hxxps://roblox[.]com

Analysis

max time kernel
1799s
max time network
1759s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
19/07/2024, 04:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://roblox.com

Score

9^/10

discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Executes dropped EXE 3 IoCs

pid	Process
3060	vc_redist.x64.exe
492	vc_redist.x64.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Loads dropped DLL 17 IoCs

pid	Process
5008	MsiExec.exe
5008	MsiExec.exe
4812	MsiExec.exe
4812	MsiExec.exe
4812	MsiExec.exe
4812	MsiExec.exe
4812	MsiExec.exe
3444	MsiExec.exe
3444	MsiExec.exe
3444	MsiExec.exe
5008	MsiExec.exe
492	vc_redist.x64.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Themida packer 31 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/3444-4381-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4382-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4383-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4384-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4546-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4585-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4598-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4611-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4612-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4665-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4685-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4706-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4751-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4762-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4782-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4793-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4795-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4823-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4825-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4881-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4883-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4894-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4905-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4919-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4930-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4932-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4943-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4945-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4947-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4949-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/3444-4951-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida

Blocklisted process makes network request 2 IoCs

flow	pid	Process
161	244	msiexec.exe
162	244	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 14 IoCs

Web Service

T1102

flow	ioc
136	discord.com
173	raw.githubusercontent.com
219	raw.githubusercontent.com
223	raw.githubusercontent.com
227	raw.githubusercontent.com
236	raw.githubusercontent.com
79	raw.githubusercontent.com
171	raw.githubusercontent.com
175	raw.githubusercontent.com
232	raw.githubusercontent.com
74	discord.com
110	raw.githubusercontent.com
157	raw.githubusercontent.com
193	raw.githubusercontent.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
94	api.ipify.org
103	api.ipify.org

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-json-stream\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-ls.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-bugs.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\models\metadata.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\exit-handler.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\msvs.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\base-command.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\arborist\load-actual.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\link.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\ext.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-help.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\gauge\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\corepack	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\utils\guard.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\build\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\util\crypto.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\client\fulcio.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\ranges\max-satisfying.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\pnpm	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\tlog\types\__generated__\intoto.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\check-bin.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\envelope.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man5\package-lock-json.5	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\builtins\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\Xcode\README	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-help.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\get-prefix.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\@npmcli\fs\lib\with-owner-sync.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\.github\PULL_REQUEST_TEMPLATE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-access.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\base64-js\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\is-fullwidth-code-point\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\stream\promises.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmsearch\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\wcwidth\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cli-table3\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\corepack.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\mkdirp\lib\path-arg.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\err-code\bower.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\abbrev\abbrev.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\chownr\chownr.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\lib\env-replace.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\has-flag\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tiny-relative-date\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\fs\lib\cp\errors.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\negotiator\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\lib\util\tmp.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\arborist\isolated-reifier.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man7\config.7	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmversion\lib\read-json.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\dist\npm.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks-proxy-agent\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\compile_commands_json.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-profile\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-flush\node_modules\minipass\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\docs\Updating-npm-bundled-node-gyp.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\humanize-ms\index.js	msiexec.exe

Drops file in Windows directory 25 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\~DF652C9C194B85B590.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB8C0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\SystemTemp\~DF2D8E660966D5A477.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBC8B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9437.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI98DE.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9A76.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9496.tmp	msiexec.exe
File created	C:\Windows\Installer\e5990e0.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\SystemTemp\~DF12048B8BCE7068A9.TMP	msiexec.exe
File created	C:\Windows\Installer\e5990dc.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9497.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF04F50AC47BCF58DB.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9A46.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBAB5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9F0B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9F2B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB842.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5990dc.msi	msiexec.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe

