69840b6059d51cc1aeb9846f1fcb2ddca0f89b4690fca73b98cd42edc2237f0f

Analysis

max time kernel
1800s
max time network
1799s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
24-05-2024 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

httpscdn.discordapp.comattachments1.txt
Size

183B
MD5

0efe1a91f04c297bd82f5f7abac671dd
SHA1

fe604b052bd341f8b3f2ef3381f5fdd13f9e9186
SHA256

69840b6059d51cc1aeb9846f1fcb2ddca0f89b4690fca73b98cd42edc2237f0f
SHA512

5c204bc45626f12550945a76f5285a36bd260abd5bda13cb25f0c6e15b96114cc15d337a5f0a4058b6415e7b4e4914b724dfce10a279123b0362e28488ba8f94

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Executes dropped EXE 2 IoCs

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

pid process

3960 cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3080 cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Loads dropped DLL 10 IoCs

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

pid	process
3960	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3960	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3960	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3960	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3960	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3080	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3080	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3080	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3080	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3080	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Themida packer 12 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll	themida
behavioral1/memory/3960-2332-0x0000000180000000-0x0000000180B28000-memory.dmp	themida
behavioral1/memory/3960-2334-0x0000000180000000-0x0000000180B28000-memory.dmp	themida
behavioral1/memory/3960-2335-0x0000000180000000-0x0000000180B28000-memory.dmp	themida
behavioral1/memory/3960-2333-0x0000000180000000-0x0000000180B28000-memory.dmp	themida
behavioral1/memory/3960-2481-0x0000000180000000-0x0000000180B28000-memory.dmp	themida
behavioral1/memory/3960-2650-0x0000000180000000-0x0000000180B28000-memory.dmp	themida
behavioral1/memory/3080-2729-0x0000000180000000-0x0000000180B28000-memory.dmp	themida
behavioral1/memory/3080-2731-0x0000000180000000-0x0000000180B28000-memory.dmp	themida
behavioral1/memory/3080-2732-0x0000000180000000-0x0000000180B28000-memory.dmp	themida
behavioral1/memory/3080-2730-0x0000000180000000-0x0000000180B28000-memory.dmp	themida
behavioral1/memory/3080-2756-0x0000000180000000-0x0000000180B28000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

Processes:

flow	ioc
302	raw.githubusercontent.com
106	raw.githubusercontent.com
108	raw.githubusercontent.com
138	raw.githubusercontent.com
172	raw.githubusercontent.com
238	raw.githubusercontent.com
58	raw.githubusercontent.com
105	raw.githubusercontent.com
141	raw.githubusercontent.com
173	raw.githubusercontent.com

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

pid process

3960 cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3080 cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedgewebview2.exemsedgewebview2.exechrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609935671182528"	chrome.exe

Modifies registry class 64 IoCs

Processes:

dnSpy.execmd.exemsedge.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\MRUListEx = 00000000ffffffff	dnSpy.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0\MRUListEx = 00000000ffffffff	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0 = 5600310000000000b8583d191000536f6c6172614200400009000400efbeb8583d19b8583d192e000000daae02000000010000000000000000000000000000001acf240053006f006c006100720061004200000016000000	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0\0\MRUListEx = ffffffff	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	dnSpy.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0\0	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	dnSpy.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0\0\NodeSlot = "6"	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	dnSpy.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	dnSpy.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	dnSpy.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0\MRUListEx = ffffffff	dnSpy.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	dnSpy.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3938118698-2964058152-2337880935-1000\{30A354D6-1541-4F2B-8DF7-A43691D7AB37}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	dnSpy.exe

NTFS ADS 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\dnSpy-net-win32.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SolaraB.zip:Zone.Identifier	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

2664 NOTEPAD.EXE

pid	process
2664	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 38 IoCs

Processes:

chrome.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exednSpy.exeSolaraBootstrapper.exemsedgewebview2.exemsedgewebview2.exeSolaraBootstrapper.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exe

pid	process
3376	chrome.exe
3376	chrome.exe
4512	msedge.exe
4512	msedge.exe
1872	msedge.exe
1872	msedge.exe
2708	msedge.exe
2708	msedge.exe
2676	identity_helper.exe
2676	identity_helper.exe
2772	msedge.exe
2772	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
4532	msedge.exe
4532	msedge.exe
4340	msedge.exe
4340	msedge.exe
2308	dnSpy.exe
3600	SolaraBootstrapper.exe
3600	SolaraBootstrapper.exe
2980	msedgewebview2.exe
2980	msedgewebview2.exe
2088	msedgewebview2.exe
2088	msedgewebview2.exe
2308	dnSpy.exe
4228	SolaraBootstrapper.exe
4228	SolaraBootstrapper.exe
3496	msedgewebview2.exe
3496	msedgewebview2.exe
4060	msedgewebview2.exe
4060	msedgewebview2.exe
892	msedgewebview2.exe
892	msedgewebview2.exe
892	msedgewebview2.exe
892	msedgewebview2.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

dnSpy.exe

pid process

2308 dnSpy.exe

pid	process
2308	dnSpy.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

Processes:

chrome.exemsedge.exemsedgewebview2.exemsedgewebview2.exe

pid	process
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
3844	msedgewebview2.exe
4776	msedgewebview2.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

Processes:

chrome.exednSpy.exeSolaraBootstrapper.exeSolaraBootstrapper.exe

description	pid	process
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeDebugPrivilege	2308	dnSpy.exe
Token: SeDebugPrivilege	2308	dnSpy.exe
Token: SeDebugPrivilege	3600	SolaraBootstrapper.exe
Token: SeDebugPrivilege	4228	SolaraBootstrapper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsedge.exe

pid	process
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exemsedge.exe

pid	process
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

dnSpy.exe

pid process

2308 dnSpy.exe

pid	process
2308	dnSpy.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exechrome.exe

description	pid	process	target process
PID 1100 wrote to memory of 2664	1100	cmd.exe	NOTEPAD.EXE
PID 1100 wrote to memory of 2664	1100	cmd.exe	NOTEPAD.EXE
PID 3376 wrote to memory of 4708	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 4708	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 2740	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 72	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 72	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe
PID 3376 wrote to memory of 360	3376	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\httpscdn.discordapp.comattachments1.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1100

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\httpscdn.discordapp.comattachments1.txt
2⤵
- Opens file in notepad (likely ransom note)
PID:2664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe8,0x10c,0x7ffc74bcab58,0x7ffc74bcab68,0x7ffc74bcab78
2⤵
PID:4708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1808,i,14529948401891308871,7348918005168650074,131072 /prefetch:2
2⤵
PID:2740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1808,i,14529948401891308871,7348918005168650074,131072 /prefetch:8
2⤵
PID:72

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1808,i,14529948401891308871,7348918005168650074,131072 /prefetch:8
2⤵
PID:360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1808,i,14529948401891308871,7348918005168650074,131072 /prefetch:1
2⤵
PID:1056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1808,i,14529948401891308871,7348918005168650074,131072 /prefetch:1
2⤵
PID:1848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4268 --field-trial-handle=1808,i,14529948401891308871,7348918005168650074,131072 /prefetch:1
2⤵
PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4104 --field-trial-handle=1808,i,14529948401891308871,7348918005168650074,131072 /prefetch:8
2⤵
PID:5060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=1808,i,14529948401891308871,7348918005168650074,131072 /prefetch:8
2⤵
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1808,i,14529948401891308871,7348918005168650074,131072 /prefetch:8
2⤵
PID:680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1808,i,14529948401891308871,7348918005168650074,131072 /prefetch:8
2⤵
PID:4476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1808,i,14529948401891308871,7348918005168650074,131072 /prefetch:8
2⤵
PID:1336

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc63ab3cb8,0x7ffc63ab3cc8,0x7ffc63ab3cd8
2⤵
PID:2376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2012 /prefetch:2
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
2⤵
PID:940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
2⤵
PID:2772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
2⤵
PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
2⤵
PID:3068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
2⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
2⤵
PID:1752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
2⤵
PID:3080

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
2⤵
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
2⤵
PID:4348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
2⤵
PID:2796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
2⤵
PID:832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
2⤵
PID:2488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
2⤵
PID:1804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
2⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
2⤵
PID:4692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4616 /prefetch:8
2⤵
PID:3384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2316 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
2⤵
PID:3500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
2⤵
PID:2520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5792 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
2⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
2⤵
PID:1116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
2⤵
PID:3576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
2⤵
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
2⤵
PID:5068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
2⤵
PID:3128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
2⤵
PID:2008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
2⤵
PID:4588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
2⤵
PID:1364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
2⤵
PID:3000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
2⤵
PID:3184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
2⤵
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,13121560521818374484,15375615565594671963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
2⤵
PID:1216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1372

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1256

C:\Users\Admin\Downloads\dnSpy-net-win32\dnSpy.exe
"C:\Users\Admin\Downloads\dnSpy-net-win32\dnSpy.exe"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3600

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:3960

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3960.4180.5146426331884962656
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3844

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x1d0,0x7ffc63ab3cb8,0x7ffc63ab3cc8,0x7ffc63ab3cd8
5⤵
PID:4344

