Analysis Overview
SHA256
257f8251ab61b944b75deafc681030a20b6dd5ae03b8540d8f482a6c291efb96
Threat Level: Known bad
The file processlassosetup64.exe was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Modifies file permissions
Drops startup file
Executes dropped EXE
Themida packer
Checks BIOS information in registry
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Checks whether UAC is enabled
Event Triggered Execution: Image File Execution Options Injection
Downloads MZ/PE file
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Blocklisted process makes network request
Enumerates connected drives
Sets desktop wallpaper using registry
Suspicious use of NtCreateThreadExHideFromDebugger
Checks computer location settings
Suspicious use of NtSetInformationThreadHideFromDebugger
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Drops file in Windows directory
Checks installed software on the system
Loads dropped DLL
Checks system information in the registry
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Program crash
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Modifies registry key
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of UnmapMainImage
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Views/modifies file attributes
System policy modification
Enumerates system info in registry
Modifies registry class
Uses Volume Shadow Copy service COM API
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
NTFS ADS
Suspicious behavior: LoadsDriver
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-06 19:00
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral16
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:33
Platform
win10v2004-20240704-en
Max time kernel
1372s
Max time network
1160s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3556 wrote to memory of 1100 | N/A | C:\Windows\system32\cmd.exe | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe |
| PID 3556 wrote to memory of 1100 | N/A | C:\Windows\system32\cmd.exe | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe |
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\pl-update.cmd"
C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe
processlasso.exe /updatecheck
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | update.bitsum.com | udp |
| US | 104.26.4.102:443 | update.bitsum.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| GB | 184.26.45.61:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | 102.4.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.45.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:33
Platform
win10v2004-20240704-en
Max time kernel
1799s
Max time network
1137s
Command Line
Signatures
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bitsumsessionagent.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\bitsumsessionagent.exe
"C:\Users\Admin\AppData\Local\Temp\bitsumsessionagent.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:34
Platform
win10v2004-20240704-en
Max time kernel
1794s
Max time network
1801s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pl_rsrc_finnish.dll,#1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4188,i,8550138573348074061,7308779696487990535,262144 --variations-seed-version --mojo-platform-channel-handle=4108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2488,i,8550138573348074061,7308779696487990535,262144 --variations-seed-version --mojo-platform-channel-handle=2760 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.10.44.20.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:36
Platform
win10v2004-20240704-en
Max time kernel
1700s
Max time network
1143s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pl_rsrc_german.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:47
Platform
win10v2004-20240704-en
Max time kernel
1369s
Max time network
1149s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pl_rsrc_ptbr.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.117.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:33
Platform
win10v2004-20240704-en
Max time kernel
1788s
Max time network
1142s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pl_rsrc_chinese.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.116.69.13.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:33
Platform
win10v2004-20240704-en
Max time kernel
1800s
Max time network
1803s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Downloads MZ/PE file
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUF4DF.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUF4DF.tmp\MicrosoftEdgeUpdate.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation | C:\Program Files\nodejs\node.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EUF4DF.tmp\MicrosoftEdgeUpdate.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Suspicious use of NtCreateThreadExHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks installed software on the system
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUF4DF.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUF4DF.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\MSVSVersion.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\event-target-shim\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-explain.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\content\configuring-npm\npmrc.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\SECURITY.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_etw_provider.man | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Trust Protection Lists\Sigma\Cryptomining | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\EDGEMITMP_3DEC4.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\copilot_provider_msix\package_metadata | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\EDGEMITMP_3DEC4.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\output\using-npm\config.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\mute-stream\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\disparity-colors\lib\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\large-numbers.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-link.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\man-target.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\README.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\fastest-levenshtein\mod.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\ninja_test.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\vendor\QRCode\QRMode.js | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\Locales\sr-Cyrl-BA.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\EDGEMITMP_3DEC4.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-ping.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\make-fetch-happen\lib\cache\errors.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\link-bins.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\has-flag\index.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\signals.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-flush\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\brace-expansion\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\socks\docs\examples\index.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\read-package-json\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\selectors\selector.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\lib\commands\help-search.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\make-fetch-happen\lib\cache\entry.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\asn1\dump.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Trust Protection Lists\Sigma\Advertising | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\EDGEMITMP_3DEC4.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\npm-registry-fetch\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\spdx-expression-parse\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\sq.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\EDGEMITMP_3DEC4.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\MSVSUtil.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\diff\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\internal\streams\pipeline.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\dist\abort-controller.js | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\Locales\mr.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\EDGEMITMP_3DEC4.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\graceful-fs\graceful-fs.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-profile.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\find-python.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-hook.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\EBWebView\x86\EmbeddedBrowserWebView.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\EDGEMITMP_3DEC4.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\identity_proxy\beta.identity_helper.exe.manifest | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\EDGEMITMP_3DEC4.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\learning_tools.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\EDGEMITMP_3DEC4.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\models\base.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\cmp.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\readable-stream\lib\_stream_readable.js | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\pt-BR.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\EDGEMITMP_3DEC4.tmp\setup.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping3752_2026079866\protocols.json | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\sigstore_verification.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\lte.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\el.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\EDGEMITMP_3DEC4.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\nopt\README.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\console-control-strings\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\output\configuring-npm\package-json.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\minipass-fetch\lib\blob.js | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI48A9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4DEB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e6b177e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI47BE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI21B5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4A60.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e6b1782.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1B95.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2185.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2753.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1C23.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1C33.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2773.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e6b177e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1F90.tmp | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\processgovernor.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\processgovernor.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133647678683862725" | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\ = "Update3COMClass" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CurVer\ = "MicrosoftEdgeUpdate.Update3COMClassService.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe\" %1" | C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc.1.0\CLSID\ = "{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CLSID\ = "{B5977F34-9264-4AC3-9B31-1224827FF6E8}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CurVer\ = "MicrosoftEdgeUpdate.CoreMachineClass.1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService.1.0\ = "Update3COMClass" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LOCALSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation\Enabled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateOnDemand.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 243558.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\processgovernor.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processgovernor.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processgovernor.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processgovernor.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processgovernor.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processgovernor.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processgovernor.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processgovernor.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processgovernor.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processgovernor.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\SolaraB2\SolaraB2\Solara\SolaraBootstrapper.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{BB35FD62-699C-4E23-AB27-0AED9DCE7196}\.cr\vc_redist.x64.exe | N/A |
| N/A | N/A | C:\Program Files\nodejs\node.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{A364DF02-0759-4824-9D1D-97FB2D99589A}\.cr\vc_redist.x64.exe | N/A |
| N/A | N/A | C:\Program Files\nodejs\node.exe | N/A |
| N/A | N/A | C:\Program Files\nodejs\node.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{4EB67AE1-E030-4865-8EDD-D9620713FA7D}\.cr\vc_redist.x64.exe | N/A |
| N/A | N/A | C:\Program Files\nodejs\node.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe
"C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe"
C:\Users\Admin\AppData\Local\Temp\processgovernor.exe
"C:\Users\Admin\AppData\Local\Temp\processgovernor.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffe7ed46f8,0x7fffe7ed4708,0x7fffe7ed4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1380 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\SolaraB2\SolaraB2\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\Downloads\SolaraB2\SolaraB2\Solara\SolaraBootstrapper.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6272 /prefetch:2
C:\Windows\SysWOW64\msiexec.exe
"msiexec" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 8C6AB757B20ED6975E7821C549C995D3
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B58C4446993BF4092B0B8BB9F2A696D0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 767DDB0F8D66A9D7ECA61EECB08BBEA8 E Global\MSI0000
C:\Windows\SysWOW64\wevtutil.exe
"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
C:\Windows\System32\wevtutil.exe
"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe
"C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe" /install /quiet /norestart
C:\Windows\Temp\{BB35FD62-699C-4E23-AB27-0AED9DCE7196}\.cr\vc_redist.x64.exe
"C:\Windows\Temp\{BB35FD62-699C-4E23-AB27-0AED9DCE7196}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe" -burn.filehandle.attached=560 -burn.filehandle.self=568 /install /quiet /norestart
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6880 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Users\Admin\Downloads\SolaraB2\SolaraB2\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\Downloads\SolaraB2\SolaraB2\Solara\SolaraBootstrapper.exe"
C:\Program Files\nodejs\node.exe
"node" -v
C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe
"C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe" /install /quiet /norestart
C:\Windows\Temp\{A364DF02-0759-4824-9D1D-97FB2D99589A}\.cr\vc_redist.x64.exe
"C:\Windows\Temp\{A364DF02-0759-4824-9D1D-97FB2D99589A}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe" -burn.filehandle.attached=564 -burn.filehandle.self=672 /install /quiet /norestart
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pizzaboxer/bloxstrap/releases/download/v2.5.4/Bloxstrap-v2.5.4.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fffe7ed46f8,0x7fffe7ed4708,0x7fffe7ed4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6856 /prefetch:8
C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe
"C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe"
C:\Program Files\nodejs\node.exe
node "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\index.js"