Modifies registry class 31 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SolaraB2.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 659024.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1000	msedge.exe
1000	msedge.exe
3528	msedge.exe
3528	msedge.exe
4900	msedge.exe
4900	msedge.exe
1932	identity_helper.exe
1932	identity_helper.exe
3044	msedge.exe
3044	msedge.exe
4724	SolaraBootstrapper.exe
4724	SolaraBootstrapper.exe
4724	SolaraBootstrapper.exe
244	msiexec.exe
244	msiexec.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
4736	msedgewebview2.exe
4736	msedgewebview2.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2424	msedgewebview2.exe
2424	msedgewebview2.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3444	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
4016	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4724	SolaraBootstrapper.exe
Token: SeShutdownPrivilege	1864	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1864	msiexec.exe
Token: SeSecurityPrivilege	244	msiexec.exe
Token: SeCreateTokenPrivilege	1864	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1864	msiexec.exe
Token: SeLockMemoryPrivilege	1864	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1864	msiexec.exe
Token: SeMachineAccountPrivilege	1864	msiexec.exe
Token: SeTcbPrivilege	1864	msiexec.exe
Token: SeSecurityPrivilege	1864	msiexec.exe
Token: SeTakeOwnershipPrivilege	1864	msiexec.exe
Token: SeLoadDriverPrivilege	1864	msiexec.exe
Token: SeSystemProfilePrivilege	1864	msiexec.exe
Token: SeSystemtimePrivilege	1864	msiexec.exe
Token: SeProfSingleProcessPrivilege	1864	msiexec.exe
Token: SeIncBasePriorityPrivilege	1864	msiexec.exe
Token: SeCreatePagefilePrivilege	1864	msiexec.exe
Token: SeCreatePermanentPrivilege	1864	msiexec.exe
Token: SeBackupPrivilege	1864	msiexec.exe
Token: SeRestorePrivilege	1864	msiexec.exe
Token: SeShutdownPrivilege	1864	msiexec.exe
Token: SeDebugPrivilege	1864	msiexec.exe
Token: SeAuditPrivilege	1864	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1864	msiexec.exe
Token: SeChangeNotifyPrivilege	1864	msiexec.exe
Token: SeRemoteShutdownPrivilege	1864	msiexec.exe
Token: SeUndockPrivilege	1864	msiexec.exe
Token: SeSyncAgentPrivilege	1864	msiexec.exe
Token: SeEnableDelegationPrivilege	1864	msiexec.exe
Token: SeManageVolumePrivilege	1864	msiexec.exe
Token: SeImpersonatePrivilege	1864	msiexec.exe
Token: SeCreateGlobalPrivilege	1864	msiexec.exe
Token: SeRestorePrivilege	244	msiexec.exe
Token: SeTakeOwnershipPrivilege	244	msiexec.exe
Token: SeRestorePrivilege	244	msiexec.exe
Token: SeTakeOwnershipPrivilege	244	msiexec.exe
Token: SeRestorePrivilege	244	msiexec.exe
Token: SeTakeOwnershipPrivilege	244	msiexec.exe
Token: SeRestorePrivilege	244	msiexec.exe
Token: SeTakeOwnershipPrivilege	244	msiexec.exe
Token: SeRestorePrivilege	244	msiexec.exe
Token: SeTakeOwnershipPrivilege	244	msiexec.exe
Token: SeRestorePrivilege	244	msiexec.exe
Token: SeTakeOwnershipPrivilege	244	msiexec.exe
Token: SeRestorePrivilege	244	msiexec.exe
Token: SeTakeOwnershipPrivilege	244	msiexec.exe
Token: SeRestorePrivilege	244	msiexec.exe
Token: SeTakeOwnershipPrivilege	244	msiexec.exe
Token: SeRestorePrivilege	244	msiexec.exe
Token: SeTakeOwnershipPrivilege	244	msiexec.exe
Token: SeRestorePrivilege	244	msiexec.exe
Token: SeTakeOwnershipPrivilege	244	msiexec.exe
Token: SeRestorePrivilege	244	msiexec.exe
Token: SeTakeOwnershipPrivilege	244	msiexec.exe
Token: SeSecurityPrivilege	2140	wevtutil.exe
Token: SeBackupPrivilege	2140	wevtutil.exe
Token: SeSecurityPrivilege	3084	wevtutil.exe
Token: SeBackupPrivilege	3084	wevtutil.exe
Token: SeRestorePrivilege	244	msiexec.exe
Token: SeTakeOwnershipPrivilege	244	msiexec.exe
Token: SeRestorePrivilege	244	msiexec.exe
Token: SeTakeOwnershipPrivilege	244	msiexec.exe
Token: SeRestorePrivilege	244	msiexec.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
4016	msedgewebview2.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3060	vc_redist.x64.exe
492	vc_redist.x64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 3020	3528	msedge.exe	82
PID 3528 wrote to memory of 3020	3528	msedge.exe	82
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 2956	3528	msedge.exe	83
PID 3528 wrote to memory of 1000	3528	msedge.exe	84
PID 3528 wrote to memory of 1000	3528	msedge.exe	84
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85
PID 3528 wrote to memory of 4264	3528	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://roblox.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd75de3cb8,0x7ffd75de3cc8,0x7ffd75de3cd8
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1656 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7116 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,16203003076046251355,8708273709033621725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:1256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2436