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1928,3097397151142184839,8432798819144612460,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
5⤵
PID:5048

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,3097397151142184839,8432798819144612460,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2212 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2980

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,3097397151142184839,8432798819144612460,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2504 /prefetch:8
5⤵
PID:4476

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1928,3097397151142184839,8432798819144612460,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
5⤵
PID:4776

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,3097397151142184839,8432798819144612460,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4612 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:2088

C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4228

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:3080

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3080.828.3305213290677887039
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4776

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x104,0x1cc,0x7ffc63ab3cb8,0x7ffc63ab3cc8,0x7ffc63ab3cd8
5⤵
PID:1536

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1852,6033606059391823541,18069261010310694982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1812 /prefetch:2
5⤵
PID:4348

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,6033606059391823541,18069261010310694982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1976 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:3496

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,6033606059391823541,18069261010310694982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2472 /prefetch:8
5⤵
PID:680

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1852,6033606059391823541,18069261010310694982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
5⤵
PID:1748

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,6033606059391823541,18069261010310694982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3420 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:4060

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1852,6033606059391823541,18069261010310694982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4468 /prefetch:8
5⤵
PID:1524

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1852,6033606059391823541,18069261010310694982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4740 /prefetch:8
5⤵
PID:2888

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1852,6033606059391823541,18069261010310694982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3068 /prefetch:8
5⤵
PID:556

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1852,6033606059391823541,18069261010310694982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5016 /prefetch:2
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:892

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1852,6033606059391823541,18069261010310694982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2212 /prefetch:8
5⤵
PID:1504

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1852,6033606059391823541,18069261010310694982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3028 /prefetch:8
5⤵
PID:3048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
13ffe702aa07372b021bd36d10198f88

SHA1
87cbb215e91351a8780d21f936584bd610d222f7

SHA256
24b215f2ee404f6f26e8b1722e9390e846dd4f9b7183b31ca4014d2e4dd39425

SHA512
c0642acfc31a58be92f566da9ff5e3721c24c5086d111296ac020d5e9293f5057749a5beb7348f995966d713d6a9e3b7bd4ff293d625a5c3573643cf8ee93abb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
36c76a3657210ac4dd493b7214a336a7

SHA1
c32a2e40b200454f35715a867adaeb04dbdf6281

SHA256
48e50074992f4d539c5d0ab6aa2f8ccd02cd9d238127cbd4951655a89070e45e

SHA512
2002ebab5c6477bc297008c31dc16827b61bbe44df43e5f8f7aea7aca08e87a6a64115198c4b6d98564c87592e87dde1b716c6703694a611a754d2bf6592f842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
d65373040c98e061887529e3ae89be47

SHA1
ebf3ce3f881f3e9ecf1ad52dd8185a8a48ce96c0

SHA256
3808a1dc4410183f63200e82a674065ef4586a4181b70921be0211d5f2ed2809

SHA512
acc89edd1b6f5af065f946a8bfee8050edc17804a3c8f4fddb64a45f3ceadcbd1e20fcbc15b63c93eb04a16afdf12ea05735948dc1b247406d80567fa32b71cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
ff136a0ffac9181ca5b28820eb630044

SHA1
c0bb18d7e86da2fcbfcb94fd58d8b8da3969863e

SHA256
48b9ab369fe8fe8de8fa6bb4b08d2fa6df027b7b36304191294de12f52f0e7c0

SHA512
6466f155576bf1ea6d9dfa763736ae7364e7034db1e159b7fa03883e5784309fdeba0f6b2d1015ad6367007f66a8add8ff954be4abfb7401012821cb7c97da0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
261KB

MD5
a10dbd236dd6bbfa2f2e85b719f48ba7

SHA1
73ac9f58a016293f1b34131087188476db05b24e

SHA256
aff5abaadf342c466c022773649b44a20bdba08516d725f679f151c3d5aa2ac7

SHA512
a3dc5b4571c5664e7ccdb7822c91aa95154beb2addcb858a6559cff1b500b2e86d43ddbfecd4203225b0689ff171edc9e99cea59ff3dba71fe7296a07b4abd58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
34d22039bc7833a3a27231b8eb834f70

SHA1
79c4290a2894b0e973d3c4b297fad74ef45607bb

SHA256
402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6

SHA512
c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
046d49efac191159051a8b2dea884f79

SHA1
d0cf8dc3bc6a23bf2395940cefcaad1565234a3a

SHA256
00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7

SHA512
46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
40KB

MD5
0ea3c40e1faf37122a20a202e9b52714

SHA1
ac0d594878e4160c112d7f70b5c680523dcee1a4

SHA256
ad3eac09f7aaaed3059ec039ea0477af10919a4a9be9a8865dce7fd34776c8b0

SHA512
e19363456375a8b1a0887af217befabf3dfa5c6944b9b4b62a04d20ce6e5649af4309b86ecfaf061ebcf243011eef123c3f75ebf2dba32d18ce28140adbca52d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
1.2MB

MD5
81a63a086d1c0fb065b12ebecf8cd7f8

SHA1
4ae54a6f2a83df9c901b196a6c29c3436b3a3f0b

SHA256
706678b4abec74ac3221737a9c70bab8ea40cf26ee6a89cb321e6c1503fee0ce

SHA512
2d33384744684bb31c7a30b263d6d2a1fe7bdd3dbaca9867ec6955795e23e7ab5996137210c651c608c22b1d9800bc1a29ef933958fb57dcac2482e8d3922877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
Filesize
41KB

MD5
02238255eebd71f51a20523f25723ebf

SHA1
1560e5aa08a503ac75bca9b784696e2a243509d8

SHA256
5656777362c5d64e8a217029af6260ed7ccf50d8ccad760247fc973ae9965892

SHA512
b903a7cc8a6e9e690bab167bba81a40e2b14e4a6a1c95682682a25d3d671118f8fdf9b58ed4856e4234760fce765da228d4cecf56c3b18a7930b56a15e8a6991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
Filesize
67KB

MD5
6e52a644708109836adae5b691622755

SHA1
fa6729b150828dba23c6cadd92c6b524529ccb9e

SHA256
9584d23dd0aed936a7ebb26fa2c9683d6f2290978cd080768924ec4a9202db9e

SHA512
6f8dfb1240cc28056181eaaccb156801493867a919f7c9ae386dd971eb08525d82876fedcdedb387bc7b42bae5896d0868c4ff813bb0e8db9f8fb98811d5dbbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\00001fc9c4623f9c_0
Filesize
1KB

MD5
bbea00d09990663468ad966d8a9ad5cb

SHA1
eb91de1b6d81677d0ae5d3fd729c60fa795801ad

SHA256
943eb2cb30ff2a6631a8c0471ec7613d6e1818dff6ca3ca370725b4082e04d01

SHA512
33f04d0448a29acb49d2eb53ec95d7d4913cbdb4e0db0a29598f8b4c1c21aef2eba6f4d44de0a64bfdfaa8529631900bd205bccfdfcddc8e4a0b6ee2b15f3fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\05a0a3eb7119bd1c_0
Filesize
2KB

MD5
2ac7a0f2b9b1eb457487af56873892af

SHA1
7eaa6280c0699bfd332cdad5de1e72aa5c32aa27

SHA256
af9e183d2f6c7a9eeffc95e68507d3db266c46080437351805fcbc29956586b6

SHA512
eef7ad8a141b36de638059cc77a83a573c60b976c9586eca7bd95a69758f2516ed937fbbe22953a3c0a35bb28ebd8592a88d2d56ea3fb356da55ee81588a635f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0
Filesize
2KB

MD5
1bbd221cb7ef4db175a9e2b070effc2a

SHA1
df5a5fbe3c5559241101b60245f3927ab965d6ec

SHA256
8e1f4bd78ae04687fc1acbed3da1575b10db2155c041b28bbcf5079167d4354c

SHA512
f8b72275c0d6ac4f40608b181ee1b95ed0d402c12aed3758315921cfe2dfe7c7dd267c514cfdc22f94b854eb919b5e3b51fee3f7c55e8d9adc982ecb5062b636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0c3ee779c9cac9f7_0
Filesize
3KB

MD5
e858d8b81d7f131d70c80eba61cee4c2

SHA1
0c6e9a589ddc7bdc383dd07f4b3b8fedde54c5b5

SHA256
3823d747a8ff75ffe7cc7eab16cdfbdf5acb5811bc57021b537fa4bc2bd71a47

SHA512
cab14bb71349cd852d8c4fc639c0382e75f2dea733479d535d9e20a1a875ce7159b557ff25cef1e4eceb307f6b004396a80908a74fd9cae53519379c68b9fd60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0
Filesize
2KB

MD5
ba286a44259b2764f3176e6de1d0926f

SHA1
712cc97701e38d9c0a36773b90e60c128acc645b

SHA256
1727463f73435ef3cb8d441078d7e320aa53355e4e9a8ae3ac5b16101e872e0e

SHA512
974c9aa6c06451478fbbfc9b527bfa56ca1a49f8fb3f7a3c752eeac59963c48ac0ec8f6353463c002c7e7e1bfd9e8edd1baa2e3f1f3fb36ad775529451b9e92f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1976e13fdcdc733a_0
Filesize
2KB

MD5
5a1adf2773ca2c4647e2442e5bc964bf

SHA1
d2e1884f16da8d94c1de9651dae911a079f34eb2

SHA256
d19bbed0ecdc82fc527851b4a00bc321ff117f87bdda3d5dfab8e03e334b5921

SHA512
6e309d1a5264d0d69047a9ea46610a81f2f668ac8c1b97ffc9a4d4619c4cae687169d92f9d42a50d84b873263220c0bfd814d81b881d667b0364d05e4c0b1cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1db49d5c14d8460e_0
Filesize
21KB

MD5
a52e1b4c86442bcffde681b3175eb07f

SHA1
0751796f2551276ace7ff90add9218fc5002bfb5

SHA256
88079bfc1a374384e3f9921b882c21e77a99a34fd1493ac25648433cb6dbd837

SHA512
7e0b2140b5da0bed0c1f9fcc570536f438d5ba634398b8629747b3f2bdde0818fb9158f9ad8f10529bac5763ba977049ddb8395097480c72e60881026d469c29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0
Filesize
3KB

MD5
568ceb85ea77055a3aa0a389e76d781f

SHA1
344fe84bbe5bdecae823b12c43c6bb02f7716b81

SHA256
9ac59888337820b492b36d2c097dfa7a9969c16a6f496be77c5b20a93c1e0319

SHA512
e3fb6f3bd6af6c7f0016588de93f32ddbb4576443e642071442c3d707b901420044b36923576eba1de8aa7108d09371ab6a69d327bb5cf77de9f893f1ddb5bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295f5e2112efe00a_0
Filesize
5KB

MD5
9d0ac785db400e997b39f92ececa249b

SHA1
8b8faa77915a3f066be70d1a27be1deadeebd4da

SHA256
f7879e6c25c3ea6fe3d360f0a61dfe8b9a58446f1b256d6a1cdb5c2c3f63a651

SHA512
a30ab4b765748527f25eaa4c45bb1e6200bb635eaf1ba2bfaf3aeb4e5c9a81ec9d0bd720ccb42e8fec8709734b0238e38a9d84ec54adfb36cb9401bee82aab64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\313fca3febddc34e_0
Filesize
1KB

MD5
dfe617c16b45cce86847082684ac5011

SHA1
86d815d05ca7a3f5f4a6b7da4c0f064264fcfe02

SHA256
03fab2e9e0a1726c99328bbad92f6690a52d01c18a7b28f6bd69cc27444a93ac

SHA512
c475b672918d406e30febde422bc3e3526038978198ad4e9203b36c3afe5a774279176878a38b5c004cda6fc90841a26f45daffcc6aa914722147859830e43bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0
Filesize
1KB

MD5
b0a7a34fe8712699af2c23c32c0dc1d4

SHA1
0c17f942e3a61cb2f81cd085a3fb59ad84b74549

SHA256
e76303b73e6d87ae5913745f939a13955adf43fe234049acdb6502e4fbccdfb6

SHA512
4e6eef8b86f57e87acad1d2a48ac4fddda0c245d05d6f492c411f61ea908f25836da7dc6ee9df36a949c8c6590665c1a65b88a2c2b20e5ef3651ef80337c75ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0
Filesize
3KB

MD5
e7c83ece25dc117871941eff492a31d1

SHA1
41e0d1693c6ae6126366be96b388085905431f18

SHA256
bf56d1e9a97610fe722a18a1cba5dfd9f5d8a03e52cbc36f6c82c511d5427b80

SHA512
a0c5c75117bf61d02aba1c1d5c5a2ba58bcfdbf2493dc954b31cc182ddf80d5c7e569bf4f5d179cc1b3b2b4cd1005a20d092c28d17b95111ed49d7cd3acf4713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5c2185040c52246c_0
Filesize
6KB

MD5
6122ebf6a12ab06a3e5fa1a21878e754

SHA1
35b0215c33f0f6aa4c866c1e11ee7d6b9d13d379

SHA256
01e39a2224271ffab50bc4d6f11fc2386c8128715f33b9cbb4ba1280b5176a59

SHA512
07a7cf6e995919b5c71ba3247171c13668251ab7947e18d54ef811b22e6eee898bc4ea4b17d9f4db85ae59100bfb83bbcecf5edf2ab3d32b90345906d8b971fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0
Filesize
14KB

MD5
33345eeeb904057554d499ab4b3382dc

SHA1
99f403e97d8b35daf409abf7b2cbf54d5d781c37

SHA256
13b350d7d803730bde0e435f938dbece838e0fcb283d20b11da40764944a808a

SHA512
64326bd77572e469e2a0454c9418e7ae5e534f325c8b5982cf271f6c0f05b77f9eaef7b1ac9132ee23c7f5f20c6328b874be35040433fc288119b21c8447210c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\697bd0fc58d3f6a7_0
Filesize
1KB

MD5
e76c60697471183c9b8caef578a20e0f

SHA1
2eed7e3c9863aef96a690293c4a0af36a0240105

SHA256
0664d215cb037bef261a831c02dd00a22016c07619ef8eb6e9d6b9bb1ffb5eb5

SHA512
4e63245012baddd181310845cd0fe7ec1e88ba35f08f28675c57b5b68622a946fd1fb181dacfcaa913d9d60e3eb85e3864c68f8a7744bb85dc5550a618ea64e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0
Filesize
1KB

MD5
6a2145d61ad7d6e39bbef6ce9df2f61a

SHA1
13175035b791b8aca9f08ee5db2eee5a9e15efbc

SHA256
ac46e8fa9136f8d036f1058ed0608e0a8b089a2c2780762476f8029230687071

SHA512
735a113d82eb90de0342f1a9896395eb491b438e8c02d49fadd219fbded312ad33301296c977b11d19c4ea5b74758dc5955df4acf5f634749d3eab768da27156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0
Filesize
2KB

MD5
67cc3e6321d96193133d78295bc9d842

SHA1
fd5d6585d2ff332ea625f855f5752912e002b83e

SHA256
5a83362b8dc251ab2ab099445d1174122ab610bc583616abab0a8a55c4b4e34a

SHA512
0823c9243133ebb4eab45fee3fe840234df61354dc72536d8138c3e600a0a087e8acb3c73204c9118a65875a66b3b1bb65e1139db7eee415c27ee2b8b6cbeed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\80252f778f85295f_0
Filesize
1KB

MD5
0c67bada233c92ebb7de7e419e5a3692

SHA1
93794aaabb2a2f75143bc2d57954137e70b634b8

SHA256
5d58fe67904b43e1151257894d98afa79529c324e37e3e81d76207b9e1b6cc5d

SHA512
f133a1d62890074f2e62e4709f9833a5be88e0fa609d09b30ce9e5cc4a6d2bee18f3c71dd67a6e7db6028aeff81b814e012d19987f882601ae88a0ea9a8564fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0
Filesize
2KB

MD5
9f0a46dc2748ee8ce09fb06dacb396ce

SHA1
505d8c349d626a602faeec3125ed235dca1b9f19

SHA256
075c8c98b46e4f38cf5e69e59ddfd9058e6ec268548080be7baf298703a8c631

SHA512
f8170e242ec3d6abea6d909644ba8c5e0342f124886495635dad38536df4cca904c952266a815e6f62549733100af888ec6f0081afd53550ddbd494d00419010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c2fa1f2c6b2cb7e_0
Filesize
1KB

MD5
61b28d2e22c5945fe4ff784ffda687ed

SHA1
c662bc20bbe83f3c0c8d48387fc0eba989b900a9

SHA256
5a9a87f621c081df415ca9bf6d32f0d992d5b1d03ff1f4213c694b731e8b1e61

SHA512
d696c1470340d540ee6478bdfd30925b4a173526334d7c07746dc7df5dc3d6fc74e8ff7c79288b68ba2f3c1d20e3a9a34b55a336bfb2e0024775db0448b283ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a916f9dc1e7d5914_0
Filesize
5KB

MD5
7260dff388b0f2cf84e108418401cf60

SHA1
5724f2574c1db1f66daef2af949dfd9da7c07661

SHA256
439d1cd4f677a3df7b9a80e9049699e4d0a12319c5e0e8ef9b73241f6042adce

SHA512
09d6a1280c14986d1dedfa47baed626832892b4c63a617e21a03a28adf7d994e739dbe54aaba696d7f603809b755cccf68dd622fb4de6b5fa41a1daf6917b188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0
Filesize
2KB

MD5
951e382a810561da47074f2f2a132092

SHA1
5ecb6e1b4a33d7911cde2802ab2a45305932f6df

SHA256
168d708662694a65d9495bf50b23a84f78daa3aeb2aa5f9edfc8b7b52ec41833

SHA512
fd3b5bb79c44d27b5ded370b722f83484636769690695be830225a6240c8b4a262dafd95c9c1d0c4d56bb0ed6bf4f1d23820732d66788fc486bc1833e356d7c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf0c3222b48cb44a_0
Filesize
1KB

MD5
8338266fe456b715eebda5d6c7d6228a

SHA1
dccae1396e2dc7ccaca2008a9ddf02ee306fb2ab

SHA256
ecf7e2f458c313e0cf5ebe4edc98f04b9592100f318b6c3df8b7649e2767b9fc

SHA512
94774a501e237e5c4b48ef6d5dd73fb6d44b1325f345413bca3f6838cdb6c763d51cdc2b98b22385f0daefe9aaaa9823b021c69931e6f5507fc86ca2897ce818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3e166d21888f4d5_0
Filesize
3KB

MD5
bd53edf17540bda6ed20356c2bd7137f

SHA1
4b9e76cf10cb7220184fd18de46f77e68b1873e8

SHA256
9693d938449a8c2dbe4fca4b3a0d10135da8685db930fa1e4bf6f4c5f0f7d6f1

SHA512
eaf79520fc29bbb463387341ca21919f6c878b9138be2f5501c50b80c8fa5d8899559dce4337edf039db1aa35dc1ca6c7edf99bfce45e7cb694a8f9c4bb34348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0
Filesize
2KB

MD5
71eb3bc1a585b42dcb4439cbea7cf595

SHA1
410dd63e389c64a695d0adb8e8d15e6a3e881988

SHA256
712b32bd37c37de6dad37e3ce3471cb1209cd87468c668b037326352a56274b0

SHA512
bd6886846ec9c891f69b5610fb1e53692680a95c784b4c0c0a54417627c7d5e0a65ee7bf2620b1b8ce2171121ec9a5dcf2ea5fada9e88dce4566100407581f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e052e957d61c2461_0
Filesize
854B

MD5
0f053d303e3a23f49d91b1d792eaa0b8

SHA1
b5dec709ceafe2c2b7d89debca2115d016e202ed

SHA256
b50e81c9a5f38181be93aa3d420c09df68c100919d989718f9681d8c9bc13366

SHA512
e1d3adb652bc6ae3941428111fb8f4da3ec64285bffbf6d6d939af9258f7a06dfadc92a621b1fc44c01bb3c385f096e40ada9a305336b3ae63749dfa683d9137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0
Filesize
2KB

MD5
44220bd4c573cc0b621fb7a07754ce21

SHA1
575ceabcbc30854947f3c67d23ead3a407b62f38

SHA256
71f60c3d3f0091ad996b450dc1fa8a7e274f508c15b7676a751b2928d85b4438

SHA512
7f46975180bda24c5c416645fbbc78a46102c9a500c9170020584e5774968cf2c318486dc5f4ff9ca2d84cde3e83bedad7ee27f4f5feebb491fe75b128c9185b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ed26cd2dcd561670_0
Filesize
25KB

MD5
e99a81dc9be84c5d6928d3643ac59572

SHA1
6ef9269e0fb227bb8a1c1d8a04f427cbb53ff2cf

SHA256
a1adb7bf9887c52655d130f55377e98a060cf9cdf70763fd248ac2230618862b

SHA512
1716c9645df101f11ab4b6e41880668d62efbd784922697e865448388b91dbf8756e197d26fcfe64f24cadd037dbdeeb71dcfde71fa5f0f576c2c5b31607d9a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2ff3527d0896d1e_0
Filesize
2KB

MD5
1933b3f0a03cb9987ee3929e6c96a4df

SHA1
8d8ca3607a90ca6047d84657712819f0b86e66b5

SHA256
eb3b9a12de96099a4e0f0ebe76c8968423f2e06eb0065994c8d6a4e7f50bdd3a

SHA512
aa9238752b45902c59ecca42f1534cde5cdf78057ac9b3904f01ef2fbd8815ae713fdfd750180694fd331ba5430dab818f806bf011156a280059023e554d8b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0
Filesize
3KB

MD5
5d6fd72d5ddc5639d4cf42d235163bb1

SHA1
a4a7088dc6c476ca2c97cd673959451faeca2354

SHA256
3813634d399f4be536e2af93b890e6c767e5530ec7313832d7dbdb9ca121887b

SHA512
defa463459612659f50251872ffff152ebc90ca3251a69af55da41566ed00a4a10f47289538250f62383be96a06c2c1e8f4edb1a6b018d9d9a167630bcfd9826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
4KB

MD5
6dd80203a1183b9c4ca0adb26714b911

SHA1
8449165c9f1350de8cb09fc0c8f83abc431abfc1

SHA256
3745d78000e53c35a74a48c3878c03de99d487babaa30063c2fa3603e12eff42

SHA512
006e98d822fbdaa7feadd037ac1124ab1c71a4a0c60188db71ab1e545ac059ad3e684a11ae36ad7ef49f5facd31225e341891efbcbd62b74eb47d774e782fee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
faa712feb4bba7c628c458a27b659b0a

SHA1
27df27dccc6f2dede9719b1e61fd85748ef78aa7

SHA256
2577dab63e51227badfca50ea2be00936ba48e4a92d437edb35ffbdd82e7a389

SHA512
dc74a3a543c75825afea64de1a4fc05dc38c4b84b2fbb60700b99faa0edb5bad48a55deba15b420432da5cb171409077861f6ec7cad490aadd1addaccebadf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
45f1a268f8f59a139cde21f1a31ce81b

SHA1
7a6f072071ccf881e207e065cbe79528750f2390

SHA256
aa73d360daf783e56c642c5c815565be79e3b638ca06d3f72a8f1af47583fa50

SHA512
70433da6e6d7dad04629662e1d625d685742572ff4de4af91e93b31b9edd866e03d324b94016c93dba382353ae65e0c5e00610cde51a06ebe6132baff43a3dbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
8967c7cb90a657cafcb1f318d467a442

SHA1
c9eff3c51c44a96b13006db518f4ba0445cdc7d0

SHA256
a62189e64de378295e0c76a28e4b9329e39bfb6060d76f14800a4a9a6ce1a9f3

SHA512
54bb707c0d42ec90af9a8bb31eb9fa6fb974d5bf2ca528be252b037959b95dcdcce38099ae1b0ec37724be9f37cc5cccc3323834f8146b1f0693ca88288c11cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
fc79a83fbe64676fa3bb026a11dbb2ab

SHA1
ee68b85e7ebc896672280a8fbacd6fdfd17f03d7

SHA256
f996475ee3074c4e5c7ac9ddc81797d4ffcbe19c6ba72fa46b492e97fea8edc0

SHA512
eb4db8b617153dd7e3e54423e4ae5ed880166deb352d54e7d173d8f5361b6d64e7a8f9a18b014a7c40273c120cb9017ce83f228d0e5fa265867a0ff47b1528e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
a37e6cac8b1b38babbb32f1aa4f16ebe

SHA1
30c15d1e1fa5f54271dfdb3a75c97d7439affd03

SHA256
2278a3ad06d401fc2614132fb306c5643285ee932f99fa896c6a3de11efa468f

SHA512
afea2d905433282e39bec39a272ad6e5e69d24999d7d3377caef2d3c96c1227fb88b0f0fa99b88abd4a00fa9d691885f77c565d3080bc405143cbbbe379db0d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
e11f5cdab108926f3f0e7b594198c65f

SHA1
c649259c998fedf1ced8942982f99770d19e703e

SHA256
42edae0f073385f87b17248e8d1941e7ba1630c76c3bf1762bdd682d6cc3e68e

SHA512
8a262c4b3b08e1ab4ce3e00e58525df35ad8e523e0d676aa012574a1cd76e16312ec54c8266b184ed8ecdc3b9eb4ba5948138969641b7033348f8071e1abb27c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
c4240ff1aac3f68dd9d302d8b2ced219

SHA1
9fb2aebed38fda612d456a1cb1652d0af5b1a58a

SHA256
96207fd7073f615ad109e07a4905f4d8cb0f7f838a1cc5cfeedbef3b9bab9967

SHA512
b3066324efeeab96761c9a23b84bfcf071c9e2eac8433e2c3a462a926ff14329c7e135446bd3a38f312210086fd8bee56722900abd792977ef65220e9e6f306c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
504b23332bad14abe09973ea828b0b1b

SHA1
2730a3157bfc6453bc050fbc26431c26ca47ed5d

SHA256
6ec3693bbc60e273b2c9535be7b6432b10b4feb50147d605bbd676e104bd7731

SHA512
4510bdbef2e978c573edd929aca857ebdb5b8c158ef6c40ceb96108929218572b1ecef53ce4ee485d4230c103a47a0d5ed0c83e02785070b2c94ada761f2093b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
5c89933f8031bed624d7a847323f7d5b

SHA1
ea5fd8f3c4a2e2a287589e2625d2e1fe3011a92e

SHA256
b74e5e53817ef6d36cea1e4599c3f2ed11e8ef8fc7c24ba89b3772391915c898

SHA512
44e8dda242295293b53cc5dec22b1f599b7e2f2a6cc200e2f98b7ad5f7cc60358ca872ccafb4f442eb3609d0102586a130b51f5414e309d5901e03d9705944fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
7cdd5476b52b5c0e55c113703da3f634

SHA1
4ed5fdb0b7f909d366b1905b0505f1d6c76a3ca4

SHA256
e208a8c26274e186db0a2b3c2eb095d8f3711a90ceb37393e165b37c3ae1f06e

SHA512
b500472b89bf4e50a08f2a5d6f8240be7c01f78f8a07647a0b8569530afd79924b07e1760881dd2ec7ef2e7f4854a0ba1f4de75d56c4f12f0e315fba38fd9264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
27d6e6d06a0f2f1c1223e67d39012be2

SHA1
8892ca8d91a55db79815b117a051dd8d2c879f79

SHA256
2188583184eb4647bc876de372954e0ed99e07f08bd1b96f0cbb2fa9d40e0d12

SHA512
376ab0fe22ae6240e81d46eb061f94997d95c706944f62206b6f78162945a18d255e6a280cc0ce935d818cd38a6d1903fcda5c382d3c6edc1c9f021938d33b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
3ecf6a124a12bdb7ad31cec5f44a8b82

SHA1
09dd9cc629a8fee1eb0a2de824f14bbafac27194

SHA256
300683af33bf3a9e7d51188cf488fce97c4a5d16feac1f79ce5c99ceff283d4c

SHA512
616157fd341ad0572db7c17e5fd883275370eb9f35b68693ead3806d6ca018f654e29e4ce6a7ecb90647808fa1e31f228d9f9020c1156ef4ea4b14a5d9a177df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
112a7a9a138e3a93bfc7f011aac84d0d

SHA1
23ac26b0f24cde25a78c7a773ae2938ef52b78a9

SHA256
1f2994cd0cfd7e2665c990c1415bc125460d957b346864d05a63e67975833419

SHA512
5725eb0a8d24f21ad6b1cf8e16643d725169122cff832612108041ff96611819f6f7dd7e3934f883b85faa111ef1d234ddd1f74faff6f3333df8521eb36b903e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
7d1ed16b73eba71231295a30f8fcce38

SHA1
43bb2836496ced17a6ea0be1e8dc06bb2e3e303c

SHA256
ab1df504c0a1cb3713e5eb370c00cec980fffa822edf9a412ddc07dd8524168f

SHA512
abef3bae16605585de0778072884bb6d633560925459f59ad621e4332ee85a33b386a795c4729c4a14026220d289e7d314ffe815c4d0864c7ca655469116987c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
b6ead5cbac6804de42e819adbb77009b

SHA1
0f5c2515b95ca24d8403b916946d9e8c8a31495f

SHA256
58fd8314713ad1e351e09b6e567d7900e154f02bc0c4daecf0a515b19baf9189

SHA512
8d77a38070cff2189f0580fb4b7cf2344861d9e928446835e5bb492c766e4b9c6aab0e38d3754f1b506637454838fec39e9b8fe8bd038a2522aac876d8f174d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
8cbf9fc0dfe4359e98d835ceb9ff5dd3

SHA1
ccb308cbbe229ed76aa6fb1c8ed8033833e57d16

SHA256
399ecf657be22295ed309b4c349276073fd013ce48407a1d099ce220c25c34a2

SHA512
aae8809964f9b5ad43420306c2a8c8e3830bf24fec04d32495595fc849e98d0f4fe16b0fc42dc1f79bba0ba8a01eb2353a1092de26e8de6904353ef316542f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
83b0153985511c074512ca010752e4bc

SHA1
79892b41c239f99164a4511598340b02d35b25d0

SHA256
dd07e93e051a2779dd22635e43015d985117ba1a1912581b90aa53b68bb80933

SHA512
fb4514bdb834d48411b275c9bb3572f697285a74c45bf6af3a4fe7b727dae3d355d1f281cd23cac29f4ec1122ed6b9f6d18fb5f912dd03fbfb55676931bcfb09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4c5836102b1a497ff1ab8e02a2ef0b72

SHA1
72ee872688505c2fbd340ca0f359581539bc5bd2

SHA256
490f187cd936665481c5b076c47f1e7a6bab51e39af14455dafa718f14aa5696

SHA512
f9172d73562972c35ec127cf0c5620f0fafc43f0bcd09b4c57913db9ea09cbc8225b51d746ce98563198659923a87e5ab897a88590583736df566ccef2a088f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2b6bd7864c213d20242f702e5baf5f1d

SHA1
766503aae16e11ce52256e0324f6024f0011de77

SHA256
c318179ba389dbb7462544bb03ffb8a7e8533ebd126f794f2c678a7540a05129

SHA512
d062f79c09f6f344ad3212b9fbc9a46eb1b424e01a6d2e593b39d70f6e919655b587e46dbcb336ea76edf8653d825820a8a7ce3b3b5d2c471d44211d40dab936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ffb978b0b59ab5a2821d93f337049c81

SHA1
34abc6323e813bb288a68a0148b0dc89feeececd

SHA256
8130e922e8218f6be2fa1050c32f3e2078cf4d57ccc796d9557b9d1a707bc8fb

SHA512
e46469081fc3c66f066572f9469f4815e4247f7285cccd35331502e6f00e4c4342d949dc901262b99f8fcb807fc55cb3c3a3ecb6b041261612cb76aafc123393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
9e7177a3e7a89a92e4ea943d42f393c7

SHA1
afaf5627cd09af247c4a5f0b811b4067adb5f595

SHA256
23f6e631a0f67a1deff355bd303515884f68c0dafad836ea10987b634f071b8e

SHA512
1c5c5b80515016430507939c36e87fdeb8a723ce3c74858560604d923bad7383aed8a3165d88a58959caa5a4ea054f4339d4bdfccac3d393ac49d8fe50635565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
be6461ccc2e1412e635e9cbd010e6634

SHA1
eaaed4fe8afd5f4404cac3ebbeece06439b8cbe8

SHA256
2cb2bbc7d1772a5a087769472db502f7471e83bc590842e13fe5337cad43a3df

SHA512
e963f6d993bc4363cbeb5ea5366171989a2e1e7146f04a479ed03d025a171369edb9d9ef01860ad3ef2033693a2a854693857d57efdfd2bc944356ab1e25cea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f4dcc460ef0bbbf0a961f04858659d1f

SHA1
9326119a6591a4dd063248f0aab4d92434a72895

SHA256
ac12ff3d5cf3f90ac09ffe2cd569db146cdbc35c264070851e87937faf93c4af

SHA512
6c99d3ca384f8976face05bdf829e75947ee5a336972117b2972dad43ae1f627aec90c7844558e41a714f3e4bb49af0836ad14aad05ea518ebf34fd9545813df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c2133a63d8b19b1547cee90f2f797a29

SHA1
0e51371de1295c85982d494956cf3c371e43416e

SHA256
27f729f2a9e63d9a753127f373762963f42938d7a07ebde521b7ca59b6f08f47

SHA512
ad1ea48b4f79c8e27dd45778db941e6edadbbe547232f06d1c6cdab0da810e2234ff73cb71352c4e64c990463d8f017ef632f7cf8d236608734300b246e1defb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
e5ed76efb0fc7c101149c44cc50490da

SHA1
9992f160985cd2e34489e50de04f4be8ed156703

SHA256
e8a44801082d3225f38b633d82f00d19b9ce8cd7026689e6aa0dba6a6341a4e5

SHA512
e66b9c33ee47996cd1e378e97c92117f188ccfeed20c5c4788cc747ed3cca1048a033a1e66fd922677cae5e59c358493f19361b158aaf93df13733cfc3d36c18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
742452a5e200da746bc8fe6c6dcc4be0

SHA1
e369fe29a0a55c108fda448339bfeed642ce751a

SHA256
d4648c0fcb46da3ff42b8afed4aab8e90bf9afcd48cbf9e54da49e7abf1ca3d5

SHA512
ab19c0afadd23ebc22216d13cd8beb67136958b9f0d0bb9c919f5dc33fde149beb6861fed2ee06a33a657a37dd39b947083a73698733193673cc521ebdc8e085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
49eb61852dab95c64e20ecefd4c11815

SHA1
a61499a7f4e80c8913facad4fadd6a5d85eacc16

SHA256
5fb55906c77aa35ba23aa7ae50feed05da3aa2049075487094d0c851353b189c

SHA512
4c3b410fdd0be485b8675b2155fa7fa21d197b0778d9b66fc4710a0065b3caac4b3888f0191de1e7b44c9867c248ae57b099fe2ab1a81544017b8d77514ec5a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
92696a8afa0d33f72f3d0a060df1afee

SHA1
b0aa0a9feea7e43fd2bb26c066f25e3e2d1b052d

SHA256
3346280c317521f72215a8b1fdc3b07748be6a3997ac3a80e7076d027839f714

SHA512
24393eb91abfe9c915066c0322207d1364eadf1b0ce1eb1c011e2b5f4054f1fe317db62a51034ba7069c8acc24a4b2028024c670f33a2673f44addd25f615323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
2d9ab43c9a7bfc9a2913f12d38135291

SHA1
857fbb0f93a7f3824f0bdc9b1eb1651057a4fe24

SHA256
6a7762093fe8721116c358e1e3f59c95c7c17f8a59c4098516949ad047b60c31

SHA512
53405e6d6458851cf8fbb0cc7e198ac61b242b74f9f2e766334baf7873a22635465fa3babac6b32ca451b7da8ac2ed94e9f9dfc9d175d80fc63309439ff56d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
738a29a48948304ddffac9adf068609e

SHA1
317851767b49ffe5b2a4b4e89972cfcb235aee05

SHA256
a9c1daa56018715c42d2cee670a44eb1c44b02923469475516f7d6a6a0d2c900

SHA512
4dd31c7bb3030232b1cf07332853f89bb242dc9bbdc96f0794d3df92641079d4e8f1df28e2aa08d07ea7508a21e6e2f1e848bb341ddaef4cfb34a3d064f05641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
55dd57a6dd555dc4191e0c23da79aeb0

SHA1
1ef0cfbfec480cc84e9ee82b0531c3d39854e201

SHA256
cea2afa8a00512730e114a08b2036619ad0c2e5ca1316a19ce58208f9f47b05e

SHA512
ef5abe067f9b288f6f3f223f8a56034962b5ce1a0fd54c5dd227c8ad1fe40d6fee22cd191aced123155363f0dd55e33da0d89f77f1ff3bf627b9eaa0134228c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
c1406346668c536b0987e362678ad256

SHA1
d5ed01095121195dab8fd90f9cd987374aead107

SHA256
aa6ae154ff39a14a99d28f078f567dfc6abe582e5a35cef8930e7c8626e14a43

SHA512
382516e330d3c2d4ce3f4ec54573017c77f2d1ee7025cf893cad4fe46111489f693381c4fecb7dab7818edbf93fd85d96044f4ab254d9bdbbbe6c0f53ae4f525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
ac7e5a870d1627cb25c9120cbf86769b

SHA1
adaba3dc0e766739bdd05b923407df948590c2e2

SHA256
c83e99d0317b34985d004e49e1f6e199acf022eacedaa6a0e66ef4db63f61434

SHA512
e7484b4c4d8e6b7e4b4c331228f7093dce065b9b5d9aa3b8ba4860839ba80581b5651712f30a7836b2f7f06dffa91ee6dea4066567935ec183f0c787d806e28f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
b62baad759f73090faf8aa2d9ea794ce

SHA1
7a7c4b48234510e897a8551432e336522ef61cbb

SHA256
223b2d01cfb6d0222800560845e8a1afeee2948c1f3af3f5c6772535e5e6498d

SHA512
14f12f62ac5284dc0ffeb945e776c83138dd283a20f6dd01abcceb390926eb714a456b186c667cf45fa05c9d6b31b77fa1372a6f48445d95f4c426403804a7f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
c55e584e92061cdeb9986858ae9bd0e8

SHA1
70574de7cd87fe329bf6eda774221a1e217b6bfa

SHA256
2dcea145bca28ee3d4260cc4d79cf3e030c21d761a1d58260ebf35494c74ef35

SHA512
09fef48b39c9dea327271a6399175e290bc3e7bd596044d9df1a31405bf66cc64220c24ed9aeece7c09c743f3af27b20378a963a247a355e1838c3fc7dca2cdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
833f6035a101d3128959ef58cb8f99f0

SHA1
510d4f5869f77fca570d3d06ed8b38b035031b22

SHA256
1cadddb97c19fe335d5230df263d957b914c061e7157e273c90a274655f2451f

SHA512
71d9560cdf2bfad901bdc2ea48d016bc920c64d1445d46e8a47c9c106d4e1af6637a0e189f945a31c34e43600ef16d3c84256ba4d360e9806f02bdf56c908b0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
8663320c072170e50df3775b69c1f1e3

SHA1
b69e79da5f86b8445314556d2e07634f6ca716e4

SHA256
fc86a3230bec1d00359df9d80f9352ccb8449bed35f254d49ae535ff21c3b1b5

SHA512
23f9a3a23cce6b6773e51abcf4783e27d1df7b65e61aed87a4d8a56b9202b3c2f4b5af0e818626f676f71688044585a3eaa62162d3b3f9deabc2bff0acfa2b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
11d6c7385d7dd17bd37048cd8785b714

SHA1
7a09b2f11199b1b6ba0b98f2db432c6649779026

SHA256
557432788a8ade16d57228562cccbf0a7e37529f82e4ca77102bb268437bfe02

SHA512
22379e0322baa7277fb18c2fcbd8828b038520d6fcadaf46d451a5172b869f10a8c81e2d317814d0562a2c053540d083b3e1620527c82d9ce575585f7d53387a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
d537ef34724be36692c13d331d18e7c9

SHA1
5b0918ce2c7b9357552f5797479b1ab4d5a70499

SHA256
28042bb3ecd1054aea389b7937932ec1ac2a9b6ff946b896ea2588790037e3e1

SHA512
6d041ca9de5cd6f9111ea3c207522752ab8d4cb91bf3d74f3bd44ab682ca84b89c4a31f296898c1eab127cc36679f296ba675f32bbb559913f4afcc0a4b43b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
7ab1c06f6fb14229465fc30ef11326fe

SHA1
4f46f082e07b410c645682072df7bac438963005

SHA256
d6777371123b5d6a45c64eb13f42bd5bb5c68373101e79af2260f840409cd4c9

SHA512
2c930561aec2a40340f5a91487a659b0d38c213fa96e655ad19f22a2775cae1670e524b98c973d82d0d649c699c73c2f2adda73386dfa05a698d2b2701281e95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
8c5bedcfd7337031e45ca14f3a04d4c6

SHA1
fd01948e8dae46385aa4e89162d7bc9b8a1124aa

SHA256
9ceea54e901fdc1b545d14b7de73a58b726b35707cea7c650145524186dc0abe

SHA512
36539a543b1720921bfae087875645f5fa3bd58074e781bcd954a917d6e027526aea05533a0a2907ee8773a3d38112ef77ed56dc186af77454a7b2d7309e6d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
77b4d77974d8c0bc6197bf9059ccf079

SHA1
2b172f06b476227e1921f79ae26a1b9702e797df

SHA256
442a608ef2b333377611284c8ea875bf0bb56ffa5197e54c0a0bea1cfa345a17

SHA512
49d865d25f238606bdca95eb22bf39f53e4efbf8d246f84b4f68f326df85d8283c9d16ba0001e29172055f5bf0a416ee366a5437e39e6abd9bf96ef80aeeea76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
005254cdd195013a6224414fdd70acf4

SHA1
c6cae1180d7b02f6569c2af4e662999d3b9561e5

SHA256
1282cdd75e308d2b55ed1a42c8b2ffa252e8111967707c7829454f27e453f5ea

SHA512
d08cbfdb3fcac1a616de292fd4fc87ffaf8e6ff9117e0872b15c66dcc72860d0cbcba2166ea50c1e0a134bd8b9b249ee7361e8abb5c07a8e9faf4c2a91a82112

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
f37634d9c75f117114cb4304d6c0d090

SHA1
22aa6807e6d85ef8d50de0a91e4e4542bd26970d

SHA256
ba2f4620104408273cd415fd1978d808e6b58d310602797cde59378a15619a0f

SHA512
81d898bf5d7213af69d0ea254532f8974135104b23c08727e06e0ebcb7333540c0553535491fc38e91896c0e758b2a680cfa22e5033974ea14e62616ab859430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
9bfa7b2510d3a3a7173d8f16c01772e6

SHA1
8eb66c64d6dc138fa6009e0e42bb62513ba4649f

SHA256
19b984f9dc8239f5f9a04c0434d18464f0209681eae53f98869266d4f6d20dfc

SHA512
77a0cc0d12ee8bab824acb600b7fdb60f5bd7d159bb4b823d9d1aa3b21946ae6c3a0637f71bc1f5768a2104f33896c1a34470f194c79d5722beb65a1212581b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
34777bf28a9df3678c08a36c2f284153

SHA1
e6bda8ff6789ece2812441dc73b403ecac1ab0a2

SHA256
a4c492208f70f4df50c3f529e25b798838251bf5f531bb5a0f8752be295f2def

SHA512
0b37eb9da5e17f74c6847bb5e30f3e36dccc0791b310a2959a2dce3b70063c70f9ba9b1cd5c150979b53f7e662a9842daf215942bda4dc875196a74db83f0a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5893bf.TMP
Filesize
203B

MD5
73ed3b0e5dd7e22071d2a4447f6d1379

SHA1
93272ce013c4fe6acb025b2d8cfb6891669cfed7

SHA256
326d00807b0f19a0b2d3d9d160b25f0c9d022ebbdac12d42b35e86c871d90ece

SHA512
7302badd5bbe2cfde4115dc2fbdd2b0cc79a8bcd0d27119452566691360d1343ba044d949797bf129f6528badabe39765f0cbb4f076f2440e46c78175c10464a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
38825fb5129842ead08132b38f39fa5a

SHA1
d42d3be4f461a247b2eae369b9051b995343d922

SHA256
2952a292f5b31f4fc25839f7793f099d0fa4825f8b1d8426c8adb2a7b4bceaef

SHA512
c5018da5897027d6433380b5677157ee1025b4e50f7c4c7d8ffc06d4f50b11d40728b829ca7fe0e501cee7dbf0a0534c009612aa75e4588f691d81ecfae07127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
d1eefb406abbb29840600223d9b5a960

SHA1
e6b004c59e960f17d3837cab7894bb8e1e6284fe

SHA256
d8edf122c4e888b43f0f5c2000cfb20c0a0795c371bb8dd7faa73457e6bd16aa

SHA512
5408b315c5ca8d14a976cf3e0cda59757eb7e8b3a40ecba2e22873d1bd2a30b55e98dbd1a1315597e8fedc0879242964ad69b8428919339bcdbef6a39b99b938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
07ef52dd7b14b39838e2226f5d134a7b

SHA1
b4d342a21141e4f67ee983ee0287ca24ee2325c9

SHA256
4d62adb0a3b3bfb4dfd5cca54bf92d1e16158f982fe3f6f9b97a1b99dd0225d4

SHA512
8df69fbc6f0950180fe332c8cbae8eb342781662ddd33780fa61435d282a4ea1fa548a762525f590d72b53db5c36a96e932a2d4ec31b32d26d3e9570256027ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
Filesize
488KB

MD5
851fee9a41856b588847cf8272645f58

SHA1
ee185a1ff257c86eb19d30a191bf0695d5ac72a1

SHA256
5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

SHA512
cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
Filesize
43KB

MD5
34ec990ed346ec6a4f14841b12280c20

SHA1
6587164274a1ae7f47bdb9d71d066b83241576f0

SHA256
1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

SHA512
b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
Filesize
139B

MD5
d0104f79f0b4f03bbcd3b287fa04cf8c

SHA1
54f9d7adf8943cb07f821435bb269eb4ba40ccc2

SHA256
997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

SHA512
daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
Filesize
43B

MD5
c28b0fe9be6e306cc2ad30fe00e3db10

SHA1
af79c81bd61c9a937fca18425dd84cdf8317c8b9

SHA256
0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

SHA512
e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
Filesize
1KB

MD5
13babc4f212ce635d68da544339c962b

SHA1
4881ad2ec8eb2470a7049421047c6d076f48f1de

SHA256
bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

SHA512
40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\index.html
Filesize
20KB

MD5
08d9ac1e35385587b0c3c8a73ea97234

SHA1
d1db15b5e97152be999339d90630f68ed06a6b78

SHA256
016cadaa9a8494b15efea920a5ea9c02b441e90dbc7c444e73db3b307f93a741

SHA512
8061a5a92f828642ea2fcb319571efa406ed67a75b4d4da1aeb3da96391a72fcde670e3e52efef62d37ddc17f7eca5afa0d35aa02bfd1bcadd8e86240cb802a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.js
Filesize
2.0MB

MD5
9399a8eaa741d04b0ae6566a5ebb8106

SHA1
5646a9d35b773d784ad914417ed861c5cba45e31

SHA256
93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18

SHA512
d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\loader.js
Filesize
27KB

MD5
8a3086f6c6298f986bda09080dd003b1

SHA1
8c7d41c586bfa015fb5cc50a2fdc547711b57c3c

SHA256
0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9

SHA512
9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll
Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll
Filesize
4.3MB

MD5
48521b6f8acefe8cd61b4ffc80b1d28d

SHA1
f553cca3439424585eefe2ecebeaeaa6b447950d

SHA256
69415bde05f368f24b38418244c6038c405cc0d3ff52d87a089e37c0100bc922

SHA512
4b7e87140370e5f0134da35734e18d7f8f60265241cbf7050c202474da8bd98505923113bcf51951d7e73ce79bddf14c8f1b6e4a9296cca140b7b326d2c90415

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Filesize
85KB

MD5
f8f4522d11178a26e97e2046f249dfa7

SHA1
8b591d9a37716e235260fb6b3f601e4ccbebf15d

SHA256
3c372a8919c28dc76414b2f30da423c3e1018b1a8444527949ce20cc3fc93ed0

SHA512
52ea881cad501cf1d5e8ac47355e862ac1bd39cb6e1ff3d362d392b6f2d676e74878832505d17a552aaa3bc8f3977da11fa3f9903722eedd23716fb46ddb7492

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize
152B

MD5
aac760550f9dddab4bb65a252d6a6afc

SHA1
67b19808a9761c5e64d42d561d90197ea5e93075

SHA256
d01c25b1d939ec1c2c16bfcd5474b41e2eea00b29885fc34fd10702cb9182fd8

SHA512
9a74ce706c9f1eca48938501a465da316b4accd59ef66f34e4e28944fc0ff7ad4562ee977aba13af3280bfe7596c865837973d8aedcb4092374d89d1704b4ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize
152B

MD5
b2c4f3c1f414ad6591aade289a951a12

SHA1
4d62e75f9932312460258b59b8dcf757ca27638d

SHA256
0e8be7b0b9459fa8589bac1baf86e5f6aeee009baea21adfd545e867c01c52bd

SHA512
49f35299c5178c3fb0aec8da851acaed195c8681dafdea289e404068cc17fab099bca598986acaf962309f35f6bad4cab5a1af9c7a9cadb784694c1074848b82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize
152B

MD5
fda2a5998c911be733f3dbd896db5af4

SHA1
60cb8b19804ef71deaa7d7594da7b858df6138c0

SHA256
ff2635ac5fce923766c607728d475bd780198c1e3609a988bfbaa4d41c8c518e

SHA512
86fc5897ba4b1b042b6775b5f144a4aae13c3746a332b76b620e298682d103d24f7894645202bfe839e5f677e47ba308abdad43d0d61cc928f2c1a41fa424400

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\throttle_store.dat
Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State
Filesize
1KB

MD5
ee38f04aaa4c99bf6fda25421e3856c9

SHA1
4e7702512201760adc81630374d09ff1dd9a6543

SHA256
5d896e898f5888d815d5b34355e58cbf0683060a768e2ec1c04a745928d38bd8

SHA512
5369f37ffd3c9becdcc434786e1b1a06ccc1223488a0b64ad62fe0f5df164a8a0710fbfa4170219a5b9a89c65eb56508f73c9841a6000324f6e94cea481b9e7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State
Filesize
935B

MD5
8cd8fa455c9eb31410fdc33b4365fcf9

SHA1
6389bf8826d20fcfd4eb0e4137e6f4eb3a9a40c7

SHA256
d06f6d380401deb3ae422fd1fcf628f802a2625449e8b36e68a35d1a88595c93

SHA512
642cc2dd36b677457b68acb73ad474801be172137af6557f4c40900e8e4b0883418727e4bd34640e0b7dcc4520dc1e75f8b44724df5ef7baa9bed773e956bcbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State~RFe6369db.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
Filesize
4KB

MD5
92209be857f9c9b24bf635017a161647

SHA1
9c4bd6bd1a2b701897315b68516dc2d807a31ea0

SHA256
7ee9855709d1c53e438d76a3cebaa94cecd4648231f49998697e2c6f7dae5b61

SHA512
5f5200fbf3deea8a0a3f3b19b6dd3a51cde6bd212283a743009339dba8a7b5ef4d0756e9625623daa2d8636de540438df8a85f01dee6f0028c25e60ca1d65b76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
Filesize
4KB

MD5
1d8ce59686974a6b6a195a591e209350

SHA1
5f2b1cf168de458654208ce628e6c74a1a3d6ebe

SHA256
7228a258308e15425b6ca154935a6e9fc2dc6bc12c547ac28848b36f829d5e95

SHA512
302b35a93a5e2d50e7dbb1665ace9d36dd15ccd7bb6e0db9b2d48258afb9839b4b32ce0ba2967ced14280f903bd005e80845a2a3f2e93ea6cb012920b8f3afe8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
Filesize
3KB

MD5
94e3d29aa8675036c686b5b165aad354

SHA1
a63b59f6cd7f0e5fb4460133e6655820bc30b38b

SHA256
5d86403188ce4de7923ff33c2016dc2176f3ce98a5dafe60f63d94b51a4433f7

SHA512
da5111a617b832caad2a2d742760ebc1f13d79606a7493f14d024bd68e2d0d0ed66ed76d96179a29174e362a7a0321382276ee961571eeb83575d6de5b7d3261

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences~RFe6366fd.TMP
Filesize
3KB

MD5
610ea96d855b1d0cf3660bb98f47aa50

SHA1
77f04938cc93d09a10f1970d945c22bb55d589e6

SHA256
30fb469b0ac1ad0401b4a18f4ff42adb0059fd507d0d41dc2534e3f850dfb055

SHA512
166083904b83e837832aa41feda0e905212be2ee5c4561564c085288497823d9da84164b0c0b981fa99fe1eb3ae4bea74d868c59614e999405a4b2fc2a13b951

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\TransportSecurity
Filesize
874B

MD5
49ec3e782cd997fa99bdc312cf0b3448

SHA1
48ce25453eb219a4bbc453077ca28cbca2f500c8

SHA256
1bce8227fdcee3240a0f47feeb9c1da580967e52640d1a4f83c5c65909ebe36f

SHA512
bfcc80398c6e2de6cf0b686c3960af005caaed22a0933afc82e927f37afdc701dd222d1d043c3ae1ff6251e50b7280ca51fa39c676ac530760319c0498619332

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\dc8edcac-4ea4-4d0d-9493-cedde2c9b421.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\f4f69a75-f76f-421a-a973-aba54d4f994a.tmp
Filesize
8KB

MD5
863e3fb72172559fb5e46d6bbeba0e5d

SHA1
54acc23457dd46c172abe2d7874be61584faaecf

SHA256
f1b7a01d0bf655458560f6cdf9cd969bfbcc44b1d96a9f5c19ea3bcfe187123f

SHA512
be388800a5ffc9cf4c40d9357462279a878a2f4b5e082dfb393b2c556fc05acd54d0a6ea9ffb9e3c2b118029ceb62d16a09c0a9f79ecab9b75d425597b44e5dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
Filesize
522KB

MD5
e31f5136d91bad0fcbce053aac798a30

SHA1
ee785d2546aec4803bcae08cdebfd5d168c42337

SHA256
ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

SHA512
a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dll
Filesize
99KB

MD5
7a2b8cfcd543f6e4ebca43162b67d610

SHA1
c1c45a326249bf0ccd2be2fbd412f1a62fb67024

SHA256
7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

SHA512
e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
Filesize
113KB

MD5
75365924730b0b2c1a6ee9028ef07685

SHA1
a10687c37deb2ce5422140b541a64ac15534250f

SHA256
945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

SHA512
c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

Download Submit
C:\Users\Admin\Downloads\SolaraB.zip:Zone.Identifier
Filesize
219B

MD5
777a972184a41d139efff3cc35defcfe

SHA1
c73edf94b41d7bc25f0a8e8f5969b6f376efdaa3

SHA256
e8775a71cf5bad963def722fe877d7535ffb7b3a3a24e8d70b68364d361f6b45

SHA512
814b53825bc5c8459599346946272afb4c775b53f3f154b7d1f2e96b044138f8f5a12b6bed322fbd2a2178acf56a6f4e0181dde67c58b59b278e0253d94845d0

Download Submit
C:\Users\Admin\Downloads\dnSpy-net-win32.zip:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\crashpad_3376_LRHQNALXXTDUSKEU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3080-2729-0x0000000180000000-0x0000000180B28000-memory.dmp

Filesize
11.2MB

Download
memory/3080-2731-0x0000000180000000-0x0000000180B28000-memory.dmp

Filesize
11.2MB

Download
memory/3080-2756-0x0000000180000000-0x0000000180B28000-memory.dmp

Filesize
11.2MB

Download
memory/3080-2757-0x00007FFC74630000-0x00007FFC74654000-memory.dmp

Filesize
144KB

Download
memory/3080-2730-0x0000000180000000-0x0000000180B28000-memory.dmp

Filesize
11.2MB

Download
memory/3080-2732-0x0000000180000000-0x0000000180B28000-memory.dmp

Filesize
11.2MB

Download
memory/3600-817-0x0000000005260000-0x00000000052C6000-memory.dmp

Filesize
408KB

Download
memory/3600-828-0x0000000006DF0000-0x0000000006E02000-memory.dmp

Filesize
72KB

Download
memory/3600-816-0x0000000005190000-0x000000000519A000-memory.dmp

Filesize
40KB

Download
memory/3600-813-0x0000000004E40000-0x0000000004E50000-memory.dmp

Filesize
64KB

Download
memory/3600-805-0x00000000052E0000-0x000000000584C000-memory.dmp

Filesize
5.4MB

Download
memory/3600-810-0x00000000002A0000-0x00000000002AA000-memory.dmp

Filesize
40KB

Download
memory/3600-818-0x0000000005E50000-0x00000000060D6000-memory.dmp

Filesize
2.5MB

Download
memory/3600-804-0x0000000002630000-0x0000000002640000-memory.dmp

Filesize
64KB

Download
memory/3600-2286-0x0000000006590000-0x00000000065A0000-memory.dmp

Filesize
64KB

Download
memory/3600-2285-0x0000000006590000-0x00000000065A0000-memory.dmp

Filesize
64KB

Download
memory/3600-2290-0x0000000006590000-0x00000000065A0000-memory.dmp

Filesize
64KB

Download
memory/3600-2289-0x0000000006590000-0x00000000065A0000-memory.dmp

Filesize
64KB

Download
memory/3600-812-0x0000000004E40000-0x0000000004E50000-memory.dmp

Filesize
64KB

Download
memory/3600-811-0x0000000005850000-0x0000000005BB6000-memory.dmp

Filesize
3.4MB

Download
memory/3960-2650-0x0000000180000000-0x0000000180B28000-memory.dmp

Filesize
11.2MB

Download
memory/3960-2303-0x0000024C3C7A0000-0x0000024C3C7BA000-memory.dmp

Filesize
104KB

Download
memory/3960-2321-0x0000024C58E00000-0x0000024C58E92000-memory.dmp

Filesize
584KB

Download
memory/3960-2320-0x0000024C3E520000-0x0000024C3E52E000-memory.dmp

Filesize
56KB

Download
memory/3960-2318-0x0000024C57770000-0x0000024C577EE000-memory.dmp

Filesize
504KB

Download
memory/3960-2316-0x0000024C57830000-0x0000024C578EA000-memory.dmp

Filesize
744KB

Download
memory/3960-2315-0x0000024C56F10000-0x0000024C56F50000-memory.dmp

Filesize
256KB

Download
memory/3960-2314-0x0000024C56ED0000-0x0000024C56F08000-memory.dmp

Filesize
224KB

Download
memory/3960-2313-0x0000024C59140000-0x0000024C5967C000-memory.dmp

Filesize
5.2MB

Download
memory/3960-2311-0x0000024C58A80000-0x0000024C58BFC000-memory.dmp

Filesize
1.5MB

Download
memory/3960-2310-0x0000024C57A00000-0x0000024C57C86000-memory.dmp

Filesize
2.5MB

Download
memory/3960-2309-0x0000024C3E3F0000-0x0000024C3E456000-memory.dmp

Filesize
408KB

Download
memory/3960-2308-0x0000024C58700000-0x0000024C58A7B000-memory.dmp

Filesize
3.5MB

Download
memory/3960-2307-0x0000024C58390000-0x0000024C586F6000-memory.dmp

Filesize
3.4MB

Download
memory/3960-2306-0x0000024C3E480000-0x0000024C3E51C000-memory.dmp

Filesize
624KB

Download
memory/3960-2305-0x0000024C56F60000-0x0000024C570A0000-memory.dmp

Filesize
1.2MB

Download
memory/3960-2304-0x0000024C57D80000-0x0000024C58382000-memory.dmp

Filesize
6.0MB

Download
memory/3960-2332-0x0000000180000000-0x0000000180B28000-memory.dmp

Filesize
11.2MB

Download
memory/3960-2302-0x0000024C57240000-0x0000024C57770000-memory.dmp

Filesize
5.2MB

Download
memory/3960-2334-0x0000000180000000-0x0000000180B28000-memory.dmp

Filesize
11.2MB

Download
memory/3960-2335-0x0000000180000000-0x0000000180B28000-memory.dmp

Filesize
11.2MB

Download
memory/3960-2333-0x0000000180000000-0x0000000180B28000-memory.dmp

Filesize
11.2MB

Download
memory/3960-2336-0x0000024C57CC0000-0x0000024C57CC8000-memory.dmp

Filesize
32KB

Download
memory/3960-2337-0x0000024C57CD0000-0x0000024C57CDE000-memory.dmp

Filesize
56KB

Download
memory/3960-2651-0x00007FFC68C10000-0x00007FFC68C34000-memory.dmp

Filesize
144KB

Download
memory/3960-2482-0x00007FFC68C10000-0x00007FFC68C34000-memory.dmp

Filesize
144KB

Download
memory/3960-2481-0x0000000180000000-0x0000000180B28000-memory.dmp

Filesize
11.2MB

Download
memory/4228-2703-0x0000000001990000-0x00000000019A0000-memory.dmp

Filesize
64KB

Download
memory/4228-2709-0x00000000059A0000-0x00000000059B0000-memory.dmp

Filesize
64KB

Download
memory/4228-2708-0x00000000059A0000-0x00000000059B0000-memory.dmp

Filesize
64KB

Download
memory/4228-2723-0x00000000069E0000-0x00000000069F0000-memory.dmp

Filesize
64KB

Download
memory/4228-2728-0x00000000069E0000-0x00000000069F0000-memory.dmp

Filesize
64KB

Download
memory/4228-2727-0x00000000069E0000-0x00000000069F0000-memory.dmp

Filesize
64KB

Download
memory/4228-2724-0x00000000069E0000-0x00000000069F0000-memory.dmp

Filesize
64KB

Download
memory/5048-2353-0x00007FFC827A0000-0x00007FFC827A1000-memory.dmp

Filesize
4KB

Download