8d83a0e36057dd1d65a54dea417afccf11009f0ace2738f387f8de611fb262bf

Resubmissions

08/07/2024, 04:59

240708-fmp46avhld 9

08/07/2024, 04:49

240708-ffygysvfna 10

08/07/2024, 04:34

240708-e64k8avcle 6

Analysis

max time kernel
257s
max time network
260s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
08/07/2024, 04:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.js
Size

80KB
MD5

2a1b218812d4f6422434d97169e514a3
SHA1

a6e870ba7b5c9f330c15f3d8a212bba3fa324dc2
SHA256

8d83a0e36057dd1d65a54dea417afccf11009f0ace2738f387f8de611fb262bf
SHA512

6ad15e153dd887a76b8b5badf7869c13887f71a486983684f0e91299cbd6a9a34f6c5b0458f7c9ecfa4d02d76f9c758b856cb0c0894d0fe8e93ef3e330fbc705
SSDEEP

1536:I60JFL5SwNiecv6Q5hNFZuSuWtWWxcIBje/6apKjpcXW+NaE3qGksAG6ZJsnfJeH:H0JFL8wk6VIBje/6apKjpcXW+NaE3qGk

Score

6^/10

execution

Malware Config

Signatures

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
9	ip-api.com

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133648868960928906"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2608496357-2693146533-2740208290-1000\{5F6AE7F4-2BF0-423E-AF76-ABCFDDAA37CA}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 4 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\lua51.dll\:Zone.Identifier:$DATA	compiler.exe
File created	C:\Users\Admin\AppData\Local\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\ODAz.exe\:Zone.Identifier:$DATA	compiler.exe
File opened for modification	C:\Users\Admin\Downloads\Solara.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Solara (1).zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
3800	chrome.exe
3800	chrome.exe
1008	msedge.exe
1008	msedge.exe
772	msedge.exe
772	msedge.exe
3368	msedge.exe
3368	msedge.exe
4028	identity_helper.exe
4028	identity_helper.exe
4780	msedge.exe
4780	msedge.exe
4036	chrome.exe
4036	chrome.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
2232	msedge.exe
2232	msedge.exe
3060	msedge.exe
3060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4784	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 1616	4660	chrome.exe	83
PID 4660 wrote to memory of 1616	4660	chrome.exe	83
PID 3800 wrote to memory of 1736	3800	chrome.exe	85
PID 3800 wrote to memory of 1736	3800	chrome.exe	85
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 4928	3800	chrome.exe	86
PID 3800 wrote to memory of 3796	3800	chrome.exe	87
PID 3800 wrote to memory of 3796	3800	chrome.exe	87
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88
PID 3800 wrote to memory of 4696	3800	chrome.exe	88

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js
1⤵
PID:2496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0x90,0x10c,0x7ffa417eab58,0x7ffa417eab68,0x7ffa417eab78
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1832,i,16149946093125829659,6047449030847279977,131072 /prefetch:2
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1832,i,16149946093125829659,6047449030847279977,131072 /prefetch:8
  2⤵
  PID:3348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa417eab58,0x7ffa417eab68,0x7ffa417eab78
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1776,i,11356094877786148585,17426406060882654608,131072 /prefetch:2
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1776,i,11356094877786148585,17426406060882654608,131072 /prefetch:8
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1776,i,11356094877786148585,17426406060882654608,131072 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1776,i,11356094877786148585,17426406060882654608,131072 /prefetch:1
  2⤵
  PID:248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1776,i,11356094877786148585,17426406060882654608,131072 /prefetch:1
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4328 --field-trial-handle=1776,i,11356094877786148585,17426406060882654608,131072 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1776,i,11356094877786148585,17426406060882654608,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1776,i,11356094877786148585,17426406060882654608,131072 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1776,i,11356094877786148585,17426406060882654608,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3464 --field-trial-handle=1776,i,11356094877786148585,17426406060882654608,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1776,i,11356094877786148585,17426406060882654608,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4036

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa41693cb8,0x7ffa41693cc8,0x7ffa41693cd8
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3288 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4048 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5516 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6948 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,9095624711917870429,2502468715054345641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3996

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4620

C:\Users\Admin\Downloads\Solara\compiler.exe
"C:\Users\Admin\Downloads\Solara\compiler.exe"
1⤵
PID:4216

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Solara\Launcher.bat" "
1⤵
PID:2164
- C:\Users\Admin\Downloads\Solara\compiler.exe
  compiler.exe config
  2⤵
  - NTFS ADS
  PID:4716

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
3fe30bb6b6ec4a5a6e5d9e125499218c

SHA1
89a6333d5ac64bde1f386eee5f96c712b6eb553e

SHA256
14bd3e90e1b84b7f423a284a096701213cbb0e7d6997845c714fb0ed0f7773b8

SHA512
5f1a95d8b986782ed3734be532b47f6653b5baf135f96f8c67b66afb1aa0979cd0b62a327803661c052bb60e3cacd1963c1b9fba6ad545d3a16d9b7b27d5986d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
4d9a2a624fce5ded320a60fec9b7fbd1

SHA1
7b3b5ec1f6df7dfa70e806989a53ecc75a96c7c0

SHA256
aa496f6e7dc9b3da507dced6917c91f326705290951714accf4e75b528c38c2a

SHA512
0ee7f5b93388eeded11b9df2e44d8c95fe335baabf6275b047c634e4932a65586603e10fc70ac0d577dfc7ef3f176a14b1db32a7e76b0f99b1cb7d3055db9c36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b722205faee4d987cc2423650bdc0b64

SHA1
af3f89a7f7ce3053531d871eeecf827b4f4c0542

SHA256
8765074eab008e7a3ad559a0b4a212ce4b578cdbe7d80dbf31c79a813a4f825a

SHA512
9067e36a067c11d6e56c9e580cfa26d30e8dac21c5ca88a12dcdef8a9dbbdca626eab6922cdc7b6a35f3d01a2589de14a6972c93ffd344b30d53fdfdd76509be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
da1716a557fec542cfb1710d234c897f

SHA1
5ac22ab4e4d38bf859de51224bed05167882055d

SHA256
af0305a8252a0a95bd4c36bd79d53a012393bc000be5507682d9034d3fc00eb7

SHA512
21de0a7e4098e5d5ce09dd66bdced59bbf6aae8758d90dfea6d4c22d989562ab823a7eee2eee185c2df38b134904f617662ae004e9c6f40b79244a70127c5a05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a315e6bc966619c9576c0deac5806975

SHA1
724ba376fc0fbb860e139f7b1a9811fd3167e996

SHA256
1f2611b93ae453df312f0cb2ed166741fb3dc74089350dac8f1c3232a7703010

SHA512
7bb08b91bedfc85aebc03a5d80997461e96b8ee3f54097e6577687e15d333853c0f1c0b89924fe51036f057308a5650775bd114927b9efa7e4b8e3b08ac3cdff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bc5e686164876df7d12f095a73abae81

SHA1
030f4ca3bc954287a0790239ff034f41b4a6375b

SHA256
3705b910d4aed28f4e3dcc09bfb522dd0ae772ac78c51150f0e451bceb9b3514

SHA512
e5944a21296951d509369ab60c2ce23550a69376235795170f249eab3f0a78cb3b0c825b70c2cf159c2dda1bc97d44b78e6f28835fcb0be1717625c86ec1a165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7b718962ebb637f4ef05a34aabcc65f3

SHA1
9ab91a3e6bc783bc136aa4b761b5d2ce8af02965

SHA256
8206eb3d449df6bda224c47aff65062c44c60705585f5434d20cf57dba1f01dd

SHA512
33ae05f948d2c978342602dd3c2d2806679a0daf339ee34dec4b695a75903b9c9cb88686d8d8d37c8e811e58d9fc7e090e8c8565a36f5e1ff0ae4b0b4ca82aa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7ecd9630de92923903a13c46699f6f5a

SHA1
49f3c16b2a8651dd1d7702f9921a1068cd4612e1

SHA256
e7950acdfcb914ed3bc9709b951b9ea95444ca5cb7b8b24b5ec094d8e2ec545c

SHA512
6baa695f8d2135373a3424daea54182622e0a570a2536aaf50718c0a75e9ec7c791983b45a6b28ce814cf8c2b22c02202435aaf613e0b5cc02d4fae8b2719489