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1300

C:\Users\Admin\Desktop\SolaraB2\SolaraB2\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\Desktop\SolaraB2\SolaraB2\Solara\SolaraBootstrapper.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4724
- C:\Windows\SysWOW64\msiexec.exe
  "msiexec" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1864
- C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe
  "C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe" /install /quiet /norestart
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3060
- - C:\Windows\Temp\{52C6DC3F-AD0E-4A37-962C-C0656E982996}\.cr\vc_redist.x64.exe
    "C:\Windows\Temp\{52C6DC3F-AD0E-4A37-962C-C0656E982996}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe" -burn.filehandle.attached=592 -burn.filehandle.self=600 /install /quiet /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pizzaboxer/bloxstrap/releases/download/v2.5.4/Bloxstrap-v2.5.4.exe
  2⤵
  PID:2944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd75de3cb8,0x7ffd75de3cc8,0x7ffd75de3cd8
    3⤵
    PID:2832
- C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
  "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  PID:3444
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3444.232.4897382347894849990
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:4016
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x104,0x1c4,0x7ffd75de3cb8,0x7ffd75de3cc8,0x7ffd75de3cd8
      4⤵
      PID:3492
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1776,6693970103251593093,4304102475291461173,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
      4⤵
      PID:4884
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1776,6693970103251593093,4304102475291461173,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2016 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4736
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1776,6693970103251593093,4304102475291461173,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2656 /prefetch:8
      4⤵
      PID:1892
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1776,6693970103251593093,4304102475291461173,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
      4⤵
      PID:2272
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1776,6693970103251593093,4304102475291461173,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3460 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2424
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1776,6693970103251593093,4304102475291461173,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4420 /prefetch:8
      4⤵
      PID:2424
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1776,6693970103251593093,4304102475291461173,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=5068 /prefetch:8
      4⤵
      PID:4852
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1776,6693970103251593093,4304102475291461173,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2652 /prefetch:8
      4⤵
      PID:2484
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1776,6693970103251593093,4304102475291461173,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2956 /prefetch:2
      4⤵
      PID:1692
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1776,6693970103251593093,4304102475291461173,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4540 /prefetch:8
      4⤵
      PID:2184
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1776,6693970103251593093,4304102475291461173,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2684 /prefetch:8
      4⤵
      PID:1180

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:244
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 5C166ADF7DBDC9AC21489B23B6E5D749
  2⤵
  - Loads dropped DLL
  PID:5008
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 4686CFCE863C2A46086EBB9297F89105
  2⤵
  - Loads dropped DLL
  PID:4812
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B8CB970AD4E23BE4D2A4866423AE9B64 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:3444
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2140
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5990df.rbs

Filesize
1.0MB

MD5
2e10fbf5775626aa6ab9c47b20fc75d2

SHA1
825cbdd64b8f2c5833987e837f6beb7ed6611511

SHA256
2c019a52cb7366b606344c2dfe8d59ed1bb8ad87064c832ae8c062f131f110e3

SHA512
939833a3f95927166fd15a77b8a87ad2fa1e28f5670731a2ccaf0e828eda8d40ee9275cf8186ef3c22c8a46afc184bb0485aeb51f7256f7394a6b7bdef59bd17

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1998107017edc46fed4599ad24cfe53

SHA1
47e92f0646f0de9241c59f88e0c10561a2236b5e

SHA256
cc6838475e4b8d425548ceb54a16d41fb91d528273396a8f0b216889d79e0caa

SHA512
ef7228c3da52bf2a88332b9d902832ed18176dfff7c295abfbaab4e82399dc21600b125c8dad615eb1580fab2f4192251a7f7c557842c9cac0209033a3113816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
21cf39beee4d807318a05a10dc3f1bf3

SHA1
01ef7fc09919eb33292a76934d3f2b5ba248f79c

SHA256
b766823dabbf6f78e2ee7c36d231d6708800126dc347ce3e83f4bf27bc6e2939

SHA512
0baf8b0964d390b9eb7fafd217037709ac4ab31abcdf63598244026c31284cd838f12d628dcffe35d5661ba15a5e4f3b82c7c2d9226ac88856a07b5b7b415291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
25KB

MD5
1b7ac631e480d5308443e58ad1392c3d

SHA1
95f148383063ad9a5dff765373a78ce219d94cd7

SHA256
7fb66071ac6c7cfff583072c47bc255706222c2a4672c75400893f4993c31738

SHA512
15134314dfd36247db86f9b3d4dcb637e162f8fd87c0ce73492ffdb73a87492fc80330655617f165dd969812ed2ebcc42503f632d757bb89ba9116137882119d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

Filesize
143KB

MD5
0ccea7d1bd09a5cf0c26ce6b21c4457b

SHA1
2be1e5eb39ee27251498aab59dfbbaf6b9fdfbbc

SHA256
c722b1d8ac3a6ca2dcfb495c6cdafc04e8aa743cd3466b79a9475a9bbca1b4ce

SHA512
375104056f68ca98cb4e2587c42f3603e9ed7cde78aa7d6b226919875138a64f5d6aca905bd92039ba1789a69c69cfea888cf48a2779575e7b0503e9b3e2734f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b

Filesize
20KB

MD5
b3b71ef77841815c899ae8370085d7da

SHA1
f7362b36e1ffecc7f965d4eadf2fbb4cac25d9f6

SHA256
7ad1f40d9814673dc1e07f1517b9b535431fe9b028a6e9eecf650e0be2a03cbc

SHA512
f5c72cce1f7c5d5bc98573339e443e8089ab8c5d9a1826b1faccc3cbacce0011a1192cbdbbd26167b1e435212466bda2c64a9aabcd32b85aef3ea03035f7963d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1e746cd36758db55a1303d1d2d9b5872

SHA1
eaa700ceb5ce7814a5a35cafaa0d2056600b3874

SHA256
79d5bc1553cd7722ec38803387861c3dfcc8edf4f2bcccef32a220fcc3001215

SHA512
5aaac03f4c0f7b90275a928fd91c2a909dd81855f8fdedb4c9d64c65bdc8306a8c1f3279a1f3ff553bfa753ea92eaef7921587489908d3e0d5bb12adfd30d1ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
8d2821427e1a112148d5e538c8071070

SHA1
91b12061443fbbfbb0017216364acff5c1ed77be

SHA256
ef802cbd91d0ea888a883a0bd38544b715963b798c1f1d2f1b7bac6d32eb7272

SHA512
a63e7f4617e5a4a3b9bf9b2e01391d038572968999908d5ae8dc3a473a4350438ee4c82dbc934a9f35496e2eff3204195032de18c5ab0a2e26b1a75434d1e664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
f5232e2b7e1ef1af046f91e4129c334b

SHA1
de271b063c0be9b3f4634402bc785be5eab92ae1

SHA256
f951a94512332674a1e30279c65fdea02f2f4b6306236bd1b6bb40040916de7e

SHA512
a440dce16da265f315551ed0c5acfcd72001a88af3c453eb7563f18f9fd2fba61db45ca68cc0847993f6be4bca40fe1028a59ecdec9fcd619dbe1e77982dcd25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
3c5b87967522a500e6e5ec381f4bf869

SHA1
7899aa498c21eda2c7e0930f78911a9c2236828d

SHA256
2355b615c4d64332c59e624c8175b2d188ea06cdf9ee99a54991b4c63057fe8a

SHA512
f2e04d22f9e6ae075b389d246bab8a0c2eed3561ffd486c36c32a6a1f1ffb9b302d9312a9b9e15c9bdbac90dcdeb10f642ff1c31c03eeb9a622f48d083c8d0a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b509f508eb4d4ac9710fa522800ef68a

SHA1
5b6439acf58932186b8127a491be7291735ebcc9

SHA256
f2938ec66d720f180ed76afdae8aed0e8d1de6318e713cbdf985639484ea96c1

SHA512
c1cd6c614f264e65c9d0c218492f026ba91fff2760ed2a01a0a4af6e27b75489511862d7ce2850fb9aa60548a3052cd2bc47d7e78d58dd887c7d5d4bec195686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
37712398b3bb9c5ace9d9ff5da07bbc8

SHA1
99e5cdf2e1f7bc94f198d8ecfa6f56889462c1de

SHA256
ac596867a4d8d5f0c2d0decab1441b92e61c9c160f2b3df0f71f538803cbb03d

SHA512
7b575b4412dd36b6d612bcba9d0046fc1812d8df8d3f00abc32d446e5ba313355157ebb0ecdfbf4baea8c13fccee3655405637a3d3957ac40ec187e728e3b8da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
850391025f8ae7172a053338bb11c882

SHA1
150fd82055aaae38627f78b30acff9d441b9cfc6

SHA256
83739fde39fd13f4977c9e0153e8784cce5792ef607322b8c8ea971f60e22397

SHA512
85230f7699d0a28cdd2697e367c62454379f76055ea41d10d4b51f1b961de3247a770b634094c5c527b9e37b32bc394d7ed114f50e7179eece2ec5d7915e0cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d86c07ae14feddac4e30274440d1a6af

SHA1
2d8592654316e5367d7f05e98f1178ad65ccf12c

SHA256
617f098420268dc2dd51914548ce27d4249707937e3942ede5d9a60286c80866

SHA512
b1095c7ae3eb1b0c3a13674227ffd2eca9f49c8640182565b82b924fd9c1a5e296a6b732aac2d9ff523a0f9b823fc84cea6840db791e57336edeffdb2214663e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
19ae4ae480e2e8e36b7ce613e7238e63

SHA1
7c69b0b0e0cf9cf050324435c3bffddf40a3a29c

SHA256
98363df5b951a4c70d437f64a399d2af9d8e6a745c8f2f415fbbb73f95987838

SHA512
39819519ac5a00f64ec328f89c5910c8dd33d7495110e774c143d2739813995b2556be82601aa1950072f3cce1cc303d37147503eebcf2aee19204125c9c0214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1037e0460fdfc73b5baa045f64625a03

SHA1
8efc0b3d08e6536f044d6f942122bdc8b8686d38

SHA256
a81b07cd1199d741afd64588bcdc4bd1a577777cc77c3627539282c775f949cf

SHA512
886a0a74dd89550d1cfcd046373a67c8d06efe5ba3829d63ee1297baebc4e4b01741861a652a9f86e32e3e0636757c051a234661842a9cc4bea0a7f52f82ce6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54c0d5735a33fe022459259273317a98

SHA1
d75ef6235e3dbdea46140cd313eecd5ca0b4686c

SHA256
a6606aa11bb7a5b95f7755eaa686653f97233d9f449c4b938bbd9d440a87e29a

SHA512
cd4cd6ba3a994e2de18ed307176968e560a252953083fb3a5ae5fd7f2e9e2cb4f6ff1527c9810b314e721dd18160db207b20a0bcd2198d07d502f69ea851e686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\2b450a1a-e34a-4ccf-bda5-ca731e5ba288\index-dir\the-real-index

Filesize
3KB

MD5
dfe54ce88fbf95aa38f66cf5231f402d

SHA1
c3db963337634b694172784f75d525b9c6c31c73

SHA256
f408bedac775343333a7341aca3f578d99412c9b161160d19de58633f8bd4509

SHA512
08542e7e439bbb2e2698c292f479f0cb68e4729130a23ba5585f31f725293b192197796c75fe1c8b8c81aa81d582a7f6855dd39ff53752bbfc76a038f5bd7175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\2b450a1a-e34a-4ccf-bda5-ca731e5ba288\index-dir\the-real-index~RFe590edb.TMP

Filesize
48B

MD5
ba9020fae6b7192392850abe66efca98

SHA1
7cbbaeb8d4fbaf4b4cdad222c0b60502e43bd3bf

SHA256
df60a49ba1150483315e072216a929dee04130c938f42e21d97db5ca84a7e995

SHA512
b1ac831686c8ea0ee4b50d6dc83ab92150d9582e041ed2225e434f886a94624d1c838058b557a22c6435e4f00d247059e55b8cceb0c470cdf88fed4ae71f8618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\fd2e52bc-b18d-4bad-9616-9d8c5e643666\925a02cd30dd2ad1_0

Filesize
125KB

MD5
03c69cc9c21918018f4bfffe3dc55311

SHA1
c53baf2195a2f4bb89b36755904477e0ca11db50

SHA256
fbaba67e198d799ac48b72ef65b2ba9e829815a86af0d9e72fb1d7aed0bcf804

SHA512
a205c2f18539d3163f9d69a13ba0bc4cdc7a42aed5960741c71a297104e9e3228a5d989de258143232de99cd27b9ccfbb157a2b1c92a15789dce70dc68fee927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\fd2e52bc-b18d-4bad-9616-9d8c5e643666\index-dir\the-real-index

Filesize
72B

MD5
1896b69bc05d2f80ca72b7e45c9655ed

SHA1
1014786cab5f34555ce8cd50392f2f924cd5a26c

SHA256
e1680a7191e48733afc1e71b45f1f8a537081f6dfbdf24ab0d4b2db6f49009b4

SHA512
a63f799597edb4564abeac96f72db1f0eed73f9713e37910407304f21bb5b80e0d241e64786caea81484da5d2c8ec0304da1394eacc3b01aeea4fe9739e98456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\fd2e52bc-b18d-4bad-9616-9d8c5e643666\index-dir\the-real-index~RFe590f58.TMP

Filesize
48B

MD5
36cb30e9282572bb2a273dccbd0cc2a4

SHA1
63a538bac2276ff45cdcb10e657070fe3264ded5

SHA256
f74c2afcad2a118984bd5b6d3157a0eb60b04cfb323ec60f805818b767f038b3

SHA512
209faaccc679f55e78b15efbfec3ea830af7f0b69e000ecc9f75b9f330a25748ddb70d0e6b7c77c815704cf37861ef00be8ed7f9cab67b55d9931d80a4b59500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
86B

MD5
71fc0c25d08221a428343299a0bef517

SHA1
cdab5465751e5f85a48974e35c914ab8297050ae

SHA256
77aeac300ab82d8c1ecd841567981b46cbd4c0655e542a44e68e09ef9e463f51

SHA512
a6ce19b6a9bb1399ee998c5bfa1e23a2687215cf647cd5903fde783384a835de4b49dbe9488dd4fff1ba2a15c74f513615ba8d5fdc6bf004bc56e7b0765e06a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
176B

MD5
57c079bb0caffb9f9da70c8e68ecca62

SHA1
733991ec942cfedc64860a537325c8ec17e0b8c2

SHA256
97cb6af14f8b34fb82fdb5a5f440177f6ed982e4e92ca86d82688a14e76e8333

SHA512
2dc14c89a4e64e7264190c7221cc4b155435365a981a59bc03df132ca5debe12eddc4e0948f3711c7b20a7b99761dcfcd4ae6b4d323784effd442574dd940c04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
236B

MD5
9a2b8d4f28bbcecddd18b7b89c35522b

SHA1
b14d27c1ccd46d4b2862306b32aca48859f79cc9

SHA256
61c1e3ccd87038d5865f5697cb23e51b85291752bc347594d1ee6dba9ce851b1

SHA512
ab55799c000350e417d22ce0532970505d224812129875b6fc8509a5769d85b11c1fcaa44cd883927724672f81c8fa16e34db4b27f192066e95bdf3cd65febb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
229B

MD5
a447c1acc78ac34793456e54e694a6d7

SHA1
5497e2e4efeb05c0a16a6ddea786bebaefc85457

SHA256
b5c3b4f262fe3c2e92726760df2f1de7efea394f9e19bfc0a85468410ba248c7

SHA512
042e7fd9ea48056e39540451cd66b6ad3888bc1e6aa826d301bfb55d9fc32c825140ef5ee24232e28c81153643df1e107e74b885bf2ef0cfc2598f072117dfac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
37e92853e069f290a2951731b02e67ef

SHA1
c7472164e0a07660bf0e124a088bbc0b85088c61

SHA256
217f3ec5926e31f3862cca73448ef4b78692bdf8e1ed61088a8f132d71befec6

SHA512
acbcedb10b6346895b22969dea69af4b125b9e9cd1eae1984286d768daf04d181b8d5106c30c11f136f7ddc5c5ee0e12f4ddfdc5d356c6a7e358d9de3316a6eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58de93.TMP

Filesize
48B

MD5
04c5a5c0d9060a03a0e7c853acd3391c

SHA1
97963df83b834ec519e06e222dbd992b131c840f

SHA256
92816aaac5b5e7547ad682e8dccfd80f0ffa5cc2152f0af7abbf2ec2adbe7ff7

SHA512
95c5cc803979afd1118a14333b7f7df5c6d678a21c8053a20f67ccc07d01ca01a6138ca104ba52258551e82b479d750539c5023190abf9f34a3e683d76be1366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e1d294be32a07905ec0512e9d996d247

SHA1
6c4cc5ed490171a1a45cf90c49e71bccdf718c6a

SHA256
f9588cc9a2d62f02f13286ecaf68f5635c3405d32ee7038aa0d68adfef07151b

SHA512
7e3de7d062633d3706ca806a15bfd3bf231cb50c4dba7c9da88a8d174583e5781a9f5d79d31a3b6aa86d7c1dc2f573ada79fa78bdb13eb9105b84a435d451565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
afe17c8fe897b05abaec842af7965796

SHA1
896cb50a258282a393da1727056edec09099694f

SHA256
01cf800e49b3c1ac3ab1d976f9fafd275992c6a79230809380427301f201045f

SHA512
23b76940958ff1a9e10a097706fbb6a1367fda9694fcbd39103de828a583dcf08e88f9ebf60d7b18c12fdab00e872faeae43ee23efa9978228c96c77d2f8b0b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
be105e4293675af8f4235c038a8bb87b

SHA1
45a90e410862428e80cd852d1007925aa9de9238

SHA256
efbc8d0fe992f5a4639c3d218a6ab419ff6d32d6157b863596ead874b609b73a

SHA512
68f54c7568b8ece5abc9f1c7a0e805995cb931a1106a4181a0bec0691cca9d401b0dcf4d479f80fdfc6c8b0f847395c083316946e37a9c2f05890c046c177f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
76e112f270f9362c1220b456dac85f0f

SHA1
4201413852e075a7c5052c3d1a792eeb35ce3204

SHA256
9f7a8182d290fd625d3a08c8d8442e6bf4f93403bc86455399e979a67ca0d3a7

SHA512
3513bebb47219bf7b300dc602bbff6f4b9669af327c5109d776945c18d794a83c12e41382d3ea896c5708305844ec916ceb15ea61e3b449f1aedcc3a3cadad15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a2e6fa55fd066aaa7ff568fd874b7699