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe" /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUF4DF.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUF4DF.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzY3Rjc0M0UtMUUxRi00RTNDLUJDQjktRkU5RDUxRTZDNzJDfSIgdXNlcmlkPSJ7M0YzNjhDMEMtNjRENi00QUJDLTk1MUQtQTFFNkJDRTAzOUY0fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4OTNDMDNGMS1GNTAzLTQ0QTgtOUEyMC04QTRDODY3REI5M0V9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4Ny40MSIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwMDg4OTEzNjY2IiBpbnN0YWxsX3RpbWVfbXM9IjkwNSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{367F743E-1E1F-4E3C-BCB9-FE9D51E6C72C}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzY3Rjc0M0UtMUUxRi00RTNDLUJDQjktRkU5RDUxRTZDNzJDfSIgdXNlcmlkPSJ7M0YzNjhDMEMtNjRENi00QUJDLTk1MUQtQTFFNkJDRTAzOUY0fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFOTVDQ0U2RC1BNkY0LTQwMDItQTI3RS0wN0MxM0M3MUQ1MEV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwMDkzNjYzNjkzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,6510081518465015745,6889165530756699016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\MicrosoftEdge_X64_126.0.2592.87.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\MicrosoftEdge_X64_126.0.2592.87.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\EDGEMITMP_3DEC4.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\EDGEMITMP_3DEC4.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\MicrosoftEdge_X64_126.0.2592.87.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\EDGEMITMP_3DEC4.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\EDGEMITMP_3DEC4.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0627B31-9B4D-44CD-8C4B-1565B7F89D7D}\EDGEMITMP_3DEC4.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.87 --initial-client-data=0x22c,0x230,0x234,0x214,0x238,0x7ff77921aa40,0x7ff77921aa4c,0x7ff77921aa58
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultb42e4f28hbe4fh492fh8fb5ha42fb77aadce
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x120,0x124,0x48,0x128,0x7fffe7ed46f8,0x7fffe7ed4708,0x7fffe7ed4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7703856339452478580,4852035626181014659,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,7703856339452478580,4852035626181014659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzY3Rjc0M0UtMUUxRi00RTNDLUJDQjktRkU5RDUxRTZDNzJDfSIgdXNlcmlkPSJ7M0YzNjhDMEMtNjRENi00QUJDLTk1MUQtQTFFNkJDRTAzOUY0fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCMjk2QkREQy1CQjgyLTQyRjMtOUIwOC1COTQxOERFRTgzMTh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI2LjAuMjU5Mi44NyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjAxMDMzMjM2NjUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMDEwMzQ4MzU0MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwMzE0MjYzNDU5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9iZGU2NGY0Ny04ZmEzLTRmNmMtOGJjZS1kMjc0MjQxYjZhMmI_UDE9MTcyMDg5ODkxNCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1GTCUyYjJjT3NXZU1vYXZoVmFjQ1k0dU42NTFGdjZjOHk1diUyZjMlMmZlRGp6JTJiMktURTc4czRmbFV3V2NaMFFJbkJpblRZeGRqcjI3Nm9CeXlJS3klMmZHMFB5NUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzMwNDEyMjQiIHRvdGFsPSIxNzMwNDEyMjQiIGRvd25sb2FkX3RpbWVfbXM9IjE0NzEwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjAzMTQzODM2MTEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMDMyOTAyMzQxNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjA3OTE4NjM0NzEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI0MTAiIGRvd25sb2FkX3RpbWVfbXM9IjIxMDc0IiBkb3dubG9hZGVkPSIxNzMwNDEyMjQiIHRvdGFsPSIxNzMwNDEyMjQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQ2MjgzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" --app -channel production
C:\Users\Admin\Downloads\SolaraB2\SolaraB2\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\Downloads\SolaraB2\SolaraB2\Solara\SolaraBootstrapper.exe"
C:\Program Files\nodejs\node.exe
"node" -v
C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe
"C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe" /install /quiet /norestart
C:\Windows\Temp\{4EB67AE1-E030-4865-8EDD-D9620713FA7D}\.cr\vc_redist.x64.exe
"C:\Windows\Temp\{4EB67AE1-E030-4865-8EDD-D9620713FA7D}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe" -burn.filehandle.attached=680 -burn.filehandle.self=708 /install /quiet /norestart
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
C:\Program Files\nodejs\node.exe
node "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\index.js"
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=5616.5900.4519421027839606793
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=126.0.2592.87 --initial-client-data=0x174,0x178,0x17c,0x90,0x184,0x7fffd1f90148,0x7fffd1f90154,0x7fffd1f90160
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,752637197804534151,447767067073100490,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1820 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1952,i,752637197804534151,447767067073100490,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2052 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2172,i,752637197804534151,447767067073100490,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2320 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3528,i,752637197804534151,447767067073100490,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4864,i,752637197804534151,447767067073100490,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3748 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5036,i,752637197804534151,447767067073100490,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5056 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.162.46.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 88.221.135.11:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 11.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.pics.io | udp |
| US | 54.243.40.217:443 | raw.pics.io | tcp |
| US | 54.243.40.217:443 | raw.pics.io | tcp |
| US | 8.8.8.8:53 | landing-assets.pics.io | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 13.224.245.98:443 | landing-assets.pics.io | tcp |
| GB | 13.224.245.98:443 | landing-assets.pics.io | tcp |
| GB | 13.224.245.98:443 | landing-assets.pics.io | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| NL | 157.240.247.8:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 217.40.243.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.245.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 74.125.71.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 156.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:80 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:80 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.nodejs.org | udp |
| US | 104.20.22.46:443 | www.nodejs.org | tcp |
| US | 8.8.8.8:53 | 46.22.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nodejs.org | udp |
| US | 104.20.23.46:443 | nodejs.org | tcp |
| US | 8.8.8.8:53 | 46.23.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 184.28.176.97:443 | th.bing.com | tcp |
| GB | 184.28.176.96:443 | th.bing.com | tcp |
| GB | 184.28.176.96:443 | th.bing.com | tcp |
| GB | 184.28.176.97:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 204.79.197.200:443 | bing.com | tcp |
| US | 8.8.8.8:53 | 97.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.23:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | aka.ms | udp |
| GB | 2.17.6.114:443 | aka.ms | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| US | 8.8.8.8:53 | 114.6.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.34.232.68.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| FR | 128.116.122.4:443 | www.roblox.com | tcp |
| FR | 128.116.122.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 23.200.147.8:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 4.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.147.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| FR | 128.116.122.4:443 | www.roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| GB | 18.244.155.22:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| FR | 128.116.122.4:443 | apis.roblox.com | tcp |
| FR | 128.116.122.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| FR | 128.116.122.4:443 | locale.roblox.com | udp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.131:443 | apis.rbxcdn.com | tcp |
| FR | 128.116.122.4:443 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.155.244.18.in-addr.arpa | udp |
| GB | 23.200.147.11:443 | images.rbxcdn.com | tcp |
| GB | 23.200.147.11:443 | images.rbxcdn.com | tcp |
| GB | 23.200.147.11:443 | images.rbxcdn.com | tcp |
| GB | 23.200.147.11:443 | images.rbxcdn.com | tcp |
| GB | 23.200.147.11:443 | images.rbxcdn.com | tcp |
| GB | 23.200.147.11:443 | images.rbxcdn.com | tcp |
| FR | 128.116.122.4:443 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | 131.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.147.200.23.in-addr.arpa | udp |
| FR | 128.116.122.4:443 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | clientsettings.roblox.com | udp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | udp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | tcp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 40.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| FR | 128.116.122.4:443 | assetgame.roblox.com | udp |
| FR | 128.116.122.4:443 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | contacts.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| FR | 128.116.122.8:443 | lms.roblox.com | tcp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| FR | 128.116.122.4:443 | trades.roblox.com | udp |
| FR | 128.116.122.4:443 | trades.roblox.com | udp |
| FR | 128.116.122.4:443 | trades.roblox.com | udp |
| FR | 128.116.122.4:443 | trades.roblox.com | udp |
| FR | 128.116.122.4:443 | trades.roblox.com | udp |
| FR | 128.116.122.4:443 | trades.roblox.com | udp |
| FR | 128.116.122.4:443 | trades.roblox.com | udp |
| FR | 128.116.122.4:443 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| US | 8.8.8.8:53 | sin4-128-116-50-3.roblox.com | udp |
| US | 8.8.8.8:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 8.8.8.8:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 8.8.8.8:53 | aws-ap-northeast-1a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | lga2-128-116-32-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-west-2b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 34.209.24.203:443 | aws-us-west-2b-lms.rbx.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| JP | 13.231.21.120:443 | aws-ap-northeast-1a-lms.rbx.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | 8.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| GB | 92.123.140.8:443 | tr.rbxcdn.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| JP | 13.231.21.120:443 | aws-ap-northeast-1a-lms.rbx.com | tcp |
| FR | 128.116.122.8:443 | lms.roblox.com | udp |
| FR | 128.116.122.8:443 | lms.roblox.com | tcp |
| US | 8.8.8.8:53 | 3.32.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.45.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.95.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.115.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.104.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.24.209.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.21.231.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.50.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| FR | 128.116.122.4:443 | presence.roblox.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:52127 | tcp | |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| FR | 128.116.122.4:443 | ncs.roblox.com | udp |
| US | 8.8.8.8:53 | aka.ms | udp |
| GB | 184.25.193.167:443 | aka.ms | tcp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| US | 8.8.8.8:53 | 167.193.25.184.in-addr.arpa | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| FR | 128.116.122.4:443 | ncs.roblox.com | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| NL | 2.16.43.25:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| GB | 13.224.245.39:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 25.43.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.245.224.13.in-addr.arpa | udp |
| N/A | 127.0.0.1:57715 | tcp | |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| GB | 184.28.176.40:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 40.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| NL | 13.95.26.4:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 4.26.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 92.123.140.40:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 40.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 184.28.176.56:443 | www.bing.com | tcp |
| GB | 23.62.195.195:443 | cxcs.microsoft.net | tcp |
| US | 8.8.8.8:53 | 56.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.195.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| FR | 128.116.122.4:443 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | aka.ms | udp |
| DE | 104.119.110.121:443 | aka.ms | tcp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| US | 8.8.8.8:53 | 121.110.119.104.in-addr.arpa | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | clientsettings.roblox.com | udp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| FR | 128.116.122.4:443 | apis.roblox.com | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| N/A | 127.0.0.1:53649 | tcp | |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.40.68:443 | kit-pro.fontawesome.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 104.18.40.68:443 | kit-pro.fontawesome.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 204.79.197.239:443 | tcp | |
| US | 8.8.8.8:53 | 239.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 92.123.142.59:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 59.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
Files
C:\Users\Admin\AppData\Local\ProcessLasso\config\prolasso.ini
| MD5 | 24a75fe52d2799fe8f5dd3f8069fd335 |
| SHA1 | 8f8da9775498c9b8dbc2360d7d5c7c19d7034e1f |
| SHA256 | d1ee39d4b63ce730ec518691e9f9e5cb5752ae06b83acd5abf5a01031164fc04 |
| SHA512 | 40bffda27b7ce8a690f1af31b91eaff6893db842e1e4c502720027ba00f464b69bff0862265d141477f9956776489d5db7e2650bf50513b63b4ab23a507d072e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2e57ec8bd99545e47a55d581964d0549 |
| SHA1 | bd7055ea7df7696298a94dedfc91136e3b530db8 |
| SHA256 | a50ba35608edc2f3360cc71be0d4b29bba0e3382d1f08f24df5322ce2ad2443c |
| SHA512 | 6b9b73d983c472149629c842e16e4f7c2f8a0a3bb6dd64837ef647db810ef1beb3a02b15dc1eec2c5de8aee6b3ca195c7d26c432705061c5b0ec7841a5bbf106 |
\??\pipe\LOCAL\crashpad_4908_CEDBWJDQDLKZITVK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e81c757cdb64c4fd5c91e6ade1a16308 |
| SHA1 | 19dc7ff5e8551a2b08874131d962b697bb84ad9b |
| SHA256 | 82141d451d07bdb68991f33c59129214dd6d3d10158aeb7a1dc81efbc5fb12b3 |
| SHA512 | ba8de0b3b04fec5a96d361459dde0941b1b70f5be231fdec94806efa3ecf1e8faf8e27b1800fa606dc4a82e29d4cf5109b94109e5ad242ddf9f4671e2acbcfbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7e1db7d2143bce1f2a3a9855f0d15c7c |
| SHA1 | 143cee146faeae86978d9583b7326667bf0ee985 |
| SHA256 | d9d5d62aa9c85f49b1be39f7a6fa781f2269584bc26abea8633e0a10f9ecc072 |
| SHA512 | dbfef420adea225fc6034da7ae9879d03b29fa5cfa40e4811ef4e482708fd0293d45024582324e61891e385dd2187b77e4da34e93dc550a368c267aff73fea93 |
C:\Users\Admin\AppData\Local\ProcessLasso\logs\processlasso.log
| MD5 | bdfb7e7debc745cb9fa598196f8d9924 |
| SHA1 | a121df0c25a11ea3102b3faba757fac67b00d498 |
| SHA256 | cb6249b2d68689b347d71b1c93428062803d1970dc5a3b007a0ea9cbb4eeef9a |
| SHA512 | eda5394942ac483da61f3eb117867eeae94736d4a9aecca8c8558b6e4382e4049a9c0766b3c53759f294f4d223e2fd810d68ba01be69423466b0ec6e65a5678d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ff696a1d07aa75506f358f820fbf37c6 |
| SHA1 | 0d0442bfa5a82ec87dcce0507ec7e8024764e636 |
| SHA256 | 196a02630af41f456f5a8d4cf6bbdfb3c6b66e9dbbf180814f46e19f1a4f9916 |
| SHA512 | 23d50678468ca5ad93d33f720b2c9f354716bbad2486622e6b5b4df229121b5ac4d690dc4defd0c1608280a1f6a531e929883613a4f0d24b2f427da51661af52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4dff9f224f7eddb69b4aad43b311a1c7 |
| SHA1 | 3c912c349f2b8bc5ef42bca50df6a00f4acdce9d |
| SHA256 | 9180ba8b3e0f89a3f9cb9a924444fc878aac60d788f9c4e87a7a07bf6657df9f |
| SHA512 | 01715b6b03ace786b78638b98be5fc28e5507cd9186517b8a76e47190b7b744d34f3b20cac5699ae32c7a1e503c7c17da5a6fbbbc664c0e87ac0550263ca8cba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 075e52554336af57b0bcf2a76d1e053e |
| SHA1 | 055d65f5732d3c44251d449d7219be437703d7d7 |
| SHA256 | 737e2b84a4a172c6b4be528559be444c5c4006912e10da9cfcaa56fa7e800e80 |
| SHA512 | 33dc1551660e74b4f42520d3059f7418c19b1836bc32994e1677952a900992c58e51351294075c98facf8b7318912dd725f13a54423ab3e5ae78af25fb746016 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1c8eefbeef8d11cb78a08d0abf35407f |
| SHA1 | 2f2622466418cc5e11932600889756ee46aec9db |
| SHA256 | 3825b1b3ea4fe69aa3c1e7028b4b23ca28c5960b2cb05aec5745d0c8f5c02735 |
| SHA512 | af490f2ba7ae64fba64a18b5a2aac557e7b1b09e7f0947e5306630332864d9d80230bfa3ea37e307b7ecece3250d7fa46335f577847b7b58d34f8bbdbd795e49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d10185ca0f6465076d299ccbfd850d1a |
| SHA1 | bb0781a85fa3845329f1b7c9be97889eafcf4b40 |
| SHA256 | 96cc60d8a2a4574484f30239d8670fd860d6b79b6138669f409026b6b70b9a5e |
| SHA512 | ae47e3ab064815c7a38e3284fd4b886ec63674fb9cb6c85c0323c35f0ce2eeb1249e6863b309b95a6800d5acb0103728c604ca4305c34e793eb10aa0e24879c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 118db28492d4294882f6c4f727d3affc |
| SHA1 | 74dc27c68ccfbc10ddf8028cdfde309bbde79379 |
| SHA256 | da86ede150f90fbe61cfbb822fe260a7349c207355bc3c652f360965b8d4c223 |
| SHA512 | fbcc1952630f9f7fbbd597d618dd3783cc043eaff6bbfc364440b54c5adcce814b45ea9fe190b908a9fff8297222a1500edd4ffee727bd617c533a4ef8749242 |
C:\Users\Admin\Downloads\SolaraB2.zip
| MD5 | ea418b261e24a56105a6d328b60e9cc7 |
| SHA1 | 4f89568a40fff23b381eb1009a764cc7eaf6580c |
| SHA256 | da9098d4713d46c44b95758bdf17e3d2fa1633b3130c7be47b7111132dc051ff |
| SHA512 | 95a04802ae713e00940b6ddb55bc75ea7d3450cf31b5fb9d55f0b44aa3629bbf2695d979e1cdef244b4df987db89475cb7185f648cdaffbaa8189e3187dcc8de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0c8332cced51dd27b11839b9f11afb1f |
| SHA1 | c1924c91fc14060d7c4097da78f20c556a73fc72 |
| SHA256 | 5514b16f166fd3dd5427bf17ad01806b6d7aed1e20a7077b3dfaa21c33b1e95a |
| SHA512 | 5e46e911b9ab21e240b6e09077b3e00e8bc6b3ef5dc1187be68d5012dd09f07d9459782aea96edcc420404ae63e31b42e948250f55e70257a7382ae8513069de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8558b4cadc65bbf9b9ff354a9f04c41c |
| SHA1 | f472be210574a6d1bb05ba335cdb5220e4be07fd |
| SHA256 | f88404437eaeb2432e65a19c77a8228c27eb36b50dc63a52df314ede7b9855d4 |
| SHA512 | 524f74506a6002489a420aa3dca1110386a6e7d6173d0b6b344dcfbc13a1395a8197862890300aacd3836b69d6c4b15b3219e0d4cb903e3a8e411f92320189fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe6ad341.TMP
| MD5 | d776ae7aaa704f2343254e7d412ce036 |
| SHA1 | b637f483e2d6d218614a829afc6516e8a60a438f |
| SHA256 | 84dbeb9451ff49bf71a9e6a2efdcab1174e3c83732ce7b16d6456e27fff38616 |
| SHA512 | 927de9290e26467bebac5066f97fcbde60e09d670edd10254379f12f70873f59e4fbf00291dbb9daf64d875845a736fe1ff3541bafc1191152929152916f1415 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0d1bd43807583a59eefcb8c89a5caeed |
| SHA1 | 92c24be80dd20898361d58f870c39758e5cf2493 |
| SHA256 | 7cc84067a5f5921143f4befcdd8e7c8c01eb4d1712577d5f14da187e941eb4c0 |
| SHA512 | a534df6ff9e38b7fe38b500bb8b9f62ea56825f2590651b7c1f3062b3deae191123f0134bd6f764d9442f7af1e1b01908d6a7ce0c76a7a877235e61cc393dc72 |
memory/2320-218-0x0000000000C20000-0x0000000000CEE000-memory.dmp
memory/2320-219-0x0000000005B50000-0x00000000060F4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi
| MD5 | 0e4e9aa41d24221b29b19ba96c1a64d0 |
| SHA1 | 231ade3d5a586c0eb4441c8dbfe9007dc26b2872 |
| SHA256 | 5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d |
| SHA512 | e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913 |
C:\Windows\Installer\MSI1B95.tmp
| MD5 | 9fe9b0ecaea0324ad99036a91db03ebb |
| SHA1 | 144068c64ec06fc08eadfcca0a014a44b95bb908 |
| SHA256 | e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9 |
| SHA512 | 906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176 |
C:\Windows\Installer\MSI1C33.tmp
| MD5 | a3ae5d86ecf38db9427359ea37a5f646 |
| SHA1 | eb4cb5ff520717038adadcc5e1ef8f7c24b27a90 |
| SHA256 | c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74 |
| SHA512 | 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0 |
C:\Windows\Installer\MSI2185.tmp
| MD5 | 7a86ce1a899262dd3c1df656bff3fb2c |
| SHA1 | 33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541 |
| SHA256 | b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c |
| SHA512 | 421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec |
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE
| MD5 | b020de8f88eacc104c21d6e6cacc636d |
| SHA1 | 20b35e641e3a5ea25f012e13d69fab37e3d68d6b |
| SHA256 | 3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706 |
| SHA512 | 4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38 |
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE
| MD5 | d2cf52aa43e18fdc87562d4c1303f46a |
| SHA1 | 58fb4a65fffb438630351e7cafd322579817e5e1 |
| SHA256 | 45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0 |
| SHA512 | 54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16 |
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE
| MD5 | 7428aa9f83c500c4a434f8848ee23851 |
| SHA1 | 166b3e1c1b7d7cb7b070108876492529f546219f |
| SHA256 | 1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7 |
| SHA512 | c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce |
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license
| MD5 | 5ad87d95c13094fa67f25442ff521efd |
| SHA1 | 01f1438a98e1b796e05a74131e6bb9d66c9e8542 |
| SHA256 | 67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec |
| SHA512 | 7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE
| MD5 | d7c8fab641cd22d2cd30d2999cc77040 |
| SHA1 | d293601583b1454ad5415260e4378217d569538e |
| SHA256 | 04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be |
| SHA512 | 278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js
| MD5 | bc0c0eeede037aa152345ab1f9774e92 |
| SHA1 | 56e0f71900f0ef8294e46757ec14c0c11ed31d4e |
| SHA256 | 7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5 |
| SHA512 | 5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3 |
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts
| MD5 | f0bd53316e08991d94586331f9c11d97 |
| SHA1 | f5a7a6dc0da46c3e077764cfb3e928c4a75d383e |
| SHA256 | dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef |
| SHA512 | fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839 |
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE
| MD5 | 072ac9ab0c4667f8f876becedfe10ee0 |
| SHA1 | 0227492dcdc7fb8de1d14f9d3421c333230cf8fe |
| SHA256 | 2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013 |
| SHA512 | f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013 |
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md
| MD5 | 2916d8b51a5cc0a350d64389bc07aef6 |
| SHA1 | c9d5ac416c1dd7945651bee712dbed4d158d09e1 |
| SHA256 | 733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04 |
| SHA512 | 508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json
| MD5 | d116a360376e31950428ed26eae9ffd4 |
| SHA1 | 192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b |
| SHA256 | c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5 |
| SHA512 | 5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a |
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE
| MD5 | 1d7c74bcd1904d125f6aff37749dc069 |
| SHA1 | 21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab |
| SHA256 | 24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9 |
| SHA512 | b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778 |
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md
| MD5 | e9dc66f98e5f7ff720bf603fff36ebc5 |
| SHA1 | f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b |
| SHA256 | b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79 |
| SHA512 | 8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b |
C:\Program Files\nodejs\node_etw_provider.man
| MD5 | 2a6686d512ee9ba8b75e0bce9a794770 |
| SHA1 | 465e00320c74d4481a5e7e7242aaeb60d02e2fab |
| SHA256 | 5afa5bcab0d66f0dc65ccad359650730ace53dff1d891cd33a9f54aa43d34419 |
| SHA512 | ff44d6f3e7be06c98077a00854edb0ca122fc5c98c976f86787c7b003d224f62c1079412e7c5cdb36c2a6df0825dd17ccbffe44eb264fa63e3d1e44654af74b2 |
C:\Program Files\nodejs\node_etw_provider.man
| MD5 | d3bc164e23e694c644e0b1ce3e3f9910 |
| SHA1 | 1849f8b1326111b5d4d93febc2bafb3856e601bb |
| SHA256 | 1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4 |
| SHA512 | 91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url
| MD5 | 35b86e177ab52108bd9fed7425a9e34a |
| SHA1 | 76a1f47a10e3ab829f676838147875d75022c70c |
| SHA256 | afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319 |
| SHA512 | 3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url
| MD5 | db7dbbc86e432573e54dedbcc02cb4a1 |
| SHA1 | cff9cfb98cff2d86b35dc680b405e8036bbbda47 |
| SHA256 | 7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9 |
| SHA512 | 8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec |
C:\Config.Msi\e6b1781.rbs
| MD5 | 46af2bcbfc3bdc1292d3871d650652a1 |
| SHA1 | e6ed4cc951424f5ac43b2899b6c166290e02a2da |
| SHA256 | b253d3045e87d246e1031cd457ab4efa7fdf6254edf92ec06ae2b8756a089984 |
| SHA512 | 46ca94c92e00b0b8bb413e9379da87f99233c9f152e8272321d44f9c2a9013757d9315f07a3039c851ed6bea9b27f56907482fa362e04b3ad9395edb81835e04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e2a3cdecc2f9f6e86593b70bd76f1be3 |
| SHA1 | e77d188274e1a8b6870fd6e7ee8b6266d70e9663 |
| SHA256 | 959499ec047f2396b732bab8fc98a6df423b96640d7e654fdda180ea43343dd5 |
| SHA512 | e1a86cfda6f38894dd72d813ca0ab3f87777abd040b56e10f3bd5b961534b6126a371ec18086f5e9ad787086980de2944c5c6d38b26cf1019f1059f79e0c00ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ec1b39c10bd3e63aebd548ed0b9f7085 |
| SHA1 | 6f6d388075856d6902ede47c51574e9c8c3d8fe8 |
| SHA256 | 92ef8b4207100d5ef994b5d4d29c199950a23a032807ed6cb890e5d92c38fceb |
| SHA512 | 6a34069738922662cf19a70275d9040eed96706171851c94ac1662c864a062cb69a53f01eeb28892d338d0a8bf7fb757b931fe3314b3d986db5f13b200b2824a |
C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe
| MD5 | e091e9e5ede4161b45b880ccd6e140b0 |
| SHA1 | 1a18b960482c2a242df0e891de9e3a125e439122 |
| SHA256 | cee28f29f904524b7f645bcec3dfdfe38f8269b001144cd909f5d9232890d33b |
| SHA512 | fa8627055bbeb641f634b56059e7b5173e7c64faaa663e050c20d01d708a64877e71cd0b974282c70cb448e877313b1cf0519cf6128c733129b045f2b961a09b |
C:\Windows\Temp\{BB35FD62-699C-4E23-AB27-0AED9DCE7196}\.cr\vc_redist.x64.exe
| MD5 | cb264f7d256b42a54b2129b7a02c1ce3 |
| SHA1 | d71459e24185f70b0c8647758663b1116a898412 |
| SHA256 | d6aaee30c9b7edeac6939f78f4a55683c6358d9cc03dac487880d01f18700e83 |
| SHA512 | 4f623f5d21bc216f3dd040e6d0c663a8ea37efe5d0ce5f4aeb1ef5c1f7c873e19d1abc979d3e40d4dc70e2e4f0fc9a1b114b17d9eb852ea9a41d0f84356cd7cb |
C:\Windows\Temp\{F7E8859E-BC85-49DB-BD88-74A2297DD146}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{F7E8859E-BC85-49DB-BD88-74A2297DD146}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
memory/2320-2870-0x0000000006960000-0x00000000069F2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c61db5f4c3640ed38de244f02c6da0bc |
| SHA1 | e3fe7a0d2efefeb2b3e55b38b5b467e958313fd2 |
| SHA256 | 3145aa8a17f5cd722fa782dd2a79e9a4020df4edf64489de477ef96a43b02e25 |
| SHA512 | bba5e4e58b7e11e5404321e40ce501e95c2b0b27f605b7343e15453e2c877ae2e76229cf8b1e34fc8b4cb850e590986ee3fd4ded15c41606348e73fc66c1f268 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 32ee65ebebb44fe88e5dd7c5af5ef7ca |
| SHA1 | 3632cbea90e4d0b0256627f06cfd2c2e43c049f3 |
| SHA256 | 069ad995f0f13975723fd8bdb721e4b57b4ca801593a57231dfa5c519b3d3ff2 |
| SHA512 | 03ff668595e2af16a5053ea2b8b275463996587fef5785b53697d07ba56929d48a6b564a597630b4b6d57de046e381b41ab4abb579402bc7c134ae6740aab58b |
memory/2320-2898-0x0000000006DF0000-0x0000000006DFA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ccfd59fdc24ed0184561dd66197a9ea5 |
| SHA1 | 570f30e2d72a76198c7e223bca74de7bb3fb7319 |
| SHA256 | e41d2630197b4808ed069c9eea98b59b100294d50a599811c67317965fe55fb7 |
| SHA512 | 77db0ca4556292ee5875c639f15281fbd69afcfb7d45881dd5e0c02ad191dd00e5fe7835ecaf8e7d26ca2779a9685804d170d6a8db2200c78343bb60c4746b4b |
memory/2320-3107-0x0000000000DD0000-0x0000000000DE2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bf439e87a70b2a320f048a8fc8a71879 |
| SHA1 | 1942384526e350675e8b0c36b1435d85b99e3222 |
| SHA256 | 520b3cfc164e29c81e8e64975f19383bc37025efd3f5da1b40dd5c84ffc90f21 |
| SHA512 | 925e0855c2a276b2f1a3d389bf1e285b4482790d11636c2015aee8eeb4d08faf4adf4632232c252680181a343c72b98da42c9232809b02ced2779503a08dad20 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
| MD5 | d0104f79f0b4f03bbcd3b287fa04cf8c |
| SHA1 | 54f9d7adf8943cb07f821435bb269eb4ba40ccc2 |
| SHA256 | 997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a |
| SHA512 | daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
| MD5 | c2ab942102236f987048d0d84d73d960 |
| SHA1 | 95462172699187ac02eaec6074024b26e6d71cff |
| SHA256 | 948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a |
| SHA512 | e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
| MD5 | c28b0fe9be6e306cc2ad30fe00e3db10 |
| SHA1 | af79c81bd61c9a937fca18425dd84cdf8317c8b9 |
| SHA256 | 0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641 |
| SHA512 | e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
| MD5 | 13babc4f212ce635d68da544339c962b |
| SHA1 | 4881ad2ec8eb2470a7049421047c6d076f48f1de |
| SHA256 | bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400 |
| SHA512 | 40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
| MD5 | d84e7f79f4f0d7074802d2d6e6f3579e |
| SHA1 | 494937256229ef022ff05855c3d410ac3e7df721 |
| SHA256 | dcfc2b4fa3185df415855ec54395d9c36612f68100d046d8c69659da01f7d227 |
| SHA512 | ed7b0ac098c8184b611b83158eaa86619001e74dba079d398b34ac694ce404ba133c2baf43051840132d6a3a089a375550072543b9fab2549d57320d13502260 |
memory/5332-4573-0x000002824D270000-0x000002824D28A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 75a45a5495930a1934f81b3a30d15aa6 |
| SHA1 | 4b6a5a78c1b13a1cb674cc2cee8cd91755f5e394 |
| SHA256 | 54f3864530c3ccdaf23f942e7fb36e8fbcd8220b91830e04db15dcd13d5d25a1 |
| SHA512 | 0180173f44b53df418db5c169e0288aaa91c5062a4e3fc720a2b539cf484c5a812bcc6d1badbca2fec6836652c8814de86d606f41efe6ddbeebf57d4b45d8ced |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
| MD5 | aead90ab96e2853f59be27c4ec1e4853 |
| SHA1 | 43cdedde26488d3209e17efff9a51e1f944eb35f |
| SHA256 | 46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed |
| SHA512 | f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d |
memory/5332-4584-0x0000028267F80000-0x00000282684BC000-memory.dmp
memory/5332-4585-0x0000028267A40000-0x0000028267AFA000-memory.dmp
memory/5332-4587-0x0000028267B00000-0x0000028267BB2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Newtonsoft.Json.dll
| MD5 | 195ffb7167db3219b217c4fd439eedd6 |
| SHA1 | 1e76e6099570ede620b76ed47cf8d03a936d49f8 |
| SHA256 | e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d |
| SHA512 | 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac |
memory/5332-4588-0x00000282679C0000-0x00000282679E2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
| MD5 | 34ec990ed346ec6a4f14841b12280c20 |
| SHA1 | 6587164274a1ae7f47bdb9d71d066b83241576f0 |
| SHA256 | 1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409 |
| SHA512 | b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0 |
memory/5332-4590-0x0000028267A00000-0x0000028267A0E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
| MD5 | 851fee9a41856b588847cf8272645f58 |
| SHA1 | ee185a1ff257c86eb19d30a191bf0695d5ac72a1 |
| SHA256 | 5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca |
| SHA512 | cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f |
memory/5332-4592-0x0000028267E80000-0x0000028267EFE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 512de6587f0ea32fc0a2322ca0e0d21d |
| SHA1 | 6612d8c4fd4b9277e8311d0daee1d66ec97a2290 |
| SHA256 | bf57fa4d979800a4184053aeddc2987b2c052f1a6323d849f6043a61592b11c7 |
| SHA512 | 5848ce55bd6d6a791948eedc97fa5a0ab6b80964b0ef93f9ba88ecbbfe52967ffb3232d701617d0693086cadb2a140f9900cd963f9884614f3ef1eeeaeb1f492 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3ec175110da4f6648876081c91e48591 |
| SHA1 | c6208b71204df8fe16fb06aba3c0a4139c96dd28 |
| SHA256 | ec417087a497896a4bb37d559045cbb210133730cd881079f837ae28cdb2047b |
| SHA512 | a0f14078cd79472bc47cf34d872fdbafee4ffa81b9ea8d643a0da3c4eedee7baad522470ebeb9861c57942e5f494e941b19b04f5798996a7a69bb4212cd0acf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9e9320a1367e057e1f15a1e0c24d42d1 |
| SHA1 | 9b0d02433a398364abdfda39d0b4d0ce9152ee58 |
| SHA256 | a9c4ddef87532a79958c7588039a45da4727b47d532121421bfab29025e24d94 |
| SHA512 | 8f47746051a3320ed125f2cf0a5c7231299d405941de28ce3e99bc59b4221856acbecb3358411fd72d5281b509f736b0cc5ae607fa455aea8225c3bce16a7c8d |
memory/5332-5105-0x0000000180000000-0x0000000180B0D000-memory.dmp
memory/5332-5107-0x0000000180000000-0x0000000180B0D000-memory.dmp
memory/5332-5106-0x0000000180000000-0x0000000180B0D000-memory.dmp
memory/5332-5108-0x0000000180000000-0x0000000180B0D000-memory.dmp
memory/5332-5110-0x0000028267E70000-0x0000028267E78000-memory.dmp
memory/5332-5112-0x0000028267F70000-0x0000028267F7E000-memory.dmp
memory/5332-5111-0x0000028268860000-0x0000028268898000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 020f733a015a764589539c5d38924045 |
| SHA1 | 537b5c1bf9d2f94e07edca42a88b2eb1ceff07f6 |
| SHA256 | 4e80947653696b44f70bab8d5247c3baa46574c4d0ce2803cf0c83a60bb0ea9c |
| SHA512 | a78cd64077e10a0145cdf609d822639f40e99fa539b85b422e03b8d075e5b8d98d457825d86800531067a2611867f3ab861d484570db9b7b8d89d60765f6b435 |
memory/5332-5123-0x00007FFFD9840000-0x00007FFFD9864000-memory.dmp
memory/5332-5122-0x0000000180000000-0x0000000180B0D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2573ca06889caf8d2f8f68e505d4f59f |
| SHA1 | ca60f8cb6392929dc9b0f757e92a5a0e01138eb3 |
| SHA256 | d5b24747c8275e093e4d2f188bae0fe71e72f605a04b7969b0be5ae77b9c2ce3 |
| SHA512 | 6b9dc17d4596b45a086a3b71faf7ebf92600cdf50ee00551ad276880c480151a84bbba689bc86a65c70e5fb20ef0f409288242255e38ec5af433f3cde6fa2371 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a8037f85d61915ce1297fccc2d097a16 |
| SHA1 | 3daaa030ad0d48b1fc9290c85acc63c37064f299 |
| SHA256 | 72b67900ab3e8f6ae9370ca4123a6ad1e1ed9230a18ce7e921bee2ac0a23876e |
| SHA512 | 748d8722a54a936b0dafa32389b50418df1ae4e161af791714c0cc27c1ab9b27bce158e4c9c525aa4fa1ad9f002510a86a98578352d9cd5e2d1a319c6fa27168 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cc76cb8fad0c96d276e46fe27da36501 |
| SHA1 | 8f90c2c69b96847098cf53af2ef7cba55eca0eaf |
| SHA256 | cc08c60b27aa7733648298d7d63f491bba65a5cfe3be8dae4181c3e126eb8875 |
| SHA512 | 8717910829685c9eecab3c6424fd10678998143ab3bdc9f6f6d39542c969f5484dd28ef4c33286c050feb50b9be5bb46cd5d89294f8a9bec0cc4b0ae885e95d2 |
memory/5332-5151-0x0000000180000000-0x0000000180B0D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 859ac8fbf1304f3700771221bc385a1e |
| SHA1 | b2e761491b3c5151300274a42d0954db8b9cdc72 |
| SHA256 | 6d25a9cd89eb73b8e8c2d4fa92411764a0f123e74e30a924afd80396974c0805 |
| SHA512 | aec6ca2e65aebccc83e3bf678ef65b80a373c04e9499bb884da35a08909c7340bb15743eda56a7156a7b8631320cf66f604a7c29ffc830107873a9d7a5393c8a |
memory/4344-5171-0x0000014BB2E70000-0x0000014BB2E71000-memory.dmp
memory/4344-5172-0x0000014BB2E70000-0x0000014BB2E71000-memory.dmp
memory/4344-5173-0x0000014BB2E70000-0x0000014BB2E71000-memory.dmp
memory/4344-5183-0x0000014BB2E70000-0x0000014BB2E71000-memory.dmp
memory/4344-5182-0x0000014BB2E70000-0x0000014BB2E71000-memory.dmp
memory/4344-5181-0x0000014BB2E70000-0x0000014BB2E71000-memory.dmp
memory/4344-5180-0x0000014BB2E70000-0x0000014BB2E71000-memory.dmp
memory/4344-5179-0x0000014BB2E70000-0x0000014BB2E71000-memory.dmp
memory/4344-5178-0x0000014BB2E70000-0x0000014BB2E71000-memory.dmp
memory/4344-5177-0x0000014BB2E70000-0x0000014BB2E71000-memory.dmp
memory/5332-5184-0x0000000180000000-0x0000000180B0D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 523bcd369a7c5e36f338a08dab757c63 |
| SHA1 | d9181b58088550fcd3cd8c9eb301d5238e30cf03 |
| SHA256 | eacdba1a52261f32786b7831138d104931090465e9cacfbad2a0d1d78527d0b6 |
| SHA512 | 0c61a4c0e2e6c5e5a9bf4f3c9929b261fdb6b37503a063f3c4629b5f461707fbd2c979a524b321259655077e0347ec90675cf0646396da588cfe8972c3b57994 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 09b5769920a1b44b946760098478e523 |
| SHA1 | d7be333c8405b1975131bcd7b95b25be5245d400 |
| SHA256 | 61e3b158067fdb27ee6cfee54044a070d76c5b3ce4186e70981609d1eecd7bfc |
| SHA512 | cc47eb57e25e6eac850b7f305bdffb33b452a8977e1a06871d8a70044bbd115f13a67926b69034d9937d842b02f52e9d6ad8930e1563d12e1a836729b99b9969 |
memory/5332-5204-0x0000000180000000-0x0000000180B0D000-memory.dmp
memory/5332-5206-0x0000000180000000-0x0000000180B0D000-memory.dmp
memory/5332-5211-0x00007FFFD9840000-0x00007FFFD9864000-memory.dmp
memory/5332-5212-0x0000000180000000-0x0000000180B0D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c2c36663c4cb6727956f73464792d1bb |
| SHA1 | 046bd52aa437a9c623898906a652de227f4a47ec |
| SHA256 | 594aa2d241f3a037ad64027c175bcd6b3179b77bcc643ba3629778a1201659f3 |
| SHA512 | 6a99d1422aa8e0b61d86bbee7e005c083c9c87a7773f330397a4f9056d4748dd447c8c6bee93eb8934d8c07adc138b61152f4041c186c714000d990e224976da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c18287d341e95899689f1133df0c1aff |
| SHA1 | bcee1a9b970d322f904da1e748838d910a5402fc |
| SHA256 | 6f49a0b4d853505038741b7b42de4d82b1f2170822ee61365b81540c61f28629 |
| SHA512 | f51d9c65574bbff301fac8cdabe68997c5008e2f064b9480d56f0f4849a722c9ca992933bbf57f8b0d46d975b20c265eb3af014e210079d2a14ad1ebb13407aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1cd5487571b12ff983f5b12f7bffd714 |
| SHA1 | e1237ccff8926a6a7ecec4ff0ec6c396aae4cf6d |
| SHA256 | 4577a2f907efd5580e178bab0d73484ee2df10c8f8ded10016ba0a69eb27057e |
| SHA512 | 956759efd431e5b3d6fec5896d04d42133afc54d70c8f60dd977510558a6c5ee92b278f977772ddd91c64b54da9de20abbd430c846af6d002dc1242f662d19c1 |
C:\Users\Admin\Downloads\Unconfirmed 243558.crdownload
| MD5 | dbb820772caf0003967ef0f269fbdeb1 |
| SHA1 | 31992bd4977a7dfeba67537a2da6c9ca64bc304c |
| SHA256 | b2ac1e407ed3ecd7c7faa6de929a68fb51145662cf793c40b69eb59295bba6bc |
| SHA512 | e8ac879c7198dffb78bc6ee4ad49b5de40a5a7dbbda53d427d0a034941487d13c8bb2b8d590a1fcdd81cd6abb8f21fdfcd52924eb00c45a42ee06c1e4b3d590f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 86e6485bd0d0ff8284189e7dc486a48e |
| SHA1 | a7d31e38698f9447f49efc3280cf34eb9f52bc89 |
| SHA256 | a99d7af88ee29279eb094cf1cbc04e24c9efec484a8b75d567c6fd5deab045be |
| SHA512 | bef6feaeb463c63756e0e32a664380f625113ce4eea324a345a58acc051afdf51d4c967baec45117cae5d148e2ff8203281d0539ca80c2627f0b1f82d1f5d4d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9a73b3c862cb33dfdce0caa0fd37f9d6 |
| SHA1 | a8d5c572278a7c59a36685ccbd4430f51415b68a |
| SHA256 | 4650239ce7e0e7c6762d285c49f665a2fb909ac84e631dde5f4c058e4ab46f3b |
| SHA512 | a9d8abd23b76b2d90aebdc803d98e680eeb500e00d071a4d622ebd303e2e90ae935f4505dabb118b39e8e4abade0ae717d46951d2f9f5e606f0f1261d4cd099e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d6a037d2-d1aa-40bb-89dd-2d4cd2548d6e.tmp
| MD5 | 2c2bb2db71d89fe0477cc8c0a3e74000 |
| SHA1 | 5a73649d21b5608150d6a8b0602a1e54512f226f |
| SHA256 | 8e7708cf32da7b58e9210380633d7c501ddba10aedf7f5499aabf3c11aba5ed8 |
| SHA512 | 1753b4a7d3c7243d424148f12213e6103df0a253e238facc81e54c49b079c9ef093dd9a792e4acc968f7d0a5c339ade001c85b41406b910706651f73b048931e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aa0db30fed862e13f81b4143a10bd1a3 |
| SHA1 | 9480fc80b99c59ef0d3c25b63b813942b2c3c10c |
| SHA256 | a6fe80cbd3721a642658c1de985db270a49d22c47558d51d70b54d2d6b50a72e |
| SHA512 | b68bb1c7004b8337ee7c4117973c2ded20fd031379a589e987b69ae5b09da0346e77a463b0c867d6d821e693fda5fc0f7fbe30da6b71208b7bd7398eed95f69a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 422005b57e913f5b508f60df50ad4127 |
| SHA1 | c2c59398e8a4c63a93069b464ce1ab85ba38f5a5 |
| SHA256 | cda1c597b678bfbe0112de85c043db4ec95653906caa24c4876c3f5b00e95ed7 |
| SHA512 | c5a5301c3c7fac0c71072c6428d5e2f54ccce7727671bdc291c517d2ddb101edcb1c1ff7cfa7b04507cda009f95caa310eaeefcf3673955489d2b258de6652a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b0e02847163bb8035852d29ae6e3ede7 |
| SHA1 | 7a98a8d2c86b8393c6118715e183c998af5397c1 |
| SHA256 | a29c1ce632df2605f9d8c7b00b371c421131c23acdb3aa25d415f6c0df96621d |
| SHA512 | 9c26901d053d4baefdb5d67450313f02a68838d8bfee59a24e23fadedd690e8f66470ddae86878b7729081ed95b2bced5f535b5eedb080c5e4aa55ff3bd3e61b |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\configs\DateTimeLocaleConfigs\zh-tw.json
| MD5 | 702c9879f2289959ceaa91d3045f28aa |
| SHA1 | 775072f139acc8eafb219af355f60b2f57094276 |
| SHA256 | a92a6988175f9c1d073e4b54bf6a31f9b5d3652eebdf6a351fb5e12bda76cbd5 |
| SHA512 | 815a6bef134c0db7a5926f0cf4b3f7702d71b0b2f13eca9539cd2fc5a61eea81b1884e4c4bc0b3398880589bff809ac8d5df833e7e4aeda4a1244e9a875d1e97 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\configs\DateTimeLocaleConfigs\zh-hans.json
| MD5 | fb6605abd624d1923aef5f2122b5ae58 |
| SHA1 | 6e98c0a31fa39c781df33628b55568e095be7d71 |
| SHA256 | 7b993133d329c46c0c437d985eead54432944d7b46db6ad6ea755505b8629d00 |
| SHA512 | 97a14eda2010033265b379aa5553359293baf4988a4cdde8a40b0315e318a7b30feee7f5e14c68131e85610c00585d0c67e636999e3af9b5b2209e1a27a82223 |
memory/5228-5973-0x0000000180000000-0x0000000180B0D000-memory.dmp
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\Cursors\KeyboardMouse\IBeamCursor.png
| MD5 | 464c4983fa06ad6cf235ec6793de5f83 |
| SHA1 | 8afeb666c8aee7290ab587a2bfb29fc3551669e8 |
| SHA256 | 99fd7f104948c6ab002d1ec69ffd6c896c91f9accc499588df0980b4346ecbed |
| SHA512 | f805f5f38535fe487b899486c8de6cf630114964e2c3ebc2af7152a82c6f6faef681b4d936a1867b5dff6566b688b5c01105074443cc2086b3fe71f7e6e404b1 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\[email protected]
| MD5 | 55b64987636b9740ab1de7debd1f0b2f |
| SHA1 | 96f67222ce7d7748ec968e95a2f6495860f9d9c9 |
| SHA256 | f4a6bb3347ee3e603ea0b2f009bfa802103bc434ae3ff1db1f2043fa8cace8fc |
| SHA512 | 73a88a278747de3fefbaabb3ff90c1c0750c8d6c17746787f17061f4eff933620407336bf9b755f4222b0943b07d8c4d01de1815d42ea65e78e0daa7072591e9 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\[email protected]
| MD5 | 83e9b7823c0a5c4c67a603a734233dec |
| SHA1 | 2eaf04ad636bf71afdf73b004d17d366ac6d333e |
| SHA256 | 3b5e06eb1a89975def847101f700f0caa60fe0198f53e51974ef1608c6e1e067 |
| SHA512 | e8abb39a1ec340ac5c7d63137f607cd09eae0e885e4f73b84d8adad1b8f574155b92fbf2c9d3013f64ebbb6d55ead5419e7546b0f70dcde976d49e7440743b0f |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\Thumbstick2.png
| MD5 | a402aacac8be906bcc07d50669d32061 |
| SHA1 | 9d75c1afbe9fc482983978cae4c553aa32625640 |
| SHA256 | 62a313b6cc9ffe7dd86bc9c4fcd7b8e8d1f14a15cdf41a53fb69af4ae3416102 |
| SHA512 | d11567bcaad8bbd9e2b9f497c3215102c7e7546caf425e93791502d3d2b3f78dec13609796fcd6e1e7f5c7d794bac074d00a74001e7fe943d63463b483877546 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\[email protected]
| MD5 | 499333dae156bb4c9e9309a4842be4c8 |
| SHA1 | d18c4c36bdb297208589dc93715560acaf761c3a |
| SHA256 | d35a74469f1436f114c27c730a5ec0793073bcf098db37f10158d562a3174591 |
| SHA512 | 91c64173d2cdabc045c70e0538d45e1022cc74ec04989565b85f0f26fe3e788b700a0956a07a8c91d34c06fc1b7fad43bbdbb41b0c6f15b9881c3e46def8103e |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\[email protected]
| MD5 | e8c88cf5c5ef7ae5ddee2d0e8376b32f |
| SHA1 | 77f2a5b11436d247d1acc3bac8edffc99c496839 |
| SHA256 | 9607af14604a8e8eb1dec45d3eeca01fed33140c0ccc3e6ef8ca4a1f6219b5dd |
| SHA512 | 32f5a1e907705346a56fbddfe0d8841d05415ff7abe28ae9281ba46fedf8270b982be0090b72e2e32de0ce36e21934f80eaf508fd010f7ab132d39f5305fb68f |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\Thumbstick1.png
| MD5 | 2cbe38df9a03133ddf11a940c09b49cd |
| SHA1 | 6fb5c191ed8ce9495c66b90aaf53662bfe199846 |
| SHA256 | 0835a661199a7d8df7249e8ae925987184efcc4fb85d9efac3cc2c1495020517 |
| SHA512 | dcef5baccef9fff632456fe7bc3c4f4a403363d9103a8047a55f4bd4c413d0c5f751a2e37385fe9eba7a420dbdb77ca2ff883d47fcdd35af222191cc5bd5c7a9 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\TerrainTools\checkbox_square.png
| MD5 | 2cb16991a26dc803f43963bdc7571e3f |
| SHA1 | 12ad66a51b60eeaed199bc521800f7c763a3bc7b |
| SHA256 | c7bae6d856f3bd9f00c122522eb3534d0d198a9473b6a379a5c3458181870646 |
| SHA512 | 4c9467e5e2d83b778d0fb8b6fd97964f8d8126f07bfd50c5d68c256703f291ceaed56be057e8e2c591b2d2c49f6b7e099a2b7088d0bf5bdd901433459663b1f8 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\StudioUIEditor\valueBoxRoundedRectangle.png
| MD5 | 521fb651c83453bf42d7432896040e5e |
| SHA1 | 8fdbf2cc2617b5b58aaa91b94b0bf755d951cad9 |
| SHA256 | 630303ec4701779eaf86cc9fbf744b625becda53badc7271cbb6ddc56e638d70 |
| SHA512 | 8fa0a50e52a3c7c53735c7dd7af275ebc9c1843f55bb30ebe0587a85955a8da94ff993822d233f7ed118b1070a7d67718b55ba4a597dc49ed2bf2a3836c696f6 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\Clear.png
| MD5 | fa8eaf9266c707e151bb20281b3c0988 |
| SHA1 | 3ca097ad4cd097745d33d386cc2d626ece8cb969 |
| SHA256 | 8cf08bf7e50fea7b38f59f162ed956346c55a714ed8a9a8b0a1ada7e18480bc2 |
| SHA512 | e29274300eab297c6de895bb39170f73f0a4ffa2a8c3732caeeeac16e2c25fb58bb401fdd5823cc62d9c413ec6c43d7c46861d7e14d52f8d9d8ff632e29f167c |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\[email protected]
| MD5 | 3fec0191b36b9d9448a73ff1a937a1f7 |
| SHA1 | bee7d28204245e3088689ac08da18b43eae531ba |
| SHA256 | 1a03e6f6a0de045aa588544c392d671c040b82a5598b4246af04f5a74910dc89 |
| SHA512 | a8ab2bc2d937963af36d3255c6ea09cae6ab1599996450004bb18e8b8bdfbdde728821ac1662d8a0466680679011d8f366577b143766838fe91edf08a40353ce |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\shimmer_lightTheme.png
| MD5 | 4f8f43c5d5c2895640ed4fdca39737d5 |
| SHA1 | fb46095bdfcab74d61e1171632c25f783ef495fa |
| SHA256 | fc57f32c26087eef61b37850d60934eda1100ca8773f08e487191a74766053d1 |
| SHA512 | 7aebc0f79b2b23a76fb41df8bab4411813ffb1abc5e2797810679c0eaa690e7af7561b8473405694bd967470be337417fa42e30f0318acbf171d8f31620a31aa |
memory/5228-11746-0x0000000180000000-0x0000000180B0D000-memory.dmp
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaDiscussions\buttonFill.png
| MD5 | 81ce54dfd6605840a1bd2f9b0b3f807d |
| SHA1 | 4a3a4c05b9c14c305a8bb06c768abc4958ba2f1c |
| SHA256 | 0a6a5cafb4dee0d8c1d182ddec9f68ca0471d7fc820cf8dc2d68f27a35cd3386 |
| SHA512 | 57069c8ac03dd0fdfd97e2844c19138800ff6f7d508c26e5bc400b30fe78baa0991cc39f0f86fa10cd5d12b6b11b0b09c1a770e5cb2fdca157c2c8986a09e5ff |
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 70e49ccbdb09106e6646e8ecef2455c8 |
| SHA1 | 3eb5364d3883b1775c78291bfc65ab8b1af2c9e9 |
| SHA256 | af1aa72c45419adba4876f1dd02a28929fee3d94d4f3d035d9a06ac70b9096b9 |
| SHA512 | 787b47950bbda5ea2c50e9737b099a773b3f5a687af9257b54b226147b1b79ddf0cb040a397b58adc473b6d427399ef765c8616adb7ac32dde296553ecef6e46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6a75f27d7a8f4f6dc33d828220f03f57 |
| SHA1 | 7a3e14d0a7043caba0c09df995175ba855244b16 |
| SHA256 | 5830dd1efd73cb45d51690046153ce0e1104cf9e3a088119dbd0929aa839d543 |
| SHA512 | 316624fd82212b201dacd458eddc3104ffe204c26de85d67250a6034ecbbaaacc16ea280816645a4458758e14d9b8a3cba44bf6c4b7962ceaed8b7685eb4186d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 72d02ef176cda8d16fe859753a3bd4b4 |
| SHA1 | 540ae582c811548bb4eb8144a3ea419958a9f999 |
| SHA256 | b243fc0fd75fe88d909561ea040693d8f88eddc18fccfc9d789711e2d5768222 |
| SHA512 | 4adb923566d06ced2a924c7e5261e1c1627350a300dc0907897be4e0e03feadf1cb362ed6c86bd722cf2d435f26836aec86e1b67e5bdfc426c0a72227f3b63ca |
memory/5608-12494-0x0000000000470000-0x00000000004A5000-memory.dmp
memory/5608-12495-0x0000000075190000-0x00000000753A0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 310c9b466305022fd59d50bb368cf3eb |
| SHA1 | 1c8dbe4edb401213ab177b9b7e5cdadcd01aebb2 |
| SHA256 | 730754fb5fc7425d054f737dd7b000dddbefd5a331cf882bfcb5808949bc1eed |
| SHA512 | 853526f17462b8b5412918a58b4cd57e9b5c2221f1784a4879a741617687783237b09b31b6889531550a8a18a230692db77d31e7815416c6a6cf05fc1da4e94a |
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | be9591e6fd5cc329e08a9f2494ee7abb |
| SHA1 | 7f1aa412157fa0a79a9d7e1531cd8e6e7fa4de36 |
| SHA256 | 2f90a4a819fe09060bcd0985f76ddafa545a6f5788f1e53aa56310f8495bb1bb |
| SHA512 | 666c06b70b8a1aa24bbfa84c382eb17ded1c2e8d91adaec7ab621481300adffbb580bb6aa1054ad63f95d6594802d4a27f096b0a338d8ceb2c4349fdf15b0951 |
memory/5608-12559-0x0000000075190000-0x00000000753A0000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Installer\setup.exe
| MD5 | 44bab1ba8bbc80a6f11a59a921ade1fe |
| SHA1 | 71292aa421fc9cefd9eeade06fc5af52f71e8dc2 |
| SHA256 | a03c11b73af7ccf83f2a4bc1995f9083f8415174d1e8f6d6465e9192aabb542a |
| SHA512 | fcb6f75c3367b91da92b3d866ae6b85428d8c2ef13499344e80ddd3bb30f47d1243120aa41eba519756bcb6ff5f9708e7fe7281265c4c32766231765aa8104e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 895937596c8d614028cbd406595f926e |
| SHA1 | daa0ade45037e98a8e1ac2e8cd6b859c52352448 |
| SHA256 | cf8eabc22fc30aa6114d17fc21787515ad519cfb514f123c05c768e6ff0140af |
| SHA512 | f38db06c44f87b689e0b3a67a19a3399e83444fcd6e554003983f10e70da4bf9ed326a6b81ee9b48e3b79765c057dcad37b8fac7fb5f32593823dbbaa2d506ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b568405eae96436ca40b539ebdc8622d |
| SHA1 | f532668a9aafde21f6aca5a19b4f119836aaba96 |
| SHA256 | 0000de93dda190d90010cb004e040bad8647c5d28f76991cbf88778ed073dc15 |
| SHA512 | f3203bb508cfa218aae60891001337fc6bd63811ec8e033e6711299ec8aedc9e87eb4034234b150fa3162f57adffe9f3018ed35983aa1c50706c7ea692867091 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3ba294fda26919e78d157f7e30e35a49 |
| SHA1 | ca1292166aa409e5ac0644234164d8202a4253e4 |
| SHA256 | 21aeb2802d1ad5b3a1c0f486decec1e959be8910124dde7c11c180b5fe0e49a2 |
| SHA512 | fce5149e197197fbc435ddc4556b1bfc0461d3d5d5e20ce91a1b30cd500ebc9ee45e83f6c260f7a9883657a616441f9c04450538827a848191658200e8f022b2 |
memory/5608-12622-0x0000000000470000-0x00000000004A5000-memory.dmp
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\sounds\ouch.ogg
| MD5 | 9404c52d6f311da02d65d4320bfebb59 |
| SHA1 | 0b5b5c2e7c631894953d5828fec06bdf6adba55f |
| SHA256 | c9775e361392877d1d521d0450a5368ee92d37dc542bc5e514373c9d5003f317 |
| SHA512 | 22aa1acbcdcf56f571170d9c32fd0d025c50936387203a7827dbb925f352d2bc082a8a79db61c2d1f1795ad979e93367c80205d9141b73d806ae08fa089837c4 |
C:\Users\Admin\AppData\Local\Bloxstrap\Modifications\ClientSettings\ClientAppSettings.json
| MD5 | 4404bed49a6c0867a0d0b6b5e118407b |
| SHA1 | 37527ae8967510aa696dc31f9fac02c9c5c8b392 |
| SHA256 | 9035075800218227689b77309cdf3823bb81fb1e423f0e6c8576dd22c8c83d21 |
| SHA512 | b66053497d26eb08503baf0b5fe13c524cb98f7cdea86c84d80aa801b8eeb9dd9346a7af67872e73fa2778b1b36f6f1ca70f1cbd2fc7ad82e74aed2d1f5fd4cb |
memory/6152-12649-0x00007FFFF6A30000-0x00007FFFF6A60000-memory.dmp
memory/6152-12654-0x00007FFFF6AC0000-0x00007FFFF6AC5000-memory.dmp
memory/6152-12653-0x00007FFFF6A30000-0x00007FFFF6A60000-memory.dmp
memory/6152-12663-0x00007FFFF4B50000-0x00007FFFF4B60000-memory.dmp
memory/6152-12662-0x00007FFFF4B50000-0x00007FFFF4B60000-memory.dmp
memory/6152-12661-0x00007FFFF4B50000-0x00007FFFF4B60000-memory.dmp
memory/6152-12660-0x00007FFFF4B50000-0x00007FFFF4B60000-memory.dmp
memory/6152-12659-0x00007FFFF4B50000-0x00007FFFF4B60000-memory.dmp
memory/6152-12658-0x00007FFFF4B30000-0x00007FFFF4B40000-memory.dmp
memory/6152-12657-0x00007FFFF4B30000-0x00007FFFF4B40000-memory.dmp
memory/6152-12656-0x00007FFFF4AA0000-0x00007FFFF4AB0000-memory.dmp
memory/6152-12655-0x00007FFFF4AA0000-0x00007FFFF4AB0000-memory.dmp
memory/6152-12664-0x00007FFFF4650000-0x00007FFFF4660000-memory.dmp
memory/6152-12668-0x00007FFFF48D0000-0x00007FFFF4900000-memory.dmp
memory/6152-12667-0x00007FFFF4760000-0x00007FFFF4770000-memory.dmp
memory/6152-12666-0x00007FFFF4760000-0x00007FFFF4770000-memory.dmp
memory/6152-12665-0x00007FFFF4650000-0x00007FFFF4660000-memory.dmp
memory/6152-12652-0x00007FFFF6A30000-0x00007FFFF6A60000-memory.dmp
memory/6152-12651-0x00007FFFF6A30000-0x00007FFFF6A60000-memory.dmp
memory/6152-12650-0x00007FFFF6A30000-0x00007FFFF6A60000-memory.dmp
memory/6152-12648-0x00007FFFF69E0000-0x00007FFFF69F0000-memory.dmp
memory/6152-12647-0x00007FFFF69E0000-0x00007FFFF69F0000-memory.dmp
memory/6152-12646-0x00007FFFF68D0000-0x00007FFFF68E0000-memory.dmp
memory/6152-12645-0x00007FFFF68D0000-0x00007FFFF68E0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 60e95b7c9ea3d8a90a3ce41f1cddd413 |
| SHA1 | 159cfda46e181ffcfac0db77611e20f613d8a8ec |
| SHA256 | e144c3d304ac5f1d70c3d09f3968e0c3271d49651ed71c46f137e99f9e19053d |
| SHA512 | eb9f40d580363fc13b9b063674fa846d4a26d0d17ad403fc5f62fbe5b2580cf2ecdd64395bb1d4fc53a7bdece7c1872f70bb0870bada3d6c601ff7525d1598b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9c70881eb15fc48a5db08d7bd940655b |
| SHA1 | d210ac17cbd0a862c1517e9349d06224723a3b72 |
| SHA256 | a971dbdf483423f5291447735ac31bb2dd051725cb2ede86c902a4774009fc3a |
| SHA512 | a374c85301041ea943a5d96c1b9bbb3d00efcff244fa0a57e92f5b6fb02e852183fc53872db557d25abd7503004dc69431587a8459c4cd8c2bfc18fd494aa270 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | d365dfd2eec6c296e58bc99f9336dbad |
| SHA1 | 1d18f379438dca8e2562dc5a85b5a6242ba4e7c6 |
| SHA256 | 62c9c12c986653d069cfab1a1d0a879d473d42f16e378949aaac7612c0e26d41 |
| SHA512 | adda40f45504d5ea710dfbf0eee244895c9e6f82d1a62ea0d6e7ba1906897ea8d348f0fe18a0055e65c12d4bd8f663ef98cd7a4f6ac9c8f0f04febc9f966e2a9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | f6cfa7437049b1f95fb2d40556b79060 |
| SHA1 | ce003f62b0c8094173aec0207a20080a8b169400 |
| SHA256 | 6893377563132128e8f60e812223740e1cc044146f0a04f63af579b496ed898e |
| SHA512 | 28779b204ef6fa8c74dfdaf99fe6e8ed9279098c274119ca09b2b8c9af4525cd51a1638fe586daf599ea3b571681a4db220dba423d3987b9de57bb5d1229da57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 47fb7d81cfe21f8bce521473c67d47ba |
| SHA1 | 156b464b4d5d4fe7e93b4cc41737aec0a5021951 |
| SHA256 | c14ef8b7edf2666586f82984bfbaa994c9263d40dfa9131a19316337330b7c22 |
| SHA512 | 032083da7f39354e0fedddff7265bec3117b8b2524aca3e15e5bca37a27f1e712ae87e9d7a8ba46817da0bc85a706eac1760db0161e4fa9fcb1a1c2bcb267ea4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8a043a118456e891f5e746c7214f6b0 |
| SHA1 | 03761a02530377ec7fa21bfcf5d2dad8fcb3d5e7 |
| SHA256 | 60f895d05f5d8e6421610ff8faf132bd2a4cdb126d215956068ab931de6326d3 |
| SHA512 | f57a0b23b9dd52a76b1a0a2d51739ab1ba244d6202d56bd5f9110811b46f13897c21df697ed73655cd54cb5ac9d4a5fdde2cf0fd57c4690fa53c7110150942e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0c80936e173f100a18a6e1129301a258 |
| SHA1 | fc56fa22c1fec201aa2e60fabaeca4e3cec041ba |
| SHA256 | 6a2037af126c761ac7ca0ee672e9c72199f13fd2c095f0a1a4e23124fb066f55 |
| SHA512 | c0b85e1bc9ed11080a10811962eb991c18a35d22627d325d5a6c7a2fe06a826dacafdb2b074d270abdd79859a62b45e98badc6b2ba45964a963a65fbddb02f02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1c9e11a4c41d4d58b4179336f127d187 |
| SHA1 | bc626e156acb58246dc600f574ca8eea2e5c1a64 |
| SHA256 | c564bbab7e7a434d08902cfd4c41921c8b4e88e113cb205f40e5a485450e5b57 |
| SHA512 | c54f0723a6cd5a8c2b0afbf30002c8d652e2d988c11ac78b15d087d56da00ec8db58dce9000beb87d59739efa3ec26d8d9e393cd72c7e7119c05d4a5a0762209 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ab05e7dbe4c5644978dd0e0384d55431 |
| SHA1 | 9dbb0d578724429cec5fa5323b2d4df9dab29234 |
| SHA256 | e8e022ab719a613eec141b87749c32a894cfd93c154f5bfae9a9f8737cfc9b85 |
| SHA512 | 1c7a575e96e559667cfddaacf1b7f37de724008e5dfa0e93c5194f976b06d7658411d65f0a9ee33b44134d5cdfb82be2af620c3cc24f4c4041e49ee1d58fb113 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e3a1edff6d8bb792a1c5ac28f29bad99 |
| SHA1 | 24948b673f82ce3dbe3e648f00a1689db5403fa1 |
| SHA256 | 1b579d06fdc39fc236824d631892a5dd5b5f8244b3fd39146a3911c422301055 |
| SHA512 | b10bebea0063eb807cb9aae6e1c536da38ab0a3708155c3c3e6b6f1524f97c424f4859ecebd1d47597661cb5f822bd739b395a93f890e22c79e97cf58c3ef570 |
C:\Windows\Temp\{83AA827C-DBF7-41E5-A4E8-7A7C9466ACE1}\.ba\thm.xml
| MD5 | f62729c6d2540015e072514226c121c7 |
| SHA1 | c1e189d693f41ac2eafcc363f7890fc0fea6979c |
| SHA256 | f13bae0ec08c91b4a315bb2d86ee48fade597e7a5440dce6f751f98a3a4d6916 |
| SHA512 | cbbfbfa7e013a2b85b78d71d32fdf65323534816978e7544ca6cea5286a0f6e8e7e5ffc4c538200211f11b94373d5658732d5d8aa1d01f9ccfdbf20f154f1471 |
C:\Windows\Temp\{83AA827C-DBF7-41E5-A4E8-7A7C9466ACE1}\.ba\thm.wxl
| MD5 | fbfcbc4dacc566a3c426f43ce10907b6 |
| SHA1 | 63c45f9a771161740e100faf710f30eed017d723 |
| SHA256 | 70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce |
| SHA512 | 063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e |
C:\Windows\Temp\{83AA827C-DBF7-41E5-A4E8-7A7C9466ACE1}\.ba\license.rtf
| MD5 | 2eabbb391acb89942396df5c1ca2bad8 |
| SHA1 | 182a6f93703549290bcde92920d37bc1dec712bb |
| SHA256 | e3156d170014ced8d17a02b3c4ff63237615e5c2a8983b100a78cb1f881d6f38 |
| SHA512 | 20d656a123a220cd3ca3ccbf61cc58e924b44f1f0a74e70d6850f39cecd101a69bce73c5ed14018456e022e85b62958f046aa4bd1398aa27303c2e86407c3899 |
C:\Windows\Temp\{83AA827C-DBF7-41E5-A4E8-7A7C9466ACE1}\.ba\BootstrapperApplicationData.xml
| MD5 | 897d75c45bb31fd023c7a866b65edab1 |
| SHA1 | 708069c8a2dfc1a12a8526f40477e7f69b29409e |
| SHA256 | 7889edd102dedeecbfa9e88818ddfc24c6f68bcef133deecc0496687dc6ad604 |
| SHA512 | dcb984369c6f2649768824d33c2b701070e8440063bb97864a748a34c86b9d22991ef8dad9fa96d8f82f5a9f31f7d037bdb81041a0ab2c5c6fde22826525efda |
memory/8872-12928-0x0000000006300000-0x0000000006322000-memory.dmp
memory/8872-12929-0x0000000006810000-0x0000000006B64000-memory.dmp
memory/5616-12932-0x0000000180000000-0x0000000180B0D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | 2026bfc7a34993fd196d3a39bede7056 |
| SHA1 | 062694fff7554903710fb17d68ac628c20624c50 |
| SHA256 | 9bf6c1882908cb7cb034832afc0016d522215aa21de58d89a51d6b20629d632f |
| SHA512 | d30ad8166d78143f9ffbe2a138b8f4d059f379902ea70ad2226fade35429d03c0010dfd97de316f3ae1617d124253ec47878c6415dc0b50a786c56f28a14c767 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe714fe6.TMP
| MD5 | dfbdd07c770900c167eaa158bce52f7a |
| SHA1 | 609585772967ad557d86d6d52ef3477cc6dc2b72 |
| SHA256 | ec14e815479a2b2f74a0ea33f5bd21fbe94e91418f85a8823ae7bc2cf4dd19b4 |
| SHA512 | c5ac0f82f9232549edfd321137e0f55f727a9db49b01d3da9ae41f86171b85a33c1b9623013af53575fbac04955a8114fc618d11c790cf34e4a54157b1c3d7bc |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | b51a1a0bf7aea79650b0643116567c2c |
| SHA1 | d9f329e0fce83055d9b37caab01bdaaf67a6ef80 |
| SHA256 | 1739d42497359e59e126ddbde889d34eebc4f04a872b6fb9af3e42b3f356bbb5 |
| SHA512 | 6dc47a6f1013572ea0f527981bff3b9f7120ddbf6e77d6ee1b2c8305c522dc340e976649a741a3fe684e9dc5a85e2fe424cf8ecf188860863a62cb92b76a6fdd |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | b52597f94fd36e0d5292612ccbda51b2 |
| SHA1 | 1fe2337cb3fc96f4c6f11374db6556b835530da0 |
| SHA256 | 767ddf18b46f99998047a2a43586140e2031ae2799a108b1a5fbc8e0b1c4f2bc |
| SHA512 | 5ca55d521c2860ddfd06fa6f50865d4562355ed67b1ba3acf478cd96796e13cc1fbffe59be0ed86aaf706982fdbbfac20e82e9ab221d4d0fef6bd681ffe91845 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | 3b40e8f01847d02e3a9e23a4212b38b6 |
| SHA1 | 6055b8aae8e42a5ba0b87d385b10eab80058b7b4 |
| SHA256 | 357bd61d056d4ee06371a806cf6dfd2da3902e9ff82b6c27037c22bac00b913e |
| SHA512 | aeb54d7c19d41365d0c8e0696537f97739e1f157a8ecce6687a4124a25d56f9e804f14b3bfe88d6d1739faae454fbf7861493c146153c19a19ad592361631d82 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\GraphiteDawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\GraphiteDawnCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\GraphiteDawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\GrShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4ef9d263269b9a6c1223567dc65a13ab |
| SHA1 | 6791e6717d3a3e3c3e37c5f4adad89bc518d011d |
| SHA256 | 1e6f19ebb6ac585846a701f7b7c84cf5fc0da8896dd19d87df2c65495e060136 |
| SHA512 | ffd1d29d6720554f782db2d5415cafb8a15f61754a5faa119df84303c12433fb035e72b2e1c97e28bce18b8f9f1552826abd32231516b7dfd95f15dc4bb8852e |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | e974b11f4667a5bdc8cb99314d0b5514 |
| SHA1 | 211116514fd07f305f7b3a4d7cbc8d776f58fdad |
| SHA256 | 0441b513ca190c6421dd3748a269284b623b6eef2358d5e6456d72a76e5e163a |
| SHA512 | 3ff0f476cca9cd219193b3867eaaeac8cd1a46c6af6326d62ab1ce7088892a76a88369800b57c2feaddb6abdb1ebe268cceaa25622bec2f815487c235e095420 |
memory/5616-13151-0x0000000180000000-0x0000000180B0D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5df654f01e2a6ad2fd06d31f0b30accb |
| SHA1 | 5d2939457bb28d7ab8fb4a851599e13f5858f866 |
| SHA256 | e351cc6455ce31278513e9e6e466fdead17e38df3706eff6b73b96b68cc85313 |
| SHA512 | 9d4e964705af169a29358fa1b7463952b4bd2b1edc7cad7a5f451b05955eaf737103d3926bcee2d982c3e7a8538026285f82a559aa3cff886133dcd0726bd120 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4cd93ff4854d444e0dc2b389fef55325 |
| SHA1 | 2b34a018cc11f1e56995289a2c0745f319237288 |
| SHA256 | 0cce451b5330c3af351b54f22585280a42a53e38dba637edaeb8ca9fbdc7cc37 |
| SHA512 | 83d5e6036e5a9b704df6b3a0c55858bf7706981520035b2ed9ee23c8a64574e9e4b32bc2d63c352782d5d77b7afbd19552030b22caf32566e9000563d109e85f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f866846f627f6b14ca6dc8d3530759e9 |
| SHA1 | 8702e42013cc8a320377c7eb9e0c508e144ef5f1 |
| SHA256 | 41966346c556ebc2b818b16211a0e1475bcb7018d266bb7e5f11017e87a464c3 |
| SHA512 | e934f7321b76f8ae453d1113a9e305a71004b005d22ee5f6deb70defb4458af63f01c90e7972c29b056c046ca6d145f65b2c788e5778b3f640c760bc6cf887b4 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\801487f1-0cdc-4143-8f4d-db1e9350170a.tmp
| MD5 | f57407e505ade0b0e4915d1008e4bf17 |
| SHA1 | f9fc8c18b18c2feccab125a0b7d1362df47ff3d3 |
| SHA256 | c8f08affcd5000f6ca0644a4a041674ab5164afb1cf676b0b228a1465586ea88 |
| SHA512 | 7a96270e0c072d4933b0fd1bec94b69da320cc42f64a2f3d2be534f75d01e6e0d4ac5d80efa93f6c8f835f5cdeac68c9ec224fb5f4e55ec8636273db5ec454cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9612485d9e31acf193efb636ac638805 |
| SHA1 | 579c6ad489cf4ed6897054c75fa448a13286006b |
| SHA256 | c3d636c19f12e6d94f755337f42374117b512b5ed9ed54052f90dff713c04934 |
| SHA512 | dc2b6c1847681a9e704a1e15b1c4aa9bbee09514f5c84c690f180807fc9cd838af43b41957500d9593e9f81740141a6a957cb636e1f659d50f4952f2c73d89de |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | 0efd69582e9232d62dcaa10e7c772cb0 |
| SHA1 | a70e7102166085004798e37c46155b959528fbe9 |
| SHA256 | 3726ff2dc617d9b9b0d11d4dac2ff28c30f666a34b770306a6899b28f2a6bf09 |
| SHA512 | 8f961bf4fdde016ead94fa44f7fd3e3bd248cb7157a265f139c7d7379f0f105a3407df3a5b612560d5fc3ff01d5f7ce04166600ebb41b3a836085ba49398fd28 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\Network Persistent State
| MD5 | f2d5ed18b944a17ff2cc7e911356f942 |
| SHA1 | a523b2955a3778c561a0970c479d4b65bdad0b25 |
| SHA256 | 726a15117bf92b50648634c6a43ca21e68a48f5555c78b4556332c166a777efa |
| SHA512 | f9f1157730223a9cf4d21cc45a806a4677cb993fca52ec37081cb105301d6e6a35490223f248f331813822fa1efbf945ac8d9e80b928d516d473c74a3b365077 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe72635a.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Program Files\chrome_Unpacker_BeginUnzipping3752_2026079866\manifest.json
| MD5 | 58d3ca1189df439d0538a75912496bcf |
| SHA1 | 99af5b6a006a6929cc08744d1b54e3623fec2f36 |
| SHA256 | a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437 |
| SHA512 | afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2 |
C:\Program Files\chrome_Unpacker_BeginUnzipping3752_2026079866\manifest.fingerprint
| MD5 | 0c9218609241dbaa26eba66d5aaf08ab |
| SHA1 | 31f1437c07241e5f075268212c11a566ceb514ec |
| SHA256 | 52493422ac4c18918dc91ef5c4d0e50c130ea3aa99915fa542b890a79ea94f2b |
| SHA512 | 5d25a1fb8d9e902647673975f13d7ca11e1f00f3c19449973d6b466d333198768e777b8cae5becef5c66c9a0c0ef320a65116b5070c66e3b9844461bb0ffa47f |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json
| MD5 | 6bbb18bb210b0af189f5d76a65f7ad80 |
| SHA1 | 87b804075e78af64293611a637504273fadfe718 |
| SHA256 | 01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c |
| SHA512 | 4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0b0b6ed09dc024538f308effa1a72d27 |
| SHA1 | d00bf9da974cd4c34c37b86b59f2ff01ebc48861 |
| SHA256 | ba95389e01cb084731e27423d5d8dd79f4b93302bdfa37a7f17c0163a7262159 |
| SHA512 | 092ae222fcce268fa2654f3a44cfa39ee73c9bf8f6974b8b1fca2d29be6794c05e8ca4f0e381a2827f5627dd4548852b21700a95199ea1ff6c891bbe06db359e |
C:\Program Files\chrome_Unpacker_BeginUnzipping3752_707767020\manifest.json
| MD5 | 55cf847309615667a4165f3796268958 |
| SHA1 | 097d7d123cb0658c6de187e42c653ad7d5bbf527 |
| SHA256 | 54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877 |
| SHA512 | 53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6cd936e9-04ed-469d-8d31-78afa284cafd.tmp
| MD5 | 03530091124569f08c7e7b3d66c93c60 |
| SHA1 | abafaf257067e43fcd2e120a4d2539cbc25a55a1 |
| SHA256 | c4bedafc42ab08224310048c622321faa043434216c8ee4c05e158681d08e982 |
| SHA512 | f38f382ca45d002709140672911c39847e186d4f9d38418ead5f268785568a2095712491255b3a8f3146b7d8c27a0443c61547118db8251f3746ea9739109dd2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
Analysis: behavioral12
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:33
Platform
win10v2004-20240704-en
Max time kernel
1799s
Max time network
1137s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bitsum\processlasso\pl4sfx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\QuickUpgrade.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bitsum\processlasso\pl4sfx.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PostUpdate.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bitsumsessionagent.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\processlasso.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\QuickUpgrade.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\QuickUpgrade.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PostUpdate.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PostUpdate.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\processlasso.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\processlasso.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\PostUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\PostUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\processlasso.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\processlasso.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bitsumsessionagent.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processlasso.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processlasso.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processlasso.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processlasso.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processlasso.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processlasso.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processlasso.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processlasso.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\processlasso.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\QuickUpgrade.exe
"C:\Users\Admin\AppData\Local\Temp\QuickUpgrade.exe"
C:\Users\Admin\AppData\Local\Temp\bitsum\processlasso\pl4sfx.exe
"C:\Users\Admin\AppData\Local\Temp\bitsum\processlasso\pl4sfx.exe"
C:\Users\Admin\AppData\Local\Temp\PostUpdate.exe
"C:\Users\Admin\AppData\Local\Temp\PostUpdate.exe"
C:\Users\Admin\AppData\Local\Temp\bitsumsessionagent.exe
C:\Users\Admin\AppData\Local\Temp\bitsumsessionagent.exe ----------------------------------------------------------------
C:\Users\Admin\AppData\Local\Temp\processlasso.exe
/postupdate
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | update.bitsum.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 172.67.74.105:443 | update.bitsum.com | tcp |
| US | 8.8.8.8:53 | 105.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | 61.45.26.184.in-addr.arpa | udp |
| GB | 184.26.45.61:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\pl_rsrc_temp.dll
| MD5 | 258063bdcafc8fd2a2a50d9065989ad6 |
| SHA1 | ee1bebd8c909d8ebe3b5b6f155c68fc7e6696e31 |
| SHA256 | 01b75b825eef6092db03156d3e87342a875bfd355a6cf8d9a87365f4c5fda85f |