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
482e95737ccd9e3f0f1f5bdea56a915d

SHA1
04690f93331a2fae94e883b8cc69f57757c05e8d

SHA256
019910d7298cb667c987791d6fd51d88074ab14755090562c545b57500cd5202

SHA512
f52f847c78c81a71913c93fa88c8f09a0e632ed752ffaa76980c3452d6f72547bf6af69e2545df42a27962766e73c573c750efb0b6da516067dd2f0190c11998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
e739fa4681a9164fae60721488bfaf09

SHA1
bdbd02abce9f729988ae7a2aefcc55e57e7fe55a

SHA256
42f560824c5c439b03a621ac33a1dc6f8435700504ba8c89b3e610c54d1de762

SHA512
c29a400dc99246933183143b0f611d49b13a5384ab8b16cf079b055b7b8d1ed3bb1463746f5408d97f0651aee3454a74f31ff7818f8cebf747867300cd919c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
97580d17dae94ce747645573361878d4

SHA1
4c8ba806db8b87616c59d0e939332076004996fe

SHA256
802aa65d3b3ec9b5f4845e989700c8b1983b891266030040418ceacc39b6b7f1

SHA512
f388f912efa4030ef32817d738ca225eb2bfed81120e58a968b1fd1578878b2a70d074339599a8fb386963cd58341d111234c4fac89617498ce6fbfcdeafcb5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
93650f2f5afb3201ac476b9c0759be88

SHA1
873d4e4e2922cf3484d5002435db8e26e51b27e3

SHA256
118621fff920f1774c79f26ba9234d1e7002e1ba64cb65344d56aadab8598666

SHA512
10a581af32f93fdffd902dbaf110c6fa6848f5d7489befdab2da3386d215d4c0c3d4b6702fa9d2409ff699e8a458f29d1ce4dd31f4a3e5c6a45db8a1c69c1d0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dd3589b97978441d244d4e821fd239da

SHA1
63286c2b1fc75939d6ad4e1176901b5c7dc58143

SHA256
6ddace977f58c209176969a77634f8a7cdcaf6f1a550cdbc056674b2b538a5f9

SHA512
6a6a16c168445ee2511c363b31faae8bdd851259ccbdcdd8e93584dc076e1bd688891e5804479a1313019428387207b7a2ba23fe854c53ac86467c730c25b4c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
be6d8a5227798b38c33128c43f9febf0

SHA1
b5db7c6a1593f45c75ebb6a81e57628d11fcb892

SHA256
7eaf875fc88b9d5125a56f088e3f676d1762503427fb6b94dbe0eaef71c23234

SHA512
e34ec91b098f08c06754d1e873acfa7773e696dcd2f7be1b2cfe83962944cdbc59703511341d95ed8e5e0aea8f28c9d7b7b497cec719e7a771e6b5e5f6c28368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
37KB

MD5
f31a1ab9f483d9db21349522e39dd16e

SHA1
01a275d7fc1c4f578fa506c8e0bf9b7787dd4806

SHA256
463800c9ec072ae72a4f6fdc1f2f779c792cb7ceb6f57c7d1231eabefad2bd9d

SHA512
cab9bf13c36b854bef939e1d09c8d896caf1d7c20f6948f70f27eaf2869e49c8b9be728b4c95926ba869a987516a79d3193d416b0582b7570a58269c8caa7603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
20KB

MD5
628ba8d31375849e0943894669cd033c

SHA1
4fa6d50a37fa2dadec892474d3e713ef9de2d8a1

SHA256
80e3440c312f921afe33a7d4a3d11d1d2dc7162f8f50b748b796f424441d10d6

SHA512
d4406493dc8767c479460f3039b038866549feebf392280384da08adbcad2e871720d046220cb67ebe3ab75c14e06a31df2fa7c0f2c17f91eda26ba0a709d27f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
82KB

MD5
8b36b954e5a8947dedbc720664fbccb7

SHA1
0310a60a8bbd7ac385b6e94aec8dee9aa05a6d24

SHA256
069b3e224154172e3c385b5ebbdde887253d596776b74b9fb2a326b875fb718e

SHA512
c2827251585fbb5e24bc38ef58822e8892d952c6e2a90743453502254550384cfcc9789858d66706c86f51c483fc28c23c796ba6285747689940460402b30f29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
37KB

MD5
669b1563b95fce26d9ddc3c7e9bdc538

SHA1
275e4ae2606a0da908003b77ea06b24ea8b66214

SHA256
d46765072d87d9892a0f6f8f9849eafe0abecee9d662e99f8b45d8c5b22ac667

SHA512
09e066f5a1974927b2cb607a8b953f2732928c7347f65cdfcdb573170840562de6eae091a61108827b3ae0799c16bfbd41d858ee1a8bc57d9bb1fac814438302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
26KB

MD5
d7ff26e78ea2a2e4caf35ba779aeb43d

SHA1
2f023ba26ef838fc038851728cec296e7b00b936

SHA256
eafb740ac39eadc1d188c34eed6c0e56c75eed1ef8b273806b21f110420e483d

SHA512
a6073702a4b558e5ef867a7967538b0c6600f763a52ec9bb76f920819ae759de9e7296177c41bee4c3309f4add8403a276fdaa32ae84aab897ca6608bf824b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
20KB

MD5
0f3de113dc536643a187f641efae47f4

SHA1
729e48891d13fb7581697f5fee8175f60519615e

SHA256
9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

SHA512
8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
53KB

MD5
8fcb818bc23425964d10ac53464bf075

SHA1
396f40d25a7d38eed9730d97177cd0362f5af5d7

SHA256
8b56333cda4211c50ada778d598348b8a846d557ed9117d8b265e004db31e9f7

SHA512
6ec7588257bd1261f9b2876c3aa57fba2b6bdc33a2a68830c8d8d539f449c552cf6923a5e8afb5e665d12cad253a10d68ad665d9eb74ff8250c6daf2f61e6da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
56KB

MD5
f817e737bd803df8a4f12c1937ab0d51

SHA1
24e172cdf9d4b77b0cb4c271aed4a7c9eba98fc9

SHA256
17b0202476b336c41e4108aa245ac863c3e19ef8c5e430fe112a0900f0a18802

SHA512
d417d62e0fdcdfa883d4ffb317546e7ac5258aac538cbfad4eb111b134839750a65c55b5230507ff6912ffd272c0eb6317bcdd95c38cfb81c63b8e85b1359346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
132KB

MD5
01088b35a7144b96e1c65db9ecf5aeab

SHA1
3d5b4a4fafdc3867adca4a4a640d6296bba06f82

SHA256
66616d0b8be2030b1f40d1da2a80bdf930172335226111b7965a4480bb584f1f

SHA512
bf639e6539792c3ebab0ddb646b795a1cb14e4359fe97726db69ba2e082debdb920c15d5eb96a552613ead61ee4320de0331c02aaba3f14dd83956cc7affba89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
21KB

MD5
8680ad8cc782b74ee7a15f0a042c76f1

SHA1
ec430c456dedd9a2360703a826491fcd69f6dd8b

SHA256
af745264049ea73c66c1dc7783e59fcfe94c0506337867380ae638e694cfe5e7

SHA512
7869afe9f737bc31a9c33b03014f4d5239cc48a798deabc0fdc835fd6736a99b17d181e57866ac960bbdb0d1e3e8610cf97bb01762435d8808ca56f1e74dc2be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
117KB

MD5
d104800ae22fc15a7e4589572b14fc7f

SHA1
d1acf6b4082069dc6638f26f319a8537d86c739d

SHA256
47b6364225faf1adb1f8e00bf0dc9e87c9cdfcdf1eaad83e09c73d7893414761

SHA512
5f0a3d5f98c2c521e5a1f06d445050d44d0f29bce2656621d7dda56eeba564a7be726e4c4fe47323cbf9f2b2a6857a4d9d0b1f4ff5423f9d84a873c610763866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
45KB

MD5
30a274cd01b6eeb0b082c918b0697f1e

SHA1
393311bde26b99a4ad935fa55bad1dce7994388b

SHA256
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

SHA512
c02c5894dfb5fbf47db7e9eda5e0843c02e667b32e6c6844262dd5ded92dd95cc72830a336450781167bd21fbfad35d8e74943c2817baac1e4ca34eaad317777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fa57570c1c2f6258d7ec7b4938b2a82a

SHA1
423d905e4c70c8a9d8daaea17b779d70fe1dd1dc

SHA256
727d633a4ffb7740866192bd564b386084f554bf201b819331ec9ee7f72fca64

SHA512
b493f8667be806e0ebe9c8d488b01c1a1941a10acf242a99d1ebba1aa1632be52af99bc9d2fe806e35c35e7bcf1cb525695e950924aec02915002e519050f376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3e1bba96ee90e173ef2358ea242caef9

SHA1
a4ca81d9ffe162ad84707dd2c17d06e76aa11f92

SHA256
c714e7029c8721708c52488d949e4d8d9c8f79fcffe64cb59cf70f3ee4fae658

SHA512
63f8258ba0162fc1ea8ba8fbd8be3ab8b9dcc8301cd367c4c3948c5f31f4fcc60a263d2a416c7c4fa534fd6c7aaf5057719fae17a8425c7a6f0e9b66a2a9a7a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
23da1e96646ccf018ba9eeb1484d1eaa

SHA1
9c1df34fc39121f322fb40f0ac34cfd9a214f06f

SHA256
b212de38e376cb11af3604cbe698cb6fc5ae849a498024a470a081d3033a71f6

SHA512
76bd9a45febb91e646524a05b1554b508ec65c734e632719f3a2fe0050eeaceca3dab00b183d37bca90487686397725d5da601b96773bd6cbedb37f25d9ea0af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2486bc67c6b1b332f65ec4e0419657da

SHA1
ab111b3f5282878399c80ac19abca8cc96c4720a

SHA256
946f47be28037df4c8e26d2c10859485e0b28b608d4fca20f12712d9e06836a7

SHA512
d039d08c56b71a2e4396cccc4ecb3c5075ad7143ddc6a20ceba7462416c06a39e1b15c5bc5a325859cad3884860f5796fbc84eb4b2bed328e4c4c5f243830807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6d26d99e1068f38907da0b4392305ca9

SHA1
c90a89cde281946edf59a07e05a2593e679db69b

SHA256
3088bdc9b8b66e79d7b05001e0cf6f6ee8f9374adf1de26f2e4f61836a4c723d

SHA512
ee3559531c10e83cdb8b4ceeeefa58814adbad147fabe2034aeeb47e9fbe600b0dd21cdd1fbe9226c64cf17e220159e9ffae187abb595f977cc09567c2d0e625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab11362b2f38c15910dad6efd002f864

SHA1
84e4ccd6debd0feb515c8567783e7cc3044e4963

SHA256
6c8d75d2bd899653631c9da9cf4196671705742ee320958475c118d8b59da3b6

SHA512
2afee4a649c4ccf0da76b0e6066635133083cd7f28e5e5e86bb99b8a84606ddd8129b16d5b9b99694a5cad62ad016346c96075d573aebc3e79310c771f4937b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e374304aa56c0a38e527e523ac99451

SHA1
d996df77e9ee34a27fb980d9b04f2d05099768ee

SHA256
9a7750dbcbcd52be8d6b872dd07bbd611d68eea17b127ba88f7e4e6403329e26

SHA512
71eb5a6ba3aca0b84bf6805b499520b2f0216fefa07d7456f9b0bcb7f16fe049b16a48086668d72cdd0e2442645ffdbb6457610f7465e263031d6ae67b765443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0bfe4d3e3e2a97818c2d4c28298507b3

SHA1
e9936fd175a4b12d856132d849906fc3ffc5ca15

SHA256
d5cabf806992a8e7fd2e08f01b991df59a122470c36460d92679f81f16b7d55c

SHA512
64d1c69922be87d88da80320d62c2d25afafdcebf00ed451cbab022c9d17e139b832803509cd8ee2b3395b220771a80ccf85a26d7c39068f930e18476cc71cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c370b5e32e76af67029610536eaaf21a

SHA1
f74fb8c823b96c460ef408d45938c52e31a67b2d

SHA256
5d8cbb07111d5da2e706aa2bfb108db67b99a6e84d115024d75494e16340ebad

SHA512
235a4e1c141fb027b9d95b69d0feb9c84f9f6aae1317694050322527f7ca9f948a6da33b4ceb1d699dbe28e8728ebd568eda2599ec2eda2c816a521bc3082f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
91203d1253c4ead0df71cd3c8ee1b98d

SHA1
ed9c2dfe23fe1946d910ae0348f0329ad006b608

SHA256
ed25f7de44b04efd07f534095c7c21982edf0e19fb06def4195e7b928f2ee612

SHA512
1fcbc39901f57aed6c0770dfb15ccdb8b483ce95c4af7b5cf072cc0ab0a9c5c7a4aaae82305c54675d5f5c8daa5523232602ec86d02fbb9246e0335efbde77b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5fe8fabf94ca7af99852799f51082f1f

SHA1
60497943ac13ee1253c82e70f739e88396b07da8

SHA256
19a64d8c73093765bbf658c7e389935d02259fe9b3d3ade656d2dc00fa7ed3db

SHA512
945ce910e98e74f885562362e85e8464e1e480adbc6d889acc0c29069108f35c88f4e719de984abfaca74ccc8816076591cc493ccbdc5f60bf8ef83a1b28cd26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e380b27c654dc5726d99a01ee4eccda5

SHA1
4a36dbc7d40303d1d10a1313e14618efa1ecb244

SHA256
096593aa3c3c7045f27a16fd17258bdd0bd36f434e2d24f1e201d12a0a90ae3f

SHA512
38cd79f9ca79bf3df7e6c9f68ce91e8ea05300905a98f25b7585767beaec3d9d4819a0a110605a074961a7ba3f130f589a73c49f6c27733acfe272c84d72a9b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bdb6943c563190a56fc9a3737aa34f4b

SHA1
c9203d37088a8ecd7a4bdf463feb73a7c3495909

SHA256
22837336f3a1a6501fe8677230c23ec247b40eaf7ca71a9bdffe7b0de3955ea9

SHA512
5cfb6772a3feed3658de31f08ffba96887ecbbc148bb6bf50480145ed1dabcbc4b251ad3f6d79bbd1cc356f5148481db8bee69019f13ea8dcd30094760152a45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
99f87e637e0b4191aee790c9fc142b93

SHA1
21dfb54603dcca88954870f6cc33bd95522a7f5f

SHA256
e1542eb0acf918975ead36aa8bb9784dd6e1f7027012e4ad712e5ebe815398ed

SHA512
7845d53f1cd62a2f8d838c8c11843ab08a0c32d2a3942381442bae1ed8b83b85a398073b5b06a734e27aeb57939f4754a8abaf77929559aa3472471a71f9cb7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ad45533f41e66b66143a5432df4a54fe

SHA1
3ad2820d75f64610bcf608c69b237041885b5420

SHA256
d943b06bfa5230cf4347ee5149914a1cc473309004f7dd2557a2ce74cfe70311

SHA512
46a8ef9ac24557593c132be4564b2170d53b2b63b4729bdc19d82e3591804495ff4be73d8f95b644ad1494c490964c2d8fdbfd7d41269b1cf285cd01a9e642da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a40955e3d5c20aa2833ac41e0cec58c7

SHA1
005ec042d24ba9ed4bfbef895bb15d2fa57298f3

SHA256
00bc054846965fabede25380b3237a9d12873b3e334dd7fe014df7192e20f4cb

SHA512
e19d5ac5e992b26ccc7154f290cc22488eed7597c5a389c9c6414ab255a79617634ab89b7cfd3d90cd802afa819958317a55c08e5586d59059498487adf9e4ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e52b.TMP

Filesize
706B

MD5
c0db29d845cc96e5ada92bbb29115d75

SHA1
ee31b60f2e0ff6a1f40c0fd7dbe69bc3d7933a92

SHA256
7b4b2a24825d9df87af50da85bd58b2163c6100ba818b6e815d20d7b7645c748

SHA512
62bf0ddbb93ba74f3d47119929a57549e08b66f897288655f4dc15a4fc532a072a509b8ef52065ffe68055f066f8e97b59b23b698e324626b740a36e34002ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
534b3e6aaaee819d62be7df0862b41a6