SHA1
38b4e706cdc0d7ff35382950f845e1d988e287ff

SHA256
c8e952841a9d72eec5ac388574e6cbfb683fa44d8252dfa900d6cc5a3b194c7c

SHA512
265a8915b5a081313bde6da806c41305571c30e080f0a45767859221bee67b5320c4c73df99f9eb6ffbb5dc16070831096a04de1d3a962c86e51582c70e9eb26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
07f1887c2ca6b7261904c99e4747cab2

SHA1
aa94e38bf409adcc9af2bd12d994d043101a8bbf

SHA256
9b845801133108b93e9657d593e9dc43436ba63366840ee792113bf6182d1b49

SHA512
be3fa4a67849d75468b998bfa9c31a58467700f33a708c8f78eea687268784f127d9a83a54725c47da154f879d971f00876c09bdde46fd2ac6d01baa102f15c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1f56efcee0bfd8f6a9812607d93932e9

SHA1
061c7fbf72b491644ae759e5380729b725bc5135

SHA256
8b07eec6ef6fdb5ec4e46bc0ce210a29fd30f0a0d51fd85835b9778c0a8e0cf5

SHA512
cc62698d9a20fb3b23ae3226aff9174e473a2c936a50b6c5a3c6033a1eff48e94521016751f96b23dadf66be977524d5068970cb0a6d886801275e9355bbe65a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cc99d5e35635a21cd977d195f0f31085

SHA1
c55025104868405dbf028fefc3b348a6e3c41342

SHA256
99b5842be144a6850a675265fa4acbfbe3a0213f40ef68e972305a9c5656c167

SHA512
e75307b03abaa5ebf465080b97e570059904c27a07db3ba950b2ee5ba3f588be089630bbb23b32b68d29b1eda2b90e02b441abad573f264f16e62468a992c824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
00a128ccc4116604f3fee56feaec6dc6

SHA1
099a2e07962a43544b69c7dda8684a6c588eea02

SHA256
a2f74b3c5518739dd10118726da02b0a234ef1efd543c2601b6fccfaa48cb5ce

SHA512
f6e688249ea53b0045c2be97148407792b04a18c290c763a859e0ff6ca7e01ce573e33fd7aa48e79d53262c1068974653639a4ae19e0f3dbbc801b4ebb0f525a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
68d4af85398bc2810b43fb218e59436b

SHA1
ee764e8d2590d5b2f526a6a167dd13723337efc5

SHA256
94e1cf195a8bb20aa2ad958605b4a5cbbce4e7c1fda2e1884d34e9ae8ca7f10e

SHA512
33b1f3eaf9af78e19c7ba928a3bd72f3abff942e9914286b9de76246a1b78494af1e1343025fd966e03806b85662a53915aea6ab72bc6e4c84a96decd9e3d7bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e09f4847859aadf9f45b2bb2acec7f84

SHA1
2fbc0deb0f18c666d6bc7001e439acb4aaf9cd85

SHA256
9a67bc5df5428fb8359edce0248776b5de2e633e05161091e67cb04904b215d1

SHA512
7fc481218753c5adda880fb47c64fc99bc2cb3d40ab959eb7968b31f7348a223a80d04b6952a2211b8222941dbc5cc20182df971b0f61e134b83864f3c0d0277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ac2c87b4738c646064e8b01645aedef4

SHA1
22e8a6fad2b24d4dae5ca9a7626cc1b2c70eabae

SHA256
e60539aa75c91eee5c9ae7ab0c396baffc0401129f97be1a7b9a9e38abcd9aa4

SHA512
f9a2a4fd74da74dd78057a10f299c17e45f8e1e0f9fe920ee0c836c9f7936a423ec23e93a7385abdf4442419d405106789ca5b86412d817fb31ffa92e548a6d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
19c8d19f98511d73d5a060ea360fcd38

SHA1
3ab21bd4f2374e5c53626a5d8dcf43804c1818eb

SHA256
f797019777d37534c1b40bc492dab8e