60ed78e70eb4142c1ef81838b4867c6fc8156a26b9d7b73992913a43b302134c75fe890479e7abfd5befa3b72ca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
75ee1f92f73be0ce41b51499787ce37e

SHA1
311ca7737edb939802c455f4ceed238d93460d72

SHA256
98dc32f872478e22f874b869621e515343d86324faa8cdbbe2a39a8f65a8274a

SHA512
6e17471120cf6b32cda5f82f836960ddffe97d19b043e62620adacf9c85a9102a6a471dc05178690ec2b4161b0a5ce15600ac223ff9668f67568456c23b4ec1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
240B

MD5
642f9ad87f6f2f53ebff81439e0bb391

SHA1
718c78b98b5a991a6a12bae675213b8a7ce7ce20

SHA256
b8fa2cb29cea36b8cf294227814fe582bf71a416baaa2966fba5101cd562d5f1

SHA512
d1eb5ee5c0a4b1b6ab1000500f39eaf36b9afc67804786ef947050edfe9c86ed0e25da03191d5cde98df3533385e5ef81e347f93cfe226b7f644d836fdff1707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583d43.TMP
Filesize
48B

MD5
577dba01ac269040dced2c064aa5834d

SHA1
6fdcd75e4ff1db5f7012545a5a72fcc06ae7e90a

SHA256
dae05550bf3aa1cf2bc0979dc19572237f63652009c5d422aa2d79373d8d739e

SHA512
592019999b9213a6321f40c42480476a81eb65a7ab844905716f00ce8fa57043132ec5d5c1c64470135db82afca54dc143b649ba188a01121731432eef5672ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
6d51c324c0a956487ee19d648b3e3c73

SHA1
b225b1c0bf6ab35a46e8476b3b91078817981fda

SHA256
ee92210edcb4e844e1bdafc79f9b15277b56c2f4c43a828afee8a89bc51fd1ea

SHA512
48d393189bb0cec1251063360f67fe80826413189a2d3620d3fd348564769f8c47dcc29cd11146e073de90f94e17d0ab0406e43fddcbffce6b58c1ca7ac39515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
caf2b4da482f5d7dfaca5e15ad5aaac3

SHA1
d07755737e24f8ab08396bf9ab457017647fbcfc

SHA256
d27b6d32ad8c6e7fc452651bd2330a616e22248a1f12a7a1935d3286e25421de

SHA512
f94d13609d8ec130187814167736ba66e360cab9a90fb09416fa3d1b8296574e60c14b110cb6391c89610413cf332eadbf49427589dfb1c41e4162d2343acfde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
f105b6dc9bb31748d837677e3c0ff448

SHA1
6038585b1656ace2b0705bf5324964c4eea7cf55

SHA256
628e4c2c4ae0948c3d9da393b71c7846a8547fb7964ceba6a1e895fdbbcfd9e9

SHA512
21087c9665ef5eaf108ff5114025168076117562c6a4fdfc83349c4e51cb8e8b871614a008570f022db88055edee2addbf9055837813db0300bd6105196ff920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f388.TMP
Filesize
537B

MD5
4b23e00a5931255fb761d974aaed4b6b

SHA1
1cdec805ccdbb749697cd535d4e56e29d370efad

SHA256
4a28d453f17a82a2c102c3e23829a7b373ef3fa82bc81c914f997e914fd04d52

SHA512
a44d4b011941cc657a65dee2d9f60e9aa599a869968664c8b9f119867a3611bc8699751edf996779e53c3ad9edbc6704b02540b263415eb23e19daae5131c98f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
2d184f98586826a24b2345cd31121344

SHA1
c4db93998127d619f63c91360b2f39f08282ecd5

SHA256
5ba488d3bcb7c531a60566f716b7c9514ffc0be30a1656ce02f141492883377f

SHA512
2b875bcd2b06d119e6781a56711c950d9c0069712e82a1c17d53c433b73a89d643ff01ee2be741426c06226709debf2f8fa9c62fe73918da745e1e8179d0f207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
e5da24c8358f36c029120db8847c5ef6

SHA1
63c423efc2c752ff7fc61dde2deffaa714c95d3a

SHA256
71030893139c2faf37308be9f6d072952bd18d86999b440328869c497b552d2a

SHA512
59a385ec46fa5fb35aac93fee55dea32e489da9031d2bde16e1dd0b083bade3b5e577c371236dab3c8978a887b58ea27d49bdb88a5935b4e9d813d510f662985

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49162\VCRUNTIME140.dll
Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_bz2.pyd
Filesize
83KB

MD5
223fd6748cae86e8c2d5618085c768ac

SHA1
dcb589f2265728fe97156814cbe6ff3303cd05d3

SHA256
f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb

SHA512
9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_decimal.pyd
Filesize
245KB

MD5
3055edf761508190b576e9bf904003aa

SHA1
f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890

SHA256
e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577

SHA512
87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_hashlib.pyd
Filesize
64KB

MD5
eedb6d834d96a3dffffb1f65b5f7e5be

SHA1
ed6735cfdd0d1ec21c7568a9923eb377e54b308d

SHA256
79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2

SHA512
527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_lzma.pyd
Filesize
156KB

MD5
05e8b2c429aff98b3ae6adc842fb56a3

SHA1
834ddbced68db4fe17c283ab63b2faa2e4163824

SHA256
a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c

SHA512
badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_socket.pyd
Filesize
81KB

MD5
dc06f8d5508be059eae9e29d5ba7e9ec

SHA1
d666c88979075d3b0c6fd3be7c595e83e0cb4e82

SHA256
7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a

SHA512
57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49162\base_library.zip
Filesize
1.3MB

MD5
08332a62eb782d03b959ba64013ac5bc

SHA1
b70b6ae91f1bded398ca3f62e883ae75e9966041

SHA256
8584f0eb44456a275e3bc69626e3acad595546fd78de21a946b2eb7d6ba02288

SHA512
a58e4a096d3ce738f6f93477c9a73ddbfcb4b82d212c0a19c0cf9e07f1e62b2f477a5dd468cd31cc5a13a73b93fa17f64d6b516afef2c56d38ede1ace35cf087

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49162\libcrypto-3.dll
Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49162\python312.dll
Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49162\select.pyd
Filesize
29KB

MD5
92b440ca45447ec33e884752e4c65b07

SHA1
5477e21bb511cc33c988140521a4f8c11a427bcc

SHA256
680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3

SHA512
40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49162\unicodedata.pyd
Filesize
1.1MB

MD5
16be9a6f941f1a2cb6b5fca766309b2c

SHA1
17b23ae0e6a11d5b8159c748073e36a936f3316a

SHA256
10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04

SHA512
64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 159635.crdownload
Filesize
22.7MB

MD5
fa040b3f89ea9903642b4749989fd5ff

SHA1
5fc18215f623c8f63aa8fe053a1b15d60d423055

SHA256
623297ad94e0bbeb1be875922e8e41883fab4ca577ed92698750dc9980b97026

SHA512
6d3698ed2ee3bb835855cf62b1eb0deda746e299b5de21f5487903e97becc9ea0f79e8ad5b19ae9b7247f91eea530ac3d86b1ecaa8b5c23dcee52b1cf1c15e51

Download Submit
C:\Users\Admin\Downloads\ZHacks____SolaraBETA3.zip:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\LOCAL\crashpad_1304_RPNBWMDARKPMCXFD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit