Analysis
-
max time kernel
233s -
max time network
227s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
15-06-2024 18:21
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip
Resource
win11-20240508-en
General
-
Target
https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Downloads MZ/PE file
-
Sets file execution options in registry 2 TTPs 2 IoCs
Processes:
MicrosoftEdgeUpdate.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Executes dropped EXE 15 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_126.0.2592.56.exesetup.exesetup.exepid process 208 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 1288 MicrosoftEdgeWebview2Setup.exe 3480 MicrosoftEdgeUpdate.exe 1440 MicrosoftEdgeUpdate.exe 3304 MicrosoftEdgeUpdate.exe 4604 MicrosoftEdgeUpdateComRegisterShell64.exe 4112 MicrosoftEdgeUpdateComRegisterShell64.exe 2256 MicrosoftEdgeUpdateComRegisterShell64.exe 2700 MicrosoftEdgeUpdate.exe 3904 MicrosoftEdgeUpdate.exe 2940 MicrosoftEdgeUpdate.exe 1900 MicrosoftEdgeUpdate.exe 3972 MicrosoftEdge_X64_126.0.2592.56.exe 2080 setup.exe 4976 setup.exe -
Loads dropped DLL 14 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exepid process 208 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 208 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 208 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 208 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 208 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3480 MicrosoftEdgeUpdate.exe 4604 MicrosoftEdgeUpdateComRegisterShell64.exe 3304 MicrosoftEdgeUpdate.exe 4112 MicrosoftEdgeUpdateComRegisterShell64.exe 3304 MicrosoftEdgeUpdate.exe 2256 MicrosoftEdgeUpdateComRegisterShell64.exe 3304 MicrosoftEdgeUpdate.exe 2940 MicrosoftEdgeUpdate.exe 3904 MicrosoftEdgeUpdate.exe -
Registers COM server for autorun 1 TTPs 31 IoCs
Processes:
MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe -
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll themida behavioral1/memory/208-1706-0x0000000180000000-0x0000000180AC0000-memory.dmp themida behavioral1/memory/208-1713-0x0000000180000000-0x0000000180AC0000-memory.dmp themida -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
Processes:
flow ioc 37 raw.githubusercontent.com 38 raw.githubusercontent.com 46 raw.githubusercontent.com 47 raw.githubusercontent.com 49 raw.githubusercontent.com 50 raw.githubusercontent.com -
Checks system information in the registry 2 TTPs 8 IoCs
System information is often read in order to detect sandboxing environments.
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe -
Drops file in System32 directory 11 IoCs
Processes:
MicrosoftEdgeUpdate.exedescription ioc process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187 MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187 MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 MicrosoftEdgeUpdate.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exepid process 208 cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Drops file in Program Files directory 64 IoCs
Processes:
setup.exeMicrosoftEdgeWebview2Setup.exedescription ioc process File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\copilot_provider_msix\copilot_provider_neutral.msix setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\libEGL.dll setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\es.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\te.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\notification_helper.exe setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_pt-BR.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_or.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\BHO\ie_to_edge_bho_64.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\identity_proxy\win11\identity_helper.Sparse.Dev.msix setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\PdfPreview\PdfPreviewHandler.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\ko.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\Locales\nl.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\wdag.dll setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_da.dll MicrosoftEdgeWebview2Setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\te.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\gl.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\bn-IN.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\Locales\id.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\Locales\ca-Es-VALENCIA.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\Locales\ru.pak setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_ms.dll MicrosoftEdgeWebview2Setup.exe File opened for modification C:\Program Files\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\webview2_integration.dll setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\msedge_proxy.exe setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\bs.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\nl.