| SHA512 | b0732da44481e09f38e903fab2bf81447bf661d785631ab2b7421a89b80ef2db38203d85dbea5535c5bb09e8550a2ca737db6c86eac372515ebdf803a59cb5ca |
C:\Users\Admin\AppData\Local\Temp\bitsum\processlasso\pl4sfx.exe
| MD5 | 5e30f03479a5607d89c4f5f372deae0b |
| SHA1 | 99ae6721a7b9efdcc23160610f23f71304ff039e |
| SHA256 | e0e414a143c82f06038cfaa468bdd39a39c683e07dc310923e6495bbc8d6751f |
| SHA512 | 731ace4798c98522aa131f7e0f23250a99b502210dc6876a87099975abfae410e4913896f701db70845f577baa70db40d7bf1e82dc7f2ce29659228d7f13d7db |
C:\Users\Admin\AppData\Local\Temp\PostUpdate.exe
| MD5 | bb2506cfd974bbb671075703af3ba34d |
| SHA1 | 7dff63921930877f384d46ec2e83e9fc65631908 |
| SHA256 | 304d78f9754a1921b95c2efc91d2e3b746ea7fe64a8e88f096900fcfef95ab97 |
| SHA512 | b18ede7522ce010e21b2f367276d1fd9bc8c8ae647f4534aefd2461879eaaa4dcfcaabdd47401de7764add7e9a4784afacb16376bd518c885fc19b6e1869b580 |
C:\Users\Admin\AppData\Local\Temp\pl_rsrc_english.dll
| MD5 | 40d2b640a737039f0ae3bea77470cdfd |
| SHA1 | f22c0a3ed620659ec76b1dc499b9965e4b6b3a2b |
| SHA256 | be8a66f9560f0f3d2dcb12a3608deeae7a64e87340462c0f409c640580c514f8 |
| SHA512 | 17b8d4c47875b909e4a70373033dd28cde2f2805509845eaf0ac264c85ddeec657d17276b38f37211d4102de87a8b0c91c646d17826b18c2f4f3f9badc4d3b29 |
C:\Users\Admin\AppData\Local\Temp\QuickUpgrade.exe.Replacement
| MD5 | 3ca525e181221bea925983a7df61f712 |
| SHA1 | 8f4d165464c6b9c275700b44a9f4edc3f5462cbb |
| SHA256 | 13a9fbdf75a5051499685f2b140788e46a53af6890af094dbfe61ca766316d2f |
| SHA512 | ec73d2c502a15da048cabc85f16a0b65f9a8e81a7a3dd8e5108ea594e5c06e1e08d314fc7b72f6276a513aa1a6da1ad0b6b75e808842295e9e811e1e85c5b7a8 |
C:\Users\Admin\AppData\Local\Temp\bitsumsessionagent.exe
| MD5 | 7f55918ca6706935ebf3000e277ec7f3 |
| SHA1 | 725b09394b76ccc066ac4fbc00357fbbb2a60f34 |
| SHA256 | 7592cdd84b1085851f3a6ef03bc386a381117cdb884c720be1bd8dcf62a296ea |
| SHA512 | fe218d72e4e17097143860b57f22de32ecac1b5cbcb93e856404bed7884ce2b389d39f3ed654a1d8bdc5f08847ebfd3fdf9ba0f1f1efd32e55fe6bf250f9afc9 |
C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe
| MD5 | 895af2aaf9c99ea08f42d52b97e50ec1 |
| SHA1 | e514cbaf6d9e243f107efc74cf2fe7646d87dcb3 |
| SHA256 | a160cee89af34cfefa86ba433aa367eb36a593782bc2c014e9744d15436b3870 |
| SHA512 | dafe2dc0b3b7d612cdd07a6a870b5f881a8fa5d371040b4bb06d6b5fc6e84eb979ba89828cd7f76ac17b6c414174d8fe349ee44fe5bcdad422ad901657952bb9 |
Analysis: behavioral21
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:33
Platform
win10v2004-20240704-en
Max time kernel
1373s
Max time network
1164s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pl_rsrc_chinese_traditional.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.111.78.13.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:31
Platform
win10v2004-20240704-en
Max time kernel
1710s
Max time network
1142s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\Insights.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\Insights.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Insights.exe
"C:\Users\Admin\AppData\Local\Temp\Insights.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:33
Platform
win10v2004-20240508-en
Max time kernel
1769s
Max time network
1780s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\TweakScheduler.exe
"C:\Users\Admin\AppData\Local\Temp\TweakScheduler.exe"
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:33
Platform
win10v2004-20240704-en
Max time kernel
1797s
Max time network
1153s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\plActivate.exe
"C:\Users\Admin\AppData\Local\Temp\plActivate.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:46
Platform
win10v2004-20240704-en
Max time kernel
1748s
Max time network
1165s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pl_rsrc_polish.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:32
Platform
win10v2004-20240704-en
Max time kernel
1360s
Max time network
1154s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe
"C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.10.44.20.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:32
Platform
win10v2004-20240704-en
Max time kernel
1799s
Max time network
1164s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\LogViewer.exe
"C:\Users\Admin\AppData\Local\Temp\LogViewer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.10.44.20.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:33
Platform
win10v2004-20240704-en
Max time kernel
1733s
Max time network
1146s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3340 wrote to memory of 4012 | N/A | C:\Windows\system32\cmd.exe | C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe |
| PID 3340 wrote to memory of 4012 | N/A | C:\Windows\system32\cmd.exe | C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe |
| PID 3340 wrote to memory of 1232 | N/A | C:\Windows\system32\cmd.exe | C:\Users\Admin\AppData\Local\Temp\ProcessLassoLauncher.exe |
| PID 3340 wrote to memory of 1232 | N/A | C:\Windows\system32\cmd.exe | C:\Users\Admin\AppData\Local\Temp\ProcessLassoLauncher.exe |
| PID 1232 wrote to memory of 244 | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLassoLauncher.exe | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe |
| PID 1232 wrote to memory of 244 | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLassoLauncher.exe | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe |
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\pl.cmd"
C:\Users\Admin\AppData\Local\Temp\InstallHelper.exe
InstallHelper.exe /terminate
C:\Users\Admin\AppData\Local\Temp\ProcessLassoLauncher.exe
ProcessLassoLauncher.exe /showwindow
C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe
"C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe" "ProcessLassoLauncher.exe" "/showwindow"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe
| MD5 | 8fcf7cf04f9b344724759ee830e97ff7 |
| SHA1 | 7e89c71637362333246cb6f7b30f34a2b7693407 |
| SHA256 | 449c423ae1a63259989c85176dcc808f767346944eb40eac270ce27795abc1c2 |
| SHA512 | 3acc527ac9014db980d4c511fd416e32d627f616eb09559a2c3b0cb038a86eee6adf526488053fd09e34ba66fec6109bc534178e4371147d1b23f29803668759 |
Analysis: behavioral22
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:33
Platform
win10v2004-20240704-en
Max time kernel
1794s
Max time network
1799s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pl_rsrc_english.dll,#1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4356,i,3027467512973953085,11878940668304988630,262144 --variations-seed-version --mojo-platform-channel-handle=4060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4184,i,3027467512973953085,11878940668304988630,262144 --variations-seed-version --mojo-platform-channel-handle=4040 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:36
Platform
win10v2004-20240704-en
Max time kernel
1799s
Max time network
1804s
Command Line
Signatures
Wannacry
Deletes shadow copies
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD49EC.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD49D5.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vttubpigefotq647 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\@[email protected] | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskdl.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133647680208800281" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661257284-3186977026-4220467887-1000\{DD479436-6D91-4341-9D82-DD94D8B8A54B} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pl_rsrc_french.dll,#1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4088,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=4152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4944,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=4012 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffb280bab58,0x7ffb280bab68,0x7ffb280bab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1904,i,7217547632498748082,6148862482670772428,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1904,i,7217547632498748082,6148862482670772428,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2284 --field-trial-handle=1904,i,7217547632498748082,6148862482670772428,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1904,i,7217547632498748082,6148862482670772428,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1904,i,7217547632498748082,6148862482670772428,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1696 --field-trial-handle=1904,i,7217547632498748082,6148862482670772428,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1904,i,7217547632498748082,6148862482670772428,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1904,i,7217547632498748082,6148862482670772428,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1904,i,7217547632498748082,6148862482670772428,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5068 --field-trial-handle=1904,i,7217547632498748082,6148862482670772428,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=3816,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4084,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5284,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5316,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5484,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=2912,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=5992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=5852,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=5836,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6040,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=5368,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=6496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6488,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=5628,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6736,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=6756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=6744,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=6608 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=6664,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=6276,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=6524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=3848,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=6920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=7276,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=7296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --field-trial-handle=7204,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=7320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=7704,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=7700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=7732,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=7756 /prefetch:8
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 226611720294478.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=1708,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=7764 /prefetch:8
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "vttubpigefotq647" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "vttubpigefotq647" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
"C:\Users\Admin\Downloads\@[email protected]"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 92.123.142.200:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| GB | 184.28.176.16:443 | www.bing.com | tcp |
| GB | 184.28.176.16:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 16.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 184.28.176.99:443 | r.bing.com | tcp |
| GB | 184.28.176.99:443 | r.bing.com | tcp |
| GB | 184.28.176.49:443 | th.bing.com | tcp |
| GB | 184.28.176.49:443 | th.bing.com | tcp |
| GB | 184.28.176.99:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 99.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.136:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| GB | 184.28.176.49:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | app-edge.smartscreen.microsoft.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:51560 | tcp | |
| FR | 178.33.183.251:443 | tcp | |
| US | 128.31.0.39:9101 | tcp | |
| FR | 37.187.102.186:9001 | tcp | |
| DE | 85.214.62.48:443 | tcp | |
| US | 8.8.8.8:53 | 48.62.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | tcp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 41.211.222.173.in-addr.arpa | udp |
| US | 199.254.238.52:443 | tcp | |
| DE | 131.188.40.189:443 | tcp | |
| FR | 213.32.104.213:9000 | tcp | |
| US | 8.8.8.8:53 | 189.40.188.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.104.32.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 184.28.176.82:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 82.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
Files
\??\pipe\crashpad_2128_NVQFXEODPCNCECYU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8940dcfb5c0a28071f37de3b15ed40ac |
| SHA1 | 7863188d3cb3f87e1d61ac8aa2fe21128cf8e402 |
| SHA256 | da53938966bc145ec06fa7c2b7410cbaac9d809bc4c6202c4b6ee5f6c928c6c7 |
| SHA512 | 1e27153b62bb8fef2732dd2d28de25669201c7248062140770d6c1e1ad1b18fcb9327eb7b20e50a80010f4871b209f5cf9ae22d2016082f157a12a41b16f80f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 416b95df2e57d7bdf058080217870814 |
| SHA1 | 1fc1065dd28a61c4665744b9914e25d00e6b5ac6 |
| SHA256 | 3e19780569087d04f79b8214c494bbac6b581b67d6ede94c87a0dac0a5e7690c |
| SHA512 | a430cbd4aef0a6718a189e157c08e9a391291112750eb0baa74674cee53e24bfab8ca192543aaf64cdc6da91b928ff7b56051fd84f8c71f012da2179e27186f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 378798f2c91ce35e2756a8c5f9627491 |
| SHA1 | 643abc6389938f865f7b2f3343ff9a6a06339c6f |
| SHA256 | 92e347f55c8e3ba94940c3aa9518daa89419327792b09b6bcf470d22faf3289a |
| SHA512 | cb9b3c5de0018a11bcb85e78828f3eedfe8929ad87f5b0c62b47f91f286ca544b282944deaae5c6681013cd032645e60213f393b83235bfbc39edffb4c7bfa63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 63d7d1a45523ade0f56fb09ac3a5fca4 |
| SHA1 | 370e642e266666aa9416770835a41b41b7bcf8d4 |
| SHA256 | f6c1a479698506f344ce82b5453af5aa892da75774624e975ad2d21d97b01220 |
| SHA512 | b904db995ecbdadff18d950595d34c62edaadb82eca6647ee5c3948d20b81aba86ff033b4806585f38e62d52a1ed411fdf3dbd108aff80c5d81497b53ee2fa5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e36576cf208698947885696e6b913b35 |
| SHA1 | bf582072a0e8b4967f16250acdd11608de3de30c |
| SHA256 | 71353bb63c6503a7d539ab1b3d0709990b8820d952c7e0d1b35ecd70f2833881 |
| SHA512 | 777fdf74fd4fdf51b2cc2062567d2351f12f03c02ead4a0f10bd638914f85191512beb95bb20f3331d8fc21626f3985b5009c40605347e002720f658c0623aa6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9a3c867bbd7767589d54428b50b44b61 |
| SHA1 | 5f48d4c6152a2a5fe72c42379221353bf9e884c5 |
| SHA256 | 317d14040cb054ac0a9d83c9f007b97c8394f6517b2b6040705f333038ce969e |
| SHA512 | bdf94ce9d275aacf207a56462014bb35dbc2de7c9eeb5fbcd51fa13c485d7e6ec8ece593acff856bf91b488dd311dfdffa06716c238dccba3094267fa3f8b947 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f2d6124e18c9e003ccbcef9b12cd68b7 |
| SHA1 | f0ff0829abb797871a15440ec69fbfbdcbca2cf0 |
| SHA256 | 9fe93908332be7d7864bc7d3a175ba70dd7555006c5cdf6e20f0f31fac6086cb |
| SHA512 | 781e416c44e24cb9f3cef4f322ff585dda7b4dbc09f16a00771d8adfb9c19225c0997dc9b1b438183bc45b552fbbd76e46ee5b598a22928dcf8acaaafb711667 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ae09f686db734bef8f9862826fd86629 |
| SHA1 | c6d2863dc5b55f8b1d595983829fb3808666c764 |
| SHA256 | 76fcf4f58fd389af1d2bfe7a8268347db04ebfb08c4fa4923837049e75749dfe |
| SHA512 | 8622e263eefc25384dd2ddfb4e7748bbe49e127928f8d39dd069d80e2e97f34ba79521eae8768762f164d3d4941b69748f02fdea97ce97cce5ab8575f2f73d00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c9f28455260bd007b75861c12ce05afd |
| SHA1 | 86c6febb082be7e40578c88fb8ea20e654933e46 |
| SHA256 | f10fd56d128eab902d63246667839e5a88e50bafadb4ff3f0e1901cf452ef2da |
| SHA512 | 0574ab97e78da93c7562b408db6ed7220864f8d16ae5af9191e320a781e6aa9c935bfa36d627d5a6640c47826e44d7e1234384ca436c98591f1d6b2b0436ed6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\Downloads\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/1540-230-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\Downloads\b.wnry
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Downloads\u.wnry
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Downloads\taskse.exe
| MD5 | 8495400f199ac77853c53b5a3f278f3e |
| SHA1 | be5d6279874da315e3080b06083757aad9b32c23 |
| SHA256 | 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d |
| SHA512 | 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4 |
C:\Users\Admin\Downloads\taskdl.exe
| MD5 | 4fef5e34143e646dbf9907c4374276f5 |
| SHA1 | 47a9ad4125b6bd7c55e4e7da251e23f089407b8f |
| SHA256 | 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79 |
| SHA512 | 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5 |
C:\Users\Admin\Downloads\t.wnry
| MD5 | 5dcaac857e695a65f5c3ef1441a73a8f |
| SHA1 | 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd |
| SHA256 | 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6 |