SHA1
9709175c77b7588c94a3dba0afe892cdc927118c

SHA256
7ae5f7cdd6e05c1fa5456360c717dac990a26c6c466d7e7b622e17b1f2578ba4

SHA512
43335eb68bed8b2129c7fb26aee148bb6abb0835d05e14fc4e737e33aebfa9e1da2049bcc2a993b946441747627740b61eb95d62442c96eaf5f88669e70ec149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0e1ff4d240ab65e7d547c7e2f6cb6c9b

SHA1
9529716acf939e160185316cefa836cdfe79b610

SHA256
f799f1156398f4d30a93aa5d00c5f7c532ddfead5c1dabc1099dd1ba31ade836

SHA512
c7c768b9cfacbbe5fdcd41ccd18dce72f6e17401716ddd4d29badc8307a96cd7f3a4fbd4b7eeba715d173e2b005393c7dcd280b85558e1845d8695f160214485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f800f3439a3f76efa017ac9d9bd837b8

SHA1
52b3412abe7e00ea5e5a96c0253395add1513dab

SHA256
9cb7f4ddc4d20bcf389cad5b6b793543425fd82103058acd10715361d6f9ce47

SHA512
b04709cf5733dea2aa7b423b9033cc992cd0bd5104648cc11ccb80e6e6335fc656d09344391ddf94069aadfc64f6a9213bd18fd43bd4ad6da62dd0dd0773ba2b

Download Submit
C:\Users\Admin\Downloads\Solara (1).zip:Zone.Identifier

Filesize
594B

MD5
e7f3fc011df894182b2669b5040716dd

SHA1
54d6b49e19822c9ae95e22a8cdde7b459eb83661

SHA256
e1f78a294b92a001979e6ca912acd924fb7558b9436b2b092d62860b2e806018

SHA512
72f706840f769db1ca9f308e4f55fd1769180141831c357e59c165cd9424d34c2b0bd10dfcbe3ec12ea2c39ace7b6756c6a573272dfdaa2c1524e7096bcda617

Download Submit
C:\Users\Admin\Downloads\Solara.zip

Filesize
437KB

MD5
db377b00dc8bba4439a666d9befbcece

SHA1
a96f4badf9b4337ccd1ff699ac66de368c33ff83

SHA256
54f2619a3afed3c6982052c654e85044adebfc51890107cbd9f2e768ea7556b1

SHA512
5495405a03898d0e34566db1dda09812b85d3672bfdaa2704844b24934545cab326379c73550b5105aac24311312db93d08cfdd43793184d717c4c37e0fb2800

Download Submit
C:\Users\Admin\Downloads\Solara.zip:Zone.Identifier

Filesize
66B

MD5
a79008f050495bc99d4e9c74f87c0dfa

SHA1
2170b2fad31450c6250cb25d1ea47cef925da977

SHA256
1d440cf6ab990961eace6ced5ef67e5c75d7b24a9c7497d88de9b1eb6ec5883b

SHA512
4a49a264febe1cb95a1803462e8620d43afa4feb86a85f84c5fca5a5f8b82ea6317ca98dde2fe6718295d557d62b2fb8b5f6dd698f746bc6977a85c9efd68d46

Download Submit
memory/4716-1099-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1067-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1100-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1037-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1097-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1096-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1095-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1094-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1093-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1092-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1091-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1090-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1089-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1088-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1087-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1086-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1083-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1082-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1080-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1079-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1078-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1077-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1076-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1075-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1074-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1073-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1072-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1071-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1070-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1069-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1068-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1085-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1066-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1065-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1064-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1061-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1060-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1059-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1058-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1057-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1056-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1055-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1054-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1053-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1052-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1051-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1050-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1049-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1048-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1047-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1046-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1045-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1044-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1043-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1042-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1041-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1040-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1039-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1038-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1098-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1084-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1081-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1063-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download
memory/4716-1062-0x000000007F070000-0x000000007F080000-memory.dmp

Filesize
64KB

Download