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\identity_proxy\canary.identity_helper.exe.manifest setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_cs.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_sk.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\identity_proxy\win10\identity_helper.Sparse.Internal.msix setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\learning_tools.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\th.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\Locales\te.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\fi.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\Locales\en-GB.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\Locales\pl.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Trust Protection Lists\Mu\Content setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_lb.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\oneauth.dll setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\pwahelper.exe setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Trust Protection Lists\Sigma\Other setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\msedge.exe setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\Locales\mt.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\identity_proxy\win10\identity_helper.Sparse.Canary.msix setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_az.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\hr.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Trust Protection Lists\Mu\Fingerprinting setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\delegatedWebFeatures.sccd setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\Locales\am.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\Locales\fil.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\Locales\pa.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\MEIPreload\preloaded_data.pb setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Installer\msedge_7z.data setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\msedgewebview2.exe.sig setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_vi.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\en-GB.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\ms.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\qu.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Trust Protection Lists\Sigma\Fingerprinting setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_gu.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_hu.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_ro.dll MicrosoftEdgeWebview2Setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\identity_proxy\win11\identity_helper.Sparse.Dev.msix setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\Locales\ur.pak setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 55 IoCs
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exechrome.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629494455356744" chrome.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe -
Modifies registry class 64 IoCs
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\ = "Microsoft Edge Update Update3Web" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82CCB536-D2EE-4F19-9067-40531F08D1D4}\InprocHandler32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ = "Microsoft Edge Update Legacy On Demand" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\ = "Microsoft Edge Update Legacy On Demand" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CurVer\ = "MicrosoftEdgeUpdate.Update3WebMachine.1.0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\msedgeupdate.dll,-1004" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82CCB536-D2EE-4F19-9067-40531F08D1D4}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine.dll" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine.dll" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CurVer MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\CLSID\ = "{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\msedgeupdate.dll,-1004" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0\CLSID MicrosoftEdgeUpdate.exe -
Suspicious behavior: EnumeratesProcesses 9 IoCs
Processes:
chrome.exeSolaraBootstrapper.execd57e4c171d6e8f5ea8b8f824a6a7316.exechrome.exeMicrosoftEdgeUpdate.exepid process 5036 chrome.exe 5036 chrome.exe 500 SolaraBootstrapper.exe 500 SolaraBootstrapper.exe 208 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 4256 chrome.exe 4256 chrome.exe 3480 MicrosoftEdgeUpdate.exe 3480 MicrosoftEdgeUpdate.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
chrome.exepid process 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe -
Suspicious use of FindShellTrayWindow 50 IoCs
Processes:
chrome.execd57e4c171d6e8f5ea8b8f824a6a7316.exepid process 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 208 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe -
Suspicious use of SendNotifyMessage 28 IoCs
Processes:
chrome.exepid process 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 5036 wrote to memory of 4728 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4728 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4664 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4960 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 4960 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe PID 5036 wrote to memory of 3868 5036 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5036 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdd0309758,0x7ffdd0309768,0x7ffdd03097782⤵PID:4728
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:22⤵PID:4664
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:82⤵PID:4960
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:82⤵PID:3868
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:12⤵PID:4920
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:12⤵PID:4296
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:82⤵PID:2308
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:82⤵PID:2248
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1632 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:82⤵PID:512
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:82⤵PID:1672
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5408 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:12⤵PID:3624
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:82⤵PID:1364
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=764 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:12⤵PID:3292
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2244 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:12⤵PID:348
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5804 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:82⤵PID:2220
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5964 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:82⤵PID:64
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6056 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:12⤵PID:1496
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5684 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4256 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6004 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:12⤵PID:4968
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5256 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:12⤵PID:4224
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5860 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:12⤵PID:4256
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6128 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:82⤵PID:740
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5360 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:82⤵PID:2988
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=948 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:82⤵PID:3952
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5288 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:82⤵PID:4216
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5408 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:82⤵PID:616
-
C:\Users\Admin\Downloads\MicrosoftEdgeWebview2Setup.exe"C:\Users\Admin\Downloads\MicrosoftEdgeWebview2Setup.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1288 -
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"3⤵
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
PID:3480 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc4⤵
- Executes dropped EXE
- Modifies registry class
PID:1440 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3304 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:4604 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:4112 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2256 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuNDEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkE3RkIzNzgtRDU3My00RjM4LTlBMUEtNTlDNTFGMjE0QjNEfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezVCQUE0RDQxLUZENjMtNDNCMy1CM0FELUEyRDBBMDVGRUZERX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTUwNjMuMCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJRRU1VIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4xODcuNDEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYzMDUxNTQ0ODIiIGluc3RhbGxfdGltZV9tcz0iNTU1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg4⤵
- Executes dropped EXE
- Checks system information in the registry
PID:2700 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{2A7FB378-D573-4F38-9A1A-59C51F214B3D}"4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3904 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:82⤵PID:2388
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4944
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:616
-
C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe"C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
PID:500 -
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:208
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:2940 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuNDEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkE3RkIzNzgtRDU3My00RjM4LTlBMUEtNTlDNTFGMjE0QjNEfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7M0UyNkE3RkEtNDE2Ri00MkU5LUFCMTktMjBFQ0JCRDA3MzBCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IlFFTVUiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjcyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTIyMzM3MjIiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1NjcwNjU5MjgzNjIyMjciPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MzI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MzA5MjUxMjQ5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Checks system information in the registry
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:1900 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2217CA5E-CE3E-40DE-B762-694C704AC231}\MicrosoftEdge_X64_126.0.2592.56.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2217CA5E-CE3E-40DE-B762-694C704AC231}\MicrosoftEdge_X64_126.0.2592.56.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
PID:3972 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2217CA5E-CE3E-40DE-B762-694C704AC231}\EDGEMITMP_7EBF5.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2217CA5E-CE3E-40DE-B762-694C704AC231}\EDGEMITMP_7EBF5.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2217CA5E-CE3E-40DE-B762-694C704AC231}\MicrosoftEdge_X64_126.0.2592.56.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2080 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2217CA5E-CE3E-40DE-B762-694C704AC231}\EDGEMITMP_7EBF5.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2217CA5E-CE3E-40DE-B762-694C704AC231}\EDGEMITMP_7EBF5.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.57 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2217CA5E-CE3E-40DE-B762-694C704AC231}\EDGEMITMP_7EBF5.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.56 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6c2c8aa40,0x7ff6c2c8aa4c,0x7ff6c2c8aa584⤵
- Executes dropped EXE
PID:4976
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Installer\setup.exeFilesize
6.5MB
MD52db3410f16bfb551b063112f170cfe92
SHA14ac32b5efaed17e0aab5146774e0a90dd912b0ff
SHA25634a13e267b18b462cfb5c2b13c822d2b7d06b631f0e3257585382a10ef379c72
SHA512e499fd5fca2c9dfca23b11a651a647678d814f7e64cfafd8ce0e3a88621655f7d75eca8fdaa6d1fd248f6549f544ea91411bb7544420a662891fc2cb231bf23a
-
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\EdgeUpdate.datFilesize
12KB
MD5369bbc37cff290adb8963dc5e518b9b8
SHA1de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA2563d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA5124f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1
-
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\MicrosoftEdgeComRegisterShellARM64.exeFilesize
179KB
MD5687ccc0cc0a4c1de97e7f342e7a03baa
SHA190e600e88b4c9e5bb5514a4e90985a981884f323
SHA256ecbab53f1a62d0459d6ca81f6c004651c09562f8e037b560dcb0890a2c51360d
SHA5124da91ee55de7abb6ce59203edd9ae7e6fcacd5528ac26d9e0bfbd12169db74758a9bc3fde437e3c1d10afc95d74b04b0e94586472b0a0bb15b738f5e6ec41d8d
-
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\MicrosoftEdgeUpdate.exeFilesize
201KB
MD5e3f7c1c2e2013558284331586ba2bbb2
SHA16ebf0601e1c667f8d0b681b0321a73e8f4e91fa3
SHA256d19616ac12d3d536c8fbf034513a4977c88ef2d1676d358a2358fa051c8a42ba
SHA5127d4fd7ad06b05d79211144cbaa0047bdb4910212565b79f292a6bea652735dacf69435b24c73bc679cbdad4207f6352726eb297a1e7af4f7eef14dbc8a2ca42d
-
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeFilesize
212KB
MD5a177a23ca2ed6147d379d023725aff99
SHA11a789e5ef7bf9f15f2ccbac5f9cf3750ee41f301
SHA2569c584238ea9189afd6b11cf71604b1c2762ac815d6ca8994788de7e076b21318
SHA512c508ffd3e2cc953d857a2128e29dfdfe0f9e729da38c9cc3022c4376342aec946c6e79176e7885f6637008573c85339bdc8a9e261b3811887ecf5a7dd78383c3
-
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\MicrosoftEdgeUpdateCore.exeFilesize
258KB
MD54f840a334c7f6d2a6cba74f201e83a7f
SHA1cb032c7b1293190f8f1cd466f6ded4bbe71c47a1
SHA2562ff44aa5f48a3e5b3ca3c5a3904be23d29a282b467e30d6f52494df3dc1d612d
SHA512575c20fcdbebb16bcd17a137a656769d355a81817e7fa3743981976998e00bdf3ce42bbfa046c42a835e9e9e7a10ef6f8d7b306de9940fa332817cb2885db833
-
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\NOTICE.TXTFilesize
4KB
MD56dd5bf0743f2366a0bdd37e302783bcd
SHA1e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA25691d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e
-
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdate.dllFilesize
2.1MB
MD51125e435063e7c722c0079fdf0a5b751
SHA19b1c36d2b7df507a027314ece2ef96f5b775c422
SHA2567d8d1756343598bc651d62a0e81835820e0d6cf7a995503bb6b129b4bcc37df4
SHA512153f096af5c874c00a3c38602fab590eccf885f642040007b67799ef39d919d7cb261fba43a9ffbd68c8824eddea219505d49e05b3dcc70f00e6016a1fbd12b9
-
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_af.dllFilesize
29KB
MD53a8fa737407a1b3671d6c0f6adaabd8a
SHA1b705b27c99349a90d7a379d64fd38679eed6ec30
SHA2565995a5ae09cb7da69b5a6f8ea1a60406d8ebc2201b627417b578ebe903d22276
SHA5129872f32a727b248d3edafe303e5290e1bae0c270a988500424221970c0041268c1626ebb94712a0b8ba0f21d2f29d833ab9dbc4db884f7f9af5a5063f94d71b5
-
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_am.dllFilesize
24KB
MD586465afa3ac4958849be859307547f57
SHA19bbde5e4df719b5a7d815dd1704ab8215602f609
SHA256921fce73f4fc7b47749d250f5ab885141bd5ddec2ad057b049e470cffa4a6b20
SHA51213e178e317280cbd585261aa22a840ea2203d4ef5c845f4fd6d5b4fbf216d45aae55153aed43c1fe4284d45391c72e580e612347b2903effece8a2252a13b90e
-
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_ar.dllFilesize
26KB
MD5819e3c9e056c95b894f1863208d628a2
SHA1596993f5d21cfd92f29e2ea5b0a870dc2ac19917
SHA256588adf8e9a300e39b51f7404356c4ae863dee1f404664933585f8d9f2467d494
SHA5123a7e67248895ac2cbb1874514bffe62a23cdfff2c3674d21589f528ec283ccf3cc2e3abfea0d81f49046c7ba920f3e64cda100c5a20be69b91ce05095b50c06b
-
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_as.dllFilesize
29KB
MD5d1aa2764e05f7c8c88a17bb0cd25b537
SHA12bee78f103faffe3e25ca20c915cc6b46e2134e4
SHA2563dd5aab43eeaa6202adc115f40fc1feb5332128388c2d8e62176fdea20035097
SHA51280762e4611b8ac451490e5238c0650be048bf315526ed405d9c5837e5002bd6a9526f335a06c6baa009cba671ecb0613c76dce23086e13333f332480cbd9ced0
-
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_az.dllFilesize
29KB
MD51e4093c3b0af3eed6f95d2620d45bf40
SHA1e29a10ede562f2d057d6fc04c3a286996051a14d
SHA256afcc0b001c7ffc1f5bbdea02fcbd6054e8b15aff9ae47366910bcf5908d4437d
SHA512843480e2d2b431f32892830c26fc3e4b80656d069f83f9a9df78d10b1e22c9ceca99171360b2baa921d156995d87ea5223f18b11e2a8ac18fabdf905881940b1
-
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_bg.dllFilesize
29KB
MD5c30674009659b56bdb6a60f8629f0eb2
SHA14b6fc6ea93620a206a621875513455b57fd24e83
SHA256d09c23ecd92f5cfbe650c63bc93af84c11c9ae143a5838286c04169eab8bd103
SHA5128947a9bada21ed2e0f2cf080d58f9473a5c54092a5c1f75ca9523b48143caed346e831714e80466cc2e88513e507aef422d8560b69cbf8663eb21ab05c61707c
-
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_bn-IN.dllFilesize
29KB
MD5a8817334810c093e0c280e2a61caf36b
SHA19b3b2a8e33de3fa8df0b6b6ab4a40ab1d088ab28
SHA25618d4c6a9840ba877dd1906ff258fb06c245cfea6bab00bbffe18c442957393ac
SHA51224ee9a0c29d42c96ccec7f4f3322c3b6a2ed0e4d68b17a5b424a364f789adaa8f1404784c8feae77986cd0be39579dacc9ca89a3fa868bb0bf11d94c95f0bb23
-
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_bn.dllFilesize
29KB
MD54d2988ce0b2cf5cb02269a2455e1174b
SHA1d89cd05805965648c9e7b8bb4bc8bd3605ce2d4a
SHA256cbc9a8a3936e6cb279885dc8a23261a290e85907f947a1a16fe9e7d6bdee69f8
SHA51264cee7e579367faca4864ebb5feb9dee310915f8640780a5a52c19f5c68d817adab7ef357913a68fe841a3b2e801e85de173a37402cdd49cf35319571ff6ce44
-
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_bs.dllFilesize
29KB
MD53e817089a18c72bd505dd6bbe5ce6163
SHA12c21b568c2fda5e475a1a996b73874ba6fe420dd
SHA2567c31aa69e3109d7134443c47b12859fffbade13a2f994f0bf42a8fdc12f796df
SHA51220534eee7c59a9cdb595c3f6d01abc8cfa534aaf84a693d3b011e4dada3fde080142a95ba036270a6a2ad2b65e6fdb18b08e53552715cc4edfcb87662fbf8100
-
C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_en.dllFilesize
27KB
MD5a430ce95b80c07bb729463063e0c7c48
SHA1cc488bdc18c191d88dd93e45bb85fda19d496591
SHA256c9c8a06948123607b7b35d0d46c9600b1d3e2f674e6117820b4f559818c26b60
SHA512cc9c24b95d079a949a8e725002494b0c75c19bce9ec6457cb4307f5803b7433eed738944f1baf770df8e034212224b1d9662fa533aa5bc5c01568d192fa49efc
-
C:\Program Files\MsEdgeCrashpad\settings.datFilesize
280B
MD5f915e622e8ee1ffd959db2b0262ad2b9
SHA1d12915d51ec31ac7daafdb1f95638f765e33a559
SHA256a79c4abf2a42518c8fc05f962562909a416a41c607a79249d04283fa91b70122
SHA5122c47ecdac5cdd7ea02c335b0dca38e03063388046ef4db7b9d4b977dd250605c17a39eb25306a15c8ff4710f94077cb5b5ec727c9bd581e056043fc53bbf46d2
-
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.logFilesize
15KB
MD58c4e78998135d07dbf9e0a6f6593d76f
SHA1c34377d9f8cc8050c8ceb9af513570623bc06842
SHA256105906927da47713d7fd1bf2ff3ffa9fb674cb3a5890fb298c02a3f8a5570b6d
SHA512f0b90ecaf05b6567e048416c64591be28541fac1d5c2966f77fbc645267c511388449302168fe7180cef4f301a855ec400c8e86373e2da02eb2db3a44b1e40bd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD533448613b818f86148fc8543bbdc8a51
SHA15ca6c2cc795bebfbfb186db46195b53ce7a3037e
SHA256052e2f064390124cd9a3487acd8564d3c593cbb0ef924da393c7e70cac68874d
SHA5121052fc7e1d58c946dbeaec88868b3d405d6ede885d13dd5f97226ab13d8d186b80d93aba140be96c53b36f94426cbc398ff65a9d0373d70b49828f02c8dae3b4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5fe8690647c1df4f0624f9f1a96e8d52e
SHA133e1d9b35246871ee00758e498b5b74626f5e14e
SHA256fcaf88d5fd8e92bcb269e5bd4b4ac4a13a3a764933dcbbd26b0e7674ec4a6238
SHA512e280bed32e73608597a9f6ca01e0eb3a127e66c2ed9c15dbb181fb16feb58de9fe81e363ee73909e7ef505ddd25980bb3b95d432eed3c8ee350723cab065d452
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1Filesize
264KB
MD58f3ea611fbc057eeb8f44cd5f8eca38c
SHA163eabfeca2d70532424b796c3e0ba763c102d309
SHA2566d8427351ea5017dc5009a18d291840a3830a7f5315c04493b65711c7481fa89
SHA5121a48827cecf3ee3e5a23a3c5fe98006615d7a467c233353df35c660034ef61e1a7df16db82f393e383b2f1b49ebe59b7e8234dc7918a02745eeb05571fc6c03b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\25d47759-8314-4fe0-9002-9ffd8e0385f7.tmpFilesize
1KB
MD5398f70fb65d509b162220ca0240e4545
SHA121b966ad5c085c0cbaae739a1e5cea39393b2c18
SHA256c185df723f2acff16c93dad5017a5d5736aae12b6c6ed5b085ca43f885f8f269
SHA51270a6548ac7af1c63673340aa7efee99436404d57c4701b97afe21edfc54fcfdc17c6be4f3b982f513dfe6da27de0be65ba780e0cbe08326cb6010c07d89a5d29
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD5bee77e277061441ff99d813b8bf18ca5
SHA1e0227e9aad7696143ba5b169597418ea7792f5fe
SHA256cc9cd5254dd4c0b969577a0a3703365053bbe0571db465b621fa54ae922b46e4
SHA512ee3c0f387698ba9083f91e10933ce90de55c34219e2a2938f2a6f956fddf7011c9e7d4a0246dcbd8b28f02066d3597769dacbadde2a27b85a531af14356e1e20
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD56b05baf25f8fed38dafd37784dafdbca
SHA1027b3e242a633bc3d4ea65860e1ea5367a4affc4
SHA256e790b24db25485eea12c354f3e76e31a1b6c6acfdff375679419bb7fd95b03bf
SHA512977add576cbc84d3be7ca5289ee8487b3e8367b2379f469ce69b331dbee6045cf807f783b1d819bae4e38e93c8b982a8faa34db50d221ae90fb2d718e62705e7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD5e8f08c4dbd2845cc583ad43db7ddf95d
SHA14aad5193fa3fb64bb1399c65ca0d48acebd1c170
SHA256d286694ad037d472aa588072f7a7b2c2fa4c48dcb00ee2da1dd2b0711fdf4b24
SHA512661725142a43cf72a7912c3e4bc57f5fadca9664e6a639367915f346a864c9700453e3151d7d41824c98797bfc7109e53fb79b8399b06a666ec57f5ea9ce787d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD598063d3d0750af2701b57a3a92de4a37
SHA15df5c1e9f389d00a1df6e305b9601d545bd23122
SHA25683471631336d1dec58da0f854e2a6a7de0269b8fee69266e651fc0ae80c6322b
SHA5128c4c5a0894a90c8f11696df0cdf5a80d05d5d5a87e86859fb9c5b88e8304221d7a1519a656b755dcce38020a367199a9cbe5b0b54e0cf7370565311310d07183
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD55c06593b4ba16b91fd03a45f6c11cfc4
SHA1c18b53ec775069c2c2934f5bfc6281f8fcde7b4e
SHA25693c4a31f71e802de30c6ee3ad18e3471405d771a46f2df53771a33832c70906d
SHA512e5d4e3c735d5e7872670c2cb12ce26989175e32888e20583e5dab9790dd11def433652f01d94f5a39ba9c3124df7dad5dccb9448009700d8eff1c4e02ae1d032
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD56d0710af9d2ad2d54f98af4181a57c94
SHA1deec801f8bd9d3f03dcf2a2327d66c5209ac0283
SHA256950f52793d3678a15d637218b169d2383ea6027feb49603033ca4651d1b418b0
SHA5124dcc29e81d867117bb9eaebe9c6aab22fd4f0c7d4e8defd8354c53746fc23d3ee7728962808d524200c93d541fe96e3a665b7f05e77c08451a1385911ad43185
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD575c4e2761761c1edc91262a37767a3d2
SHA13309f2fd7a87ac0f150018dfbe34507a649799de
SHA256ad41569aa5543ff951d53a0437c1e6a48e13be221c79b3d134729e113e9cdb25
SHA512ae9fc94e010d086f5cbe25dd63e9a96156680d72a0c22393abbedbc5ae4fd8393183b9708a60e81f6edffa03db9de354ff661101e3f79c12ecb46e1ba6c1f347
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD59e0bc9a66673df816e4228d479e630f6
SHA152a66b59c1e16f17bcad5ff704a327081f563022
SHA256dc63d0640587e3d7e4f8c6c0a9802a9733f1ff4b1b4450c9dae47572bd501591
SHA512e61f0b99eadfd38ffe6243b25cbadf35d4aac37d0c680b152278440543499bd2d90baca4fcb4edeff8e7b47e3a5ffba42af17c5a69cd1c86b8699ecb24e067ef
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5cedd395a66070a07fe3c820119ee24e5
SHA1f2c8eaf9fd8e9c2ecef2613758c018ff4649c051
SHA2560636c723ef11c2a511c86dc5a62fdc391032a1e7c15751380c563c05c782f31c
SHA512893c3ca0dc75dc0006cb003ab90bb45ba828a4d680ec01184c18c8c18a9300c3c66f764c5f7cda8f0ea345824efd54cedecd84e928d1fe622422656487bc291b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5f8896fef21f0a64769006d1255f1198e
SHA16d5dbcb3b036d0a5efc18d55b2bf1cb06c74d793
SHA2566b4654f3252b82a6d5f15c87e3397a44bbf2b8260f17b3041fda25ca37aedb15
SHA512a7a9c88ffdded4c1f7212ecd0418847dff1591e5da284345c006d6851c9049db8df5f9118d3c58318d17f302f9adbff1a4198d54b5343937edaf888033e792c8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5ec4da1875be7d19a2a793a630f7a74bf
SHA1a6002f31db4e8a50e519d51e4989018b3853ffd0
SHA256adb39526f7fb72e1c4603f2c8cc974811e8813316834373cd2a8649344c03b52
SHA512f705a4b6e1d9081728d83a96e257d91ee8eee855429179b4680d82006529830b41b84a79f26697cc9de46f6dc2b36c573dcc2d3892a31a632a9580450d74a0ce
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD50628427b9336b7e5de15c8d078dee946
SHA11b50e4b80ea5f14536b6b9b3a8e5fe79c1607feb
SHA256cf36962382c46d413d66d6ba6373ed0ce023a645618072fccb8ad931a898b7e5
SHA512533115b40a4abc15dcbf2641f77e74c0d94ae321c59c76b75bcbd179c1de7d8c07ddd4ed85f32cdac41aedb3e5c06bc29ff1e72a34d2ddf501d0036bfb33aa48
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD53ddf3c85ea3e8076dc62af25909fa479
SHA18f7818976ed36f6c3fd307c664efd99fd58a97e3
SHA256820a27656239b74191b177187e7c1cac855172596ee46b843d9b7f8834eb68f3
SHA512b5682fdd8cd8877ab6e93f88e37a96b010910c9a6a928d6dca999c86e8dab2428629d589d723ecc2a67b05c8a09d6abf55dce1307aa7a5227f450fbc63864976
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5098f9e03cf9b619e4533054b13348d86
SHA1efb15e4e80586839f59b12dd7ec04722ff51d460
SHA256860e2675f4e500760f7638187ada26788a821a84847d8cbf658aa05221a5b797
SHA5120b27f2c25d58f351412d305b96cf55b037794c9378cd4cfd1df135373c5d538d0fc0ffb1c1891654972f9aa341e4fc56db1f22d0bb648c0314c32289413b379a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5eaa53a854eeef2a7ff8e632c29937c9a
SHA15677465572c6ff07c4f91b4da6490e43f6d168da
SHA256d222ebad49235fbaa9b8f80af2024cf56be9c0c9f89a509b6e449a102b32d06e
SHA512fad08d4b644d90da6b906809ef485ee90e9940cde4d92511a501df82c8bfbca46f3e983e79c765bef3f08f263594ec4414a9e4019346975790319a3afedb0d1d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
136KB
MD5765fd34e78b700616ee642b75454dd2f
SHA109e85a23b937706cdf68930c0883351eb7fb4ec3
SHA2564302e90daf5eacb35eb55d46265a928b1eabe7fe3aba8a06ba0a783a592500fd
SHA5121baf3f879db3b71a9e27fd102afb46c5ff93b9bdb827c0713337964b1ba739b2c545f3f64c801a661ae551875e4ed2f391afb0fb1ecc4194a9ddd77d16c19853
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
136KB
MD55deb002575523215eff943183aba30a2
SHA1c8e80eba55dafa5bcb7a39ddc991c5dd5f4a48e2
SHA256169c553afe90291e3f54e65fd8eab6786f6e33ed75aa29a1eee6014f2322d140
SHA5127c96fbb556997dc51bae3db03d417ea87f5e67f3fd77397664f50b85f5cf94d5ac03b758afe6283238b86590924744615aeb06030b5eaf156cea79997216ec3a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
136KB
MD5299b94c2a13b1e83d35caeb8a470b9ca
SHA136f9055c0363f1345c2a8b7e01fe85d60bd1770d
SHA256071f345c4a90e2bb1bae44c7931532fb35d9a7b199ae09353627c81b84f02589
SHA5125c7ee087f3c8f85c15ecbbe441457aef70a156f63fa3303f5fae7ac718438f4e16decd6e0055270fbf375e6852de3be7200a48282f7314bfac78866f27baf9ef
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
136KB
MD5fb8d3b80b84f63929a26d74aa88a26d1
SHA1fabbf43efd9a40ca195231ae183f3ae7d688e501
SHA2561feacbdf8c00065f109bb53d9c8e82e38b76b5779e0f84b21976c0847f15f15b
SHA512ade220bde3afe205094e5b20e7b499d716eeade9d758f299d6e6b288ce9b1017ba387d67591db5cb1e66b902aef879a63e167ee4fb7a27a3791c33ab71a4bae9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
112KB
MD5cafaead0b56ab008b15521a8415d38e2
SHA1fdeea4dfec3bbbec189141b8cedaa1273422b4b6
SHA25682874d2daa4f050de552f10943b785ec4266a64daf0696fb1a014ed642d94558
SHA5122d5d7f5127a9ba67101908fd0f9d920e3c70f4fa05ca97965f985c02cc1675d7dfd6515ec97096e78835d52ad18ec96c4e2656453928967efa5087b7fa01e10e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
109KB
MD58babef4e42c465a8e7cfe24a8b606259
SHA11117dc0c5c9d0ef5547382cd06a70aa9ff9d7620
SHA256485ff94d76b15af0f99884c1aae0a5d81b0dc411ae16495a74c4c93e44f29c74
SHA512399529566bdcc1cb7955c314c2f74103a09d8bf55a5a6b78a1714b1ec08fe8bb6f3ecbe2f5022c6b971792d82841d663c8f67a54c26e4bc363475475fe069f07
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5892c5.TMPFilesize
98KB
MD525b1cb3c4d11437b0e5438c8a547e2ac
SHA11a5ba5fc1d805546f09c2e5d8de0ae3b013e448c
SHA256be5d9fe7e3e7ab3f780e5aa0c4278aa214ed20e3fb553f6bc1d809c15ca91822
SHA512e6d832d3169c9f8c9538b1486dcbee3fe4a46957e50cad88130a1f201128a7eeae64bd50bb43e38ee2e012dd8e8d351da47559f6eaf21be831ad062c95f20b25
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dllFilesize
488KB
MD5851fee9a41856b588847cf8272645f58
SHA1ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA2565e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dllFilesize
37KB
MD54cf94ffa50fd9bdc0bb93cceaede0629
SHA13e30eca720f4c2a708ec53fd7f1ba9e778b4f95f
SHA25650b2e46c99076f6fa9c33e0a98f0fe3a2809a7c647bb509066e58f4c7685d7e6
SHA512dc400518ef2f68920d90f1ce66fbb8f4dde2294e0efeecd3d9329aa7a66e1ab53487b120e13e15f227ea51784f90208c72d7fbfa9330d9b71dd9a1a727d11f98
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dllFilesize
43KB
MD534ec990ed346ec6a4f14841b12280c20
SHA16587164274a1ae7f47bdb9d71d066b83241576f0
SHA2561e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
SHA512b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrcFilesize
139B
MD5d0104f79f0b4f03bbcd3b287fa04cf8c
SHA154f9d7adf8943cb07f821435bb269eb4ba40ccc2
SHA256997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a
SHA512daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrcFilesize
43B
MD5c28b0fe9be6e306cc2ad30fe00e3db10
SHA1af79c81bd61c9a937fca18425dd84cdf8317c8b9
SHA2560694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641
SHA512e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrcFilesize
216B
MD5c2ab942102236f987048d0d84d73d960
SHA195462172699187ac02eaec6074024b26e6d71cff