| SHA512 | 06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2 |
C:\Users\Admin\Downloads\s.wnry
| MD5 | ad4c9de7c8c40813f200ba1c2fa33083 |
| SHA1 | d1af27518d455d432b62d73c6a1497d032f6120e |
| SHA256 | e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b |
| SHA512 | 115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617 |
C:\Users\Admin\Downloads\r.wnry
| MD5 | 3e0020fc529b1c2a061016dd2469ba96 |
| SHA1 | c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade |
| SHA256 | 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c |
| SHA512 | 5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf |
C:\Users\Admin\Downloads\msg\m_vietnamese.wnry
| MD5 | 8419be28a0dcec3f55823620922b00fa |
| SHA1 | 2e4791f9cdfca8abf345d606f313d22b36c46b92 |
| SHA256 | 1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8 |
| SHA512 | 8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386 |
C:\Users\Admin\Downloads\msg\m_turkish.wnry
| MD5 | 531ba6b1a5460fc9446946f91cc8c94b |
| SHA1 | cc56978681bd546fd82d87926b5d9905c92a5803 |
| SHA256 | 6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415 |
| SHA512 | ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9 |
C:\Users\Admin\Downloads\msg\m_swedish.wnry
| MD5 | c7a19984eb9f37198652eaf2fd1ee25c |
| SHA1 | 06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae |
| SHA256 | 146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4 |
| SHA512 | 43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020 |
C:\Users\Admin\Downloads\msg\m_spanish.wnry
| MD5 | 8d61648d34cba8ae9d1e2a219019add1 |
| SHA1 | 2091e42fc17a0cc2f235650f7aad87abf8ba22c2 |
| SHA256 | 72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1 |
| SHA512 | 68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079 |
C:\Users\Admin\Downloads\msg\m_slovak.wnry
| MD5 | c911aba4ab1da6c28cf86338ab2ab6cc |
| SHA1 | fee0fd58b8efe76077620d8abc7500dbfef7c5b0 |
| SHA256 | e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729 |
| SHA512 | 3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a |
C:\Users\Admin\Downloads\msg\m_russian.wnry
| MD5 | 452615db2336d60af7e2057481e4cab5 |
| SHA1 | 442e31f6556b3d7de6eb85fbac3d2957b7f5eac6 |
| SHA256 | 02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078 |
| SHA512 | 7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f |
C:\Users\Admin\Downloads\msg\m_romanian.wnry
| MD5 | 313e0ececd24f4fa1504118a11bc7986 |
| SHA1 | e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d |
| SHA256 | 70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1 |
| SHA512 | c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730 |
C:\Users\Admin\Downloads\msg\m_portuguese.wnry
| MD5 | fa948f7d8dfb21ceddd6794f2d56b44f |
| SHA1 | ca915fbe020caa88dd776d89632d7866f660fc7a |
| SHA256 | bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66 |
| SHA512 | 0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a |
C:\Users\Admin\Downloads\msg\m_polish.wnry
| MD5 | e79d7f2833a9c2e2553c7fe04a1b63f4 |
| SHA1 | 3d9f56d2381b8fe16042aa7c4feb1b33f2baebff |
| SHA256 | 519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e |
| SHA512 | e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de |
C:\Users\Admin\Downloads\msg\m_norwegian.wnry
| MD5 | ff70cc7c00951084175d12128ce02399 |
| SHA1 | 75ad3b1ad4fb14813882d88e952208c648f1fd18 |
| SHA256 | cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a |
| SHA512 | f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19 |
C:\Users\Admin\Downloads\msg\m_latvian.wnry
| MD5 | c33afb4ecc04ee1bcc6975bea49abe40 |
| SHA1 | fbea4f170507cde02b839527ef50b7ec74b4821f |
| SHA256 | a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536 |
| SHA512 | 0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44 |
C:\Users\Admin\Downloads\msg\m_korean.wnry
| MD5 | 6735cb43fe44832b061eeb3f5956b099 |
| SHA1 | d636daf64d524f81367ea92fdafa3726c909bee1 |
| SHA256 | 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0 |
| SHA512 | 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e |
C:\Users\Admin\Downloads\msg\m_japanese.wnry
| MD5 | b77e1221f7ecd0b5d696cb66cda1609e |
| SHA1 | 51eb7a254a33d05edf188ded653005dc82de8a46 |
| SHA256 | 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e |
| SHA512 | f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc |
C:\Users\Admin\Downloads\msg\m_italian.wnry
| MD5 | 30a200f78498990095b36f574b6e8690 |
| SHA1 | c4b1b3c087bd12b063e98bca464cd05f3f7b7882 |
| SHA256 | 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07 |
| SHA512 | c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511 |
C:\Users\Admin\Downloads\msg\m_indonesian.wnry
| MD5 | 3788f91c694dfc48e12417ce93356b0f |
| SHA1 | eb3b87f7f654b604daf3484da9e02ca6c4ea98b7 |
| SHA256 | 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4 |
| SHA512 | b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd |
C:\Users\Admin\Downloads\msg\m_greek.wnry
| MD5 | fb4e8718fea95bb7479727fde80cb424 |
| SHA1 | 1088c7653cba385fe994e9ae34a6595898f20aeb |
| SHA256 | e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9 |
| SHA512 | 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb |
C:\Users\Admin\Downloads\msg\m_german.wnry
| MD5 | 3d59bbb5553fe03a89f817819540f469 |
| SHA1 | 26781d4b06ff704800b463d0f1fca3afd923a9fe |
| SHA256 | 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61 |
| SHA512 | 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac |
C:\Users\Admin\Downloads\msg\m_french.wnry
| MD5 | 4e57113a6bf6b88fdd32782a4a381274 |
| SHA1 | 0fccbc91f0f94453d91670c6794f71348711061d |
| SHA256 | 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc |
| SHA512 | 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9 |
C:\Users\Admin\Downloads\msg\m_filipino.wnry
| MD5 | 08b9e69b57e4c9b966664f8e1c27ab09 |
| SHA1 | 2da1025bbbfb3cd308070765fc0893a48e5a85fa |
| SHA256 | d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324 |
| SHA512 | 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4 |
C:\Users\Admin\Downloads\msg\m_english.wnry
| MD5 | fe68c2dc0d2419b38f44d83f2fcf232e |
| SHA1 | 6c6e49949957215aa2f3dfb72207d249adf36283 |
| SHA256 | 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5 |
| SHA512 | 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810 |
C:\Users\Admin\Downloads\msg\m_dutch.wnry
| MD5 | 7a8d499407c6a647c03c4471a67eaad7 |
| SHA1 | d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b |
| SHA256 | 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c |
| SHA512 | 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12 |
C:\Users\Admin\Downloads\msg\m_danish.wnry
| MD5 | 2c5a3b81d5c4715b7bea01033367fcb5 |
| SHA1 | b548b45da8463e17199daafd34c23591f94e82cd |
| SHA256 | a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6 |
| SHA512 | 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3 |
C:\Users\Admin\Downloads\msg\m_czech.wnry
| MD5 | 537efeecdfa94cc421e58fd82a58ba9e |
| SHA1 | 3609456e16bc16ba447979f3aa69221290ec17d0 |
| SHA256 | 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150 |
| SHA512 | e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b |
C:\Users\Admin\Downloads\msg\m_croatian.wnry
| MD5 | 17194003fa70ce477326ce2f6deeb270 |
| SHA1 | e325988f68d327743926ea317abb9882f347fa73 |
| SHA256 | 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171 |
| SHA512 | dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c |
C:\Users\Admin\Downloads\msg\m_chinese (traditional).wnry
| MD5 | 2efc3690d67cd073a9406a25005f7cea |
| SHA1 | 52c07f98870eabace6ec370b7eb562751e8067e9 |
| SHA256 | 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a |
| SHA512 | 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c |
C:\Users\Admin\Downloads\msg\m_chinese (simplified).wnry
| MD5 | 0252d45ca21c8e43c9742285c48e91ad |
| SHA1 | 5c14551d2736eef3a1c1970cc492206e531703c1 |
| SHA256 | 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a |
| SHA512 | 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755 |
C:\Users\Admin\Downloads\msg\m_bulgarian.wnry
| MD5 | 95673b0f968c0f55b32204361940d184 |
| SHA1 | 81e427d15a1a826b93e91c3d2fa65221c8ca9cff |
| SHA256 | 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd |
| SHA512 | 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92 |
C:\Users\Admin\Downloads\c.wnry
| MD5 | 383a85eab6ecda319bfddd82416fc6c2 |
| SHA1 | 2a9324e1d02c3e41582bf5370043d8afeb02ba6f |
| SHA256 | 079ce1041cbffe18ff62a2b4a33711eda40f680d0b1d3b551db47e39a6390b21 |
| SHA512 | c661e0b3c175d31b365362e52d7b152267a15d59517a4bcc493329be20b23d0e4eb62d1ba80bb96447eeaf91a6901f4b34bf173b4ab6f90d4111ea97c87c1252 |
C:\Users\Admin\Downloads\226611720294478.bat
| MD5 | c719f3a51e489e5c9fbb334ecbb45ede |
| SHA1 | 5b5585065dd339e1e46f9243d3fe3cb511dc5ce6 |
| SHA256 | c67348cacc707decd859789c8ed1e8afdb6eb8753d3941d0ee9ecba2f00500b7 |
| SHA512 | b2b0ea3a3701b5d689a5cbcc5c16721cf807304ca02375f33c5b507c1a00655917354e32f6e2b96c081125751498484c974c2d3eaa754d6074c9d55aec8c0164 |
C:\Users\Admin\Downloads\m.vbs
| MD5 | b067df716aac6db38d973d4ad1337b29 |
| SHA1 | 541edd1ca3047ca46fef38bd810e5f0f938b8ae2 |
| SHA256 | 3f7ded679522e917f30aacbfb7c688ef477d7886e722731c812dc486195e220f |
| SHA512 | 0cbc1b820abf13e225e7a7636ce1e336d758fa54a9ee6aa09dee7a9748a2cf890f45ba55a7a188b69972b396bac37ddb9a98ba202ff2e203b34a75e515c0759c |
C:\Users\Admin\Downloads\@[email protected]
| MD5 | f97d2e6f8d820dbd3b66f21137de4f09 |
| SHA1 | 596799b75b5d60aa9cd45646f68e9c0bd06df252 |
| SHA256 | 0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a |
| SHA512 | efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0 |
C:\Users\Admin\Downloads\@[email protected]
| MD5 | 51935976778a9ea704bd38e182230a21 |
| SHA1 | 9d683529481d3a783e40b27a10499f604e2fdb0d |
| SHA256 | f29cdb19c8f1f03f5b410bb351c8158f1d49b576b141f78dd8f419fc5362418b |
| SHA512 | aee40fb64d751f6ca45396c8574480d55aa41aa386584c16649aea81c769f016ee9a2e2d754adf875f83a9b32a8d57d42ad21c6cc17a8727140d2b90fda9df21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
| MD5 | d8097dd61f3461251158771654a7c70d |
| SHA1 | b6cd4353ebd0f2394db9b9d2ee8e4531adb2c114 |
| SHA256 | bb246a51bacde15ad255e8e47441fb7f77dd8a8c7d3ce35cf9751ae560e62d0a |
| SHA512 | 89e914f90d4b3da9c98baa93babf0a5425b1d0bd46a18e7a5a98d8ab6633f3d8c57cc8e5e3f17d353c30755ce0f01815f689c3fa05014e0372827056e094ddb5 |
C:\Users\Admin\Downloads\00000000.res
| MD5 | 7b83877f0e973a4a780c1fd6c2663d0d |
| SHA1 | d02dee56665aaf6b5a93eb3b1048b94005e45239 |
| SHA256 | f9a1aa3deeccb95fb080b1ca98ee5238104c113125d5028740dff24a24f9fd2b |
| SHA512 | 7f67f7aafc1d4481ab5cd0b3cfd566f60ffc1f87c52ca93516de7ce550d2db350c76a2b629a60175196136fd1767847175d95be27ec6b043c273c6d605db57a2 |
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
C:\Users\Admin\Downloads\TaskData\Tor\libssp-0.dll
| MD5 | 78581e243e2b41b17452da8d0b5b2a48 |
| SHA1 | eaefb59c31cf07e60a98af48c5348759586a61bb |
| SHA256 | f28caebe9bc6aa5a72635acb4f0e24500494e306d8e8b2279e7930981281683f |
| SHA512 | 332098113ce3f75cb20dc6e09f0d7ba03f13f5e26512d9f3bee3042c51fbb01a5e4426c5e9a5308f7f805b084efc94c28fc9426ce73ab8dfee16ab39b3efe02a |
C:\Users\Admin\Downloads\TaskData\Tor\SSLEAY32.dll
| MD5 | a12c2040f6fddd34e7acb42f18dd6bdc |
| SHA1 | d7db49f1a9870a4f52e1f31812938fdea89e9444 |
| SHA256 | bd70ba598316980833f78b05f7eeaef3e0f811a7c64196bf80901d155cb647c1 |
| SHA512 | fbe0970bcdfaa23af624daad9917a030d8f0b10d38d3e9c7808a9fbc02912ee9daed293dbdea87aa90dc74470bc9b89cb6f2fe002393ecda7b565307ffb7ec00 |
C:\Users\Admin\Downloads\TaskData\Tor\zlib1.dll
| MD5 | fb072e9f69afdb57179f59b512f828a4 |
| SHA1 | fe71b70173e46ee4e3796db9139f77dc32d2f846 |
| SHA256 | 66d653397cbb2dbb397eb8421218e2c126b359a3b0decc0f31e297df099e1383 |
| SHA512 | 9d157fece0dc18afe30097d9c4178ae147cc9d465a6f1d35778e1bff1efca4734dd096e95d35faea32da8d8b4560382338ba9c6c40f29047f1cc0954b27c64f8 |
C:\Users\Admin\Downloads\TaskData\Tor\LIBEAY32.dll
| MD5 | 6ed47014c3bb259874d673fb3eaedc85 |
| SHA1 | c9b29ba7e8a97729c46143cc59332d7a7e9c1ad8 |
| SHA256 | 58be53d5012b3f45c1ca6f4897bece4773efbe1ccbf0be460061c183ee14ca19 |
| SHA512 | 3bc462d21bc762f6eec3d23bb57e2baf532807ab8b46fab1fe38a841e5fde81ed446e5305a78ad0d513d85419e6ec8c4b54985da1d6b198acb793230aeecd93e |
C:\Users\Admin\Downloads\TaskData\Tor\libevent-2-0-5.dll
| MD5 | 90f50a285efa5dd9c7fddce786bdef25 |
| SHA1 | 54213da21542e11d656bb65db724105afe8be688 |
| SHA256 | 77a250e81fdaf9a075b1244a9434c30bf449012c9b647b265fa81a7b0db2513f |
| SHA512 | 746422be51031cfa44dd9a6f3569306c34bbe8abf9d2bd1df139d9c938d0cba095c0e05222fd08c8b6deaebef5d3f87569b08fb3261a2d123d983517fb9f43ae |
memory/1836-1666-0x00000000739C0000-0x00000000739E2000-memory.dmp
memory/1836-1663-0x0000000073C90000-0x0000000073D12000-memory.dmp
memory/1836-1665-0x0000000073930000-0x00000000739B2000-memory.dmp
memory/1836-1664-0x00000000739F0000-0x0000000073C0C000-memory.dmp
memory/1836-1667-0x00000000006B0000-0x00000000009AE000-memory.dmp
memory/1836-1712-0x0000000073C90000-0x0000000073D12000-memory.dmp
memory/1836-1717-0x0000000073930000-0x00000000739B2000-memory.dmp
memory/1836-1716-0x00000000739C0000-0x00000000739E2000-memory.dmp
memory/1836-1715-0x00000000739F0000-0x0000000073C0C000-memory.dmp
memory/1836-1714-0x0000000073C10000-0x0000000073C87000-memory.dmp
memory/1836-1713-0x0000000073D20000-0x0000000073D3C000-memory.dmp
memory/1836-1711-0x00000000006B0000-0x00000000009AE000-memory.dmp
memory/1836-1721-0x00000000006B0000-0x00000000009AE000-memory.dmp
memory/1836-1735-0x00000000006B0000-0x00000000009AE000-memory.dmp
memory/1836-1739-0x00000000739F0000-0x0000000073C0C000-memory.dmp
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 51e8b3f7c0c687f6483ebd44eeff8eda |
| SHA1 | f1a1203d2e163b50a7cb3aae554d0342e1a2cf35 |
| SHA256 | 663c504f12ca3d29cb12e0eb799124536771c10348900cba74865999b349829b |
| SHA512 | e6f7a19f760739acd4d86e660914e170f7b6d4798ba60b5c6da43d75cee3f5bac47404b05d867d530c9e8fff005ddaf04a10f3f69cf027c3ad9c079ff7487f2d |
memory/1836-1758-0x00000000006B0000-0x00000000009AE000-memory.dmp
memory/1836-1762-0x00000000739F0000-0x0000000073C0C000-memory.dmp
memory/1836-1805-0x00000000006B0000-0x00000000009AE000-memory.dmp
memory/1836-1815-0x00000000006B0000-0x00000000009AE000-memory.dmp
memory/1836-1825-0x00000000006B0000-0x00000000009AE000-memory.dmp
Analysis: behavioral26
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:42
Platform
win10v2004-20240704-en
Max time kernel
1752s
Max time network
1139s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pl_rsrc_italian.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.193.132.51.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:31
Platform
win10v2004-20240704-en
Max time kernel
1794s
Max time network
1801s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3368 wrote to memory of 2824 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3368 wrote to memory of 2824 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3368 wrote to memory of 2824 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2824 -ip 2824
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 612
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1040,i,2651612535745483053,7868876458147986089,262144 --variations-seed-version --mojo-platform-channel-handle=3868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4160,i,2651612535745483053,7868876458147986089,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.116.69.13.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:30
Platform
win10v2004-20240704-en
Max time kernel
1697s
Max time network
1157s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3644 wrote to memory of 4420 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3644 wrote to memory of 4420 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3644 wrote to memory of 4420 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4420 -ip 4420
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 624
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.116.69.13.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:44
Platform
win10v2004-20240704-en
Max time kernel
1660s
Max time network
1155s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pl_rsrc_japanese.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.239.69.13.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:44
Platform
win10v2004-20240704-en
Max time kernel
1716s
Max time network
1147s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pl_rsrc_korean.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:33
Platform
win10v2004-20240704-en
Max time kernel
1799s
Max time network
1802s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\ProcessGovernor.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\ProcessGovernor.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessGovernor.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessGovernor.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessGovernor.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessGovernor.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessGovernor.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessGovernor.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessGovernor.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessGovernor.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessGovernor.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessGovernor.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ProcessGovernor.exe
"C:\Users\Admin\AppData\Local\Temp\ProcessGovernor.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3668,i,4018838247141480194,10874272319406041522,262144 --variations-seed-version --mojo-platform-channel-handle=4112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5000,i,4018838247141480194,10874272319406041522,262144 --variations-seed-version --mojo-platform-channel-handle=1344 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:33
Platform
win10v2004-20240704-en
Max time kernel
1756s
Max time network
1143s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ProcessLassoLauncher.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1440 wrote to memory of 3344 | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLassoLauncher.exe | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe |
| PID 1440 wrote to memory of 3344 | N/A | C:\Users\Admin\AppData\Local\Temp\ProcessLassoLauncher.exe | C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\ProcessLassoLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\ProcessLassoLauncher.exe"
C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe
"C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe" "C:\Users\Admin\AppData\Local\Temp\ProcessLassoLauncher.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.162.46.104.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:33
Platform
win10v2004-20240704-en
Max time kernel
1679s
Max time network
1150s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pl_rsrc_bulgarian.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:52
Platform
win10v2004-20240704-en
Max time kernel
1704s
Max time network
1157s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pl_rsrc_russian.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:30
Platform
win10v2004-20240704-en
Max time kernel
1763s
Max time network
1134s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1228 wrote to memory of 404 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1228 wrote to memory of 404 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1228 wrote to memory of 404 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 404 -ip 404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 600
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:31
Platform
win10v2004-20240508-en
Max time kernel
1799s
Max time network
1579s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\CPUEater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\CPUEater.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Processes
C:\Users\Admin\AppData\Local\Temp\CPUEater.exe
"C:\Users\Admin\AppData\Local\Temp\CPUEater.exe"
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:33
Platform
win10v2004-20240704-en
Max time kernel
1736s
Max time network
1119s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\ThreadRacer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\ThreadRacer.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ThreadRacer.exe
"C:\Users\Admin\AppData\Local\Temp\ThreadRacer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 20:01
Platform
win10v2004-20240704-en
Max time kernel
1751s
Max time network
1140s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pl_rsrc_slovenian.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-06 19:00
Reported
2024-07-06 19:22
Platform
win10v2004-20240704-en
Max time kernel
1268s
Max time network
1273s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\processlassosetup64.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "231" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3642458265-1901903390-453309326-1000\{F6A63B67-014F-49C6-8315-1288574EAA89} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\processlassosetup64.exe
"C:\Users\Admin\AppData\Local\Temp\processlassosetup64.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd1b8446f8,0x7ffd1b844708,0x7ffd1b844718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,995034127502369903,17960882639943280994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="912.0.1773487849\887653861" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {931adad1-4e0c-468d-9fc3-f35ea9b2d81e} 912 "\\.\pipe\gecko-crash-server-pipe.912" 1836 1fc24c0c958 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="912.1.1618575362\1090854837" -parentBuildID 20230214051806 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70bc75f2-5488-4f3a-a253-8a1a34d47730} 912 "\\.\pipe\gecko-crash-server-pipe.912" 2400 1fc17d88d58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="912.2.1474303951\424337465" -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3136 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {311fa2f6-046d-499a-af04-2b18b2497340} 912 "\\.\pipe\gecko-crash-server-pipe.912" 3108 1fc275f5f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="912.3.1994452487\1312067526" -childID 2 -isForBrowser -prefsHandle 4188 -prefMapHandle 4184 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {048572b9-c5d1-40d2-9ea8-016386d280b0} 912 "\\.\pipe\gecko-crash-server-pipe.912" 4168 1fc29b41f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="912.4.751390104\1069253762" -childID 3 -isForBrowser -prefsHandle 4112 -prefMapHandle 4724 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdd079f3-b546-45bd-b53a-8e9bd8ecbb4a} 912 "\\.\pipe\gecko-crash-server-pipe.912" 5124 1fc2c338858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="912.5.2020419207\1329941027" -childID 4 -isForBrowser -prefsHandle 2908 -prefMapHandle 3024 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c7a78cc-8bce-4dba-bb4f-99476fc87a2f} 912 "\\.\pipe\gecko-crash-server-pipe.912" 2904 1fc17d3fd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="912.6.1748764176\705555073" -childID 5 -isForBrowser -prefsHandle 2840 -prefMapHandle 5356 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cf78755-a5ce-437c-8828-832236041c35} 912 "\\.\pipe\gecko-crash-server-pipe.912" 4724 1fc2c339a58 tab
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3910055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 95.101.129.203:443 | www.bing.com | tcp |
| GB | 95.101.129.203:443 | www.bing.com | tcp |
| GB | 95.101.129.203:443 | www.bing.com | tcp |
| GB | 95.101.129.203:443 | www.bing.com | tcp |
| GB | 95.101.129.203:443 | www.bing.com | tcp |
| GB | 95.101.129.203:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 13.107.21.200:443 | bing.com | tcp |
| US | 8.8.8.8:53 | 200.21.107.13.in-addr.arpa | udp |
| GB | 95.101.129.218:443 | th.bing.com | tcp |
| GB | 95.101.129.218:443 | th.bing.com | tcp |
| GB | 95.101.129.208:443 | th.bing.com | tcp |
| GB | 95.101.129.208:443 | th.bing.com | tcp |
| GB | 95.101.129.208:443 | th.bing.com | tcp |
| GB | 95.101.129.208:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 218.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | tcp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | tcp |
| NL | 40.126.32.72:443 | login.microsoftonline.com | tcp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 41.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 169.117.168.52.in-addr.arpa | udp |
| GB | 95.101.143.202:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 202.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.143.195:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 195.143.101.95.in-addr.arpa | udp |
| N/A | 127.0.0.1:52672 | tcp | |
| N/A | 127.0.0.1:52678 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 44.238.192.228:443 | shavar.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsiA838.tmp\LangDLL.dll
| MD5 | 68b287f4067ba013e34a1339afdb1ea8 |
| SHA1 | 45ad585b3cc8e5a6af7b68f5d8269c97992130b3 |
| SHA256 | 18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026 |
| SHA512 | 06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 06b496d28461d5c01fc81bc2be6a9978 |
| SHA1 | 36e7a9d9c7a924d5bb448d68038c7fe5e6cbf5aa |
| SHA256 | e4a2d1395627095b0fa55e977e527ccb5b71dff3cd2d138df498f50f9f5ab507 |
| SHA512 | 6488a807c978d38d65010583c1e5582548ab8102ebd68ee827e603c9bdfcdbb9f98a488d31414a829409f6edca8bd2eb4aadd4ff31b144de41249fa63a26bc91 |
\??\pipe\LOCAL\crashpad_1612_FUGZJXUVNJYEUKUN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 68403ec94b22893d903bf430707be9d0 |
| SHA1 | f66caada7f89268f3a3f285e826da7a1d52e78cd |
| SHA256 | 7f6cb3012b316d03146d38c2a6bf7b97b9a50ef880554b7800bcba059972d7c1 |
| SHA512 | 7f12065e3b464e722452a9c1b9f7a1f13e8e4f699cea3bb291e21903006a91bbe908d2184747ac32772ae69f39c9b0497b73f326fe95333371d35f86ff8f8d64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fe198cbc6446ecd8463f3e1e3dd6ed5e |
| SHA1 | 66b0e6a94b1c5c55d153c666a3a60074955d8473 |
| SHA256 | 9f4c9d44f370e698d1e01efc701104dff4c0a9be054147c936685519d3fd9fab |
| SHA512 | 19d699867175a22e4dbc1d614f701fa16b1084b4ff2a801c063e247e47cdc3aae113be63b2a58970079542bf64f06cf3940970d527a6d3f98574e12018765d6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 96c86e53409385382360d4c74f190f90 |
| SHA1 | 270a839586db283cdcfb45b95282464681e093eb |
| SHA256 | 2ab7dc9e823dc27d67433f9c4cc6edad07c59077d7ec22a8813dfa924b1c1ad3 |
| SHA512 | 132b59314e9293245d7139858157a9a969db9554e0f048954374a39b9d36df315a0052ba79ee88f1af7dc06c783050918105c08eff2e9178d2d07e569467f9e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5653e764464a1e4ef798311ed945d0f2 |
| SHA1 | 19c1f3c2f63fd8e07f8931df417d1dc03aac7e26 |
| SHA256 | 8c73b05480cadbc851be828d2df18592f47a779acd78eb6182240742d390c2bf |
| SHA512 | a57332dfc7f11ca7503e713c61f354323f2bee2094a42f5c7766bbc911005da63e8df58c99b438f2a03fa1aab048f7f4e55c12e3110a04cc515d57f5bf968417 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590565.TMP
| MD5 | 101c6ed48a72e61e93e8e85a69ef3434 |
| SHA1 | 47de831cb870d0c2e0bf508869e3cc9e321c46db |
| SHA256 | 9c84f9335b65af56c6e519d22207ae425c8343b4b99cd7302e3021fb4ecc9ff7 |
| SHA512 | 0ce465f1e9c3585c34c937a2b6173a26b15db594c0d7c885a7973f7cc9d7b79a8d46c4f62c918199fc5395b9e5473f9e1a8d3dc1c21a18f5eede79805ccd45fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1c2d2d59fd789308ccd1ced6f8f0ec5e |
| SHA1 | f0870d4060f3982a14f34164847da43166560708 |
| SHA256 | b68d38664ea1d2c642f60386745db09873fb380fd4b7bbe43f1dbdd6dfd263ce |
| SHA512 | 18b15a0c080d78b43adce7cfc0065924295403178aea8d4a9db9098ff3d5ca8660445dc7f2dd8e440a92c1d3138a621848617d5558892dae6de175477c2a6b65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 40b3338e05f4a2a0f1c8504d563fc78a |
| SHA1 | 6e4e629a96b7fe0b602366c91a0391add7bb9775 |
| SHA256 | d71607856cb3556c83cb579efeb24bc6c72be6f1f181fcc907555e41b7e0a687 |
| SHA512 | 2969d5023aa05de539739f8536294feeba1c29263ea973bfa436794a8c8fe93b94687f0eb8a049144fada59e38a193315057441a2fdbe433daaab63d0096cff3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1eefb1e1f16848d3ab24938d2a1705c6 |
| SHA1 | 422f958eaddb8f0989cb964e5fc73386be9aa3c0 |
| SHA256 | 536808de4a51e32ae9adcc286e5ef45261186879310ff437ce92eeef8f57971b |
| SHA512 | cfc49907184c44ebdce3ce4bb6bd614b506ad54088734acec09e4e1ff9709deb9f79d4b1f9f146eb166613f085a81561cc4a2f651b071c5478ec67fe9078ba6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 966b9a3b18d48d23a2122dd259ba982e |
| SHA1 | d84bc24718869fd30290bb53be1a482be30b5016 |
| SHA256 | 5f37a4a3a98628a4064ba83bb0508ea56d0e058f7dca74db012e74237d4336bb |
| SHA512 | 1cd0c8495f6c1c623db190625f022165c605183717ad4bad5c848917993971af30f21a7e1fa105c429974b6729be69ef270d1fda305adeb309e11ecc614c1551 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f55d0b37c3917acc14c8c299d4dd0f42 |
| SHA1 | ae2e928bb5c02bba25ca6a39790f6a6ce24ade8f |
| SHA256 | e52dd123622eb91659d9024fedde8949f8352b83aff3ccfcabd3dc1a70aefdcd |
| SHA512 | b44ddac708c7c9bee3bb36fddfc2350c399669de2eb21fef34296e09133a63f0b385bd0a5b1e8ebdf906e38d81d8e2f46cdee452c4bc0033df02fd8b808a7645 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b44d06b1ee4d4b57ebed65a41124f13a |
| SHA1 | 76e5ca701479fb0a06fa790bf6b775235f1aba62 |
| SHA256 | 68b4c31765083bc9cd5f3ed828292db7dff2457f5f8f8ac7496a3b7696165c6a |
| SHA512 | db0781b08367e1fc576b8bba4993a7b8236b1e41d84e974a7e4d926c4115bc5a2fd04cede2785d6f3e7a95973cf732506fd7ed2a8670bbf88e89eec8c71e3e84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2bd680f5da191a24eda515b7e724e1bf |
| SHA1 | ca5927d50aac5cc5321e0c88d6a2c96f7a613ba0 |
| SHA256 | 293645e26cbad7cbb0b56092a1c87ce142542f828826e1a9357ec13eb704b904 |
| SHA512 | ca6815d2530858d36093829a951ca9d59e375c215d8f090898f6c915fccf3c7cb266b5f145f71a9bb71c9b3528d13b234172645d63ad5045511d570772107fe0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 91be22c6be35ddafb65432436a75497b |
| SHA1 | 652aa629363597141a19e0b65befa2026cbc9140 |
| SHA256 | 3903359f7fb49eb036391426dbc590678a097beb34f3f1ce395fd4990286f144 |
| SHA512 | d8503964b955104de70206084a4ca3d1a25b31a6044d500da3e9521436890ff2272f94396226ca15dfec13157ee69d0546d38f4d3b3a7b3651cabebb1e2443d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | de1d175f3af722d1feb1c205f4e92d1e |
| SHA1 | 019cf8527a9b94bd0b35418bf7be8348be5a1c39 |
| SHA256 | 1b99cae942ebf99c31795fa279d51b1a2379ca0af7b27bd3c58ea6c78a033924 |
| SHA512 | f0dcd08afd3c6a761cc1afa2846ec23fb5438d6127ebd535a754498debabd0b1ebd04858d1b98be92faf14b512f982b1f3dcbb702860e96877eb835f763f9734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a675171456f0296d282aac4d70715acb |
| SHA1 | 4899d226040c995cca63518c4859d1104e63bdd6 |
| SHA256 | a830963fc34acfdba200d0f084c9f43ffcebbaf3b8823ac123f52ec4ea8f4859 |
| SHA512 | 7088208ac67a1b0f8ab3f54327413ff368d8088afb32043b5eb3e4658a19d27c1046ec986c3ef5a6ac8787e56cd1afad3868ff6559da5c7ebbad9414c24e033b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | df544cc91f7bf0afb35087fc636fc539 |
| SHA1 | a43b66f24995eb6263b13f711d7fb2307a59524c |
| SHA256 | f120fcbc39cd380725f8b8c86dd0e904758ab896d098829a55fc8b9b02b85002 |
| SHA512 | dd57dce5574d782727969567446ab11c691d9ccaa248e9082a45afbad12cc38f786ff0a89e8c060e4a2dfe440212e95980cfe03126a35723aa04c2cab697a37d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fc54cefb9acdb919e2e85e34d134c3db |
| SHA1 | fc2915c09b8fedb2ca1477deea77ccb9788a2f32 |
| SHA256 | a661cb5e951597d6971bcf6fc5a43c050b1935cddfbe77306be2bfbf39bb3f7e |
| SHA512 | 501d5fd6e8245e346c701141c30ac66079e60a7d76db887c22d4c16e333a8dfec60661384076e547344326799fc63c2b29d2d68f949325d0216c196c3b2591fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 86bc1a992156631e165ae8e6a4e714ec |
| SHA1 | 7485340ab9a7f7e86c0cfd7479353a137a7ce8e0 |
| SHA256 | 3863335338ca0ca9937a7975e9fa0d6f3808d6d5f54938d4e9fa92acf478ad0b |
| SHA512 | 4d573d86a6dbf692a91790d3286d2e13e8b7af89e35df478dd251fd51f9d70918a3d11772f6aa736f4db29ab7513f84de78b37cd91ad189a8614cdc388ba1729 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kmthw6b9.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 411b15eff4b8b9d4e370f32b2b28f42a |
| SHA1 | 0bdfc2fe1c461713fdc8e516716bf74dd8a2163c |
| SHA256 | b4c30a92849957d8dcf35253ae035eb8c9b8f6a5b512a1dea9b1b6fd88484a0d |
| SHA512 | a4474696eba1a702b2f66953ad184fe8d6e71bee6c857c2ef1679297c0d21a3ba6a79719aef49859db04ae7b431e91ff013f135dd34939adb4e6749d28520b4e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kmthw6b9.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | d0b8a4046ee32cdd5f42ee1fe73ff5da |
| SHA1 | 0f05c8eb50bda186c7646e118929d873e7c30212 |
| SHA256 | 9394d17d1b00fbfe95c600559b1bf9cd3e20d53f3b371dee98ff3ddee657511d |
| SHA512 | 99b9e00e2d6c0b72b93bdba5d4a6098fe97ebc6aa4c8b36d09a1d19bbe4e5a8de09c8fa741d575385ab9e33269c73b9610d667d72913d8e1dcbad1b122c26390 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kmthw6b9.default-release\prefs-1.js
| MD5 | ee9a860db0f3afbab1dab2592ff635b2 |
| SHA1 | cf57399b854804fca3963e492468e65caddf948e |
| SHA256 | b78c88303b560d8e4b2f865c75088bdb4d3a9dbff21d900eb1b1a2cb3a4be8db |
| SHA512 | 281f40acc2931d2ffddb5cbcf7c58b94a9748b7c74093a563c9b3302a200afbbc2c85b81cab0486982325d909bbc1b340b7b185500bc2ddf9d80def1d58d8880 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kmthw6b9.default-release\sessionstore.jsonlz4
| MD5 | 0b1feea5efc3901a4c843e3a74cc1bc8 |
| SHA1 | b32755f348943e4a157580e6830bc8d74e2079cf |
| SHA256 | 7c250db545a897a9c5b7f91e86dcdcde3972ac1acb8cff8d2666243d5e9ddd0f |
| SHA512 | 0ef50227f3c03d5b964ddf60c3f3ab125f8ecd997c289986441b0c9c8d39004347b419e99ec5b0c5b622b9bff2e74fdfb7b707d833c5908da3dce39636e39b20 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kmthw6b9.default-release\prefs-1.js
| MD5 | 9739a8df727a77a86f8fd4e2cb40c1e1 |
| SHA1 | 5de7a96cef145d0c956946ca5bbdb3e2f40fd853 |
| SHA256 | d7c390c4ac09758c5d822f9592da5d21dd802402fbe1c3983b56a460068e5484 |
| SHA512 | 4940ae60607569e2a9d2f868f6740dd8da16f83dc19cd79472a7ef208262eea681dd8a750080f4e5c86a9391491ad4d3b4f9a875a95e96a3f2215595df3e7d5a |