SHA256948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a
SHA512e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSEFilesize
1KB
MD513babc4f212ce635d68da544339c962b
SHA14881ad2ec8eb2470a7049421047c6d076f48f1de
SHA256bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400
SHA51240e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\VCRUNTIME140.dllFilesize
99KB
MD57a2b8cfcd543f6e4ebca43162b67d610
SHA1c1c45a326249bf0ccd2be2fbd412f1a62fb67024
SHA2567d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f
SHA512e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dllFilesize
133KB
MD5a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1dd109ac34beb8289030e4ec0a026297b793f64a3
SHA25679d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA5122a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dllFilesize
5.2MB
MD5aead90ab96e2853f59be27c4ec1e4853
SHA143cdedde26488d3209e17efff9a51e1f944eb35f
SHA25646cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txtFilesize
48B
MD5be2a7d7f566380c227aee6c9352ba882
SHA1b8b1236b1ce17f295b2780622cad96f4a1694b46
SHA256fa95da2b65d081614dc31c4ec93f5443a42fca6f0fec3552d341b7588cd0a0e6
SHA512771cacef95bf3f9564fa59f72654e269b280b08ed388910c60d911a5a265c3ccdadb75060e502981301c38041eb25d7097731901aa431822f47208d10a73c67b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exeFilesize
86KB
MD5d213a75b1956398e4c36bcc2f93339bf
SHA16a2739cc0e67f5593c744fbcbc8f00f12eef9954
SHA256ece75d080f94df4b3699389021337b1536cfed229d1325f09b03f0b0d6d85ab4
SHA512d32ddaf4c6f8f8df6c390d683e6c039f3b0d8f35f68f690b28bf88b17caedf0e11abd3aeb2e46238d0cd0a91b2db095cca0782b4e27f04453ea4cb6db38f4dd7
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dllFilesize
113KB
MD575365924730b0b2c1a6ee9028ef07685
SHA1a10687c37deb2ce5422140b541a64ac15534250f
SHA256945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b
SHA512c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1
-
C:\Users\Admin\Downloads\Unconfirmed 73292.crdownloadFilesize
1.6MB
MD5db7fb67fcec9f1c442de25f3ad59f50c
SHA1b600aa26d1cded59760304c6d77f4ff75722eabd
SHA256c227208854734bbd38c9f74f39034111733da5c7ce71515b1610aedd79417f9f
SHA512c14ec7d252a6f201dfea476d302fbc5140713cb4ea7bc8d4e610bfd806b3fa3c141153e2e9b8cb36255fba1fab4d4400ed83f5f5c1228d77d77bace41d5de7fe
-
\??\pipe\crashpad_5036_SKNUITTENRFGNCXJMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dllFilesize
4.1MB
MD5c2bde3ba169916206ef61ce2af29abd5
SHA19ea8cc423fdd68280988d94f2eac468e445d34f8
SHA2562099337afdfc49b325763e2e741253aac15c195e0010039a625459e8ea1ac526
SHA512442e5935be20dd345fb9940113a7db2e06649eb36fc79a4b7128e3054c8a27a34c62b826397b2d46810ea32f3b2d8367bb375b7996019fcbc2d400dff5f21ca0
-
\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dllFilesize
522KB
MD5e31f5136d91bad0fcbce053aac798a30
SHA1ee785d2546aec4803bcae08cdebfd5d168c42337
SHA256ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
SHA512a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6
-
memory/208-1706-0x0000000180000000-0x0000000180AC0000-memory.dmpFilesize
10.8MB
-
memory/208-1693-0x000002A5F1460000-0x000002A5F146E000-memory.dmpFilesize
56KB
-
memory/208-1688-0x000002A5EEEE0000-0x000002A5EEEFA000-memory.dmpFilesize
104KB
-
memory/208-1713-0x0000000180000000-0x0000000180AC0000-memory.dmpFilesize
10.8MB
-
memory/208-1711-0x000002A5F7390000-0x000002A5F739E000-memory.dmpFilesize
56KB
-
memory/208-1710-0x000002A5F72F0000-0x000002A5F7328000-memory.dmpFilesize
224KB
-
memory/208-1709-0x000002A5F7110000-0x000002A5F7118000-memory.dmpFilesize
32KB
-
memory/208-1690-0x000002A5F27F0000-0x000002A5F2D2C000-memory.dmpFilesize
5.2MB
-
memory/208-1695-0x000002A5F2720000-0x000002A5F279E000-memory.dmpFilesize
504KB
-
memory/208-1691-0x000002A5F2430000-0x000002A5F24E8000-memory.dmpFilesize
736KB
-
memory/500-224-0x0000000000AC0000-0x0000000000ACA000-memory.dmpFilesize
40KB
-
memory/500-227-0x0000000005D60000-0x0000000005D72000-memory.dmpFilesize
72KB
-
memory/500-223-0x000000007318E000-0x000000007318F000-memory.dmpFilesize
4KB
-
memory/500-225-0x0000000002D30000-0x0000000002D3A000-memory.dmpFilesize
40KB
-
memory/2940-2126-0x0000000073690000-0x00000000738AF000-memory.dmpFilesize
2.1MB
-
memory/2940-2167-0x0000000073690000-0x00000000738AF000-memory.dmpFilesize
2.1MB
-
memory/2940-2199-0x0000000073690000-0x00000000738AF000-memory.dmpFilesize
2.1MB
-
memory/2940-2139-0x0000000073690000-0x00000000738AF000-memory.dmpFilesize
2.1MB
-
memory/3480-2165-0x0000000073690000-0x00000000738AF000-memory.dmpFilesize
2.1MB
-
memory/3480-2124-0x0000000073690000-0x00000000738AF000-memory.dmpFilesize
2.1MB
-
memory/3480-2123-0x0000000000C50000-0x0000000000C85000-memory.dmpFilesize
212KB
-
memory/3904-2166-0x0000000073690000-0x00000000738AF000-memory.dmpFilesize
2.1MB
-
memory/3904-2187-0x0000000073690000-0x00000000738AF000-memory.dmpFilesize
2.1MB
-
memory/3904-2125-0x0000000073690000-0x00000000738AF000-memory.dmpFilesize
2.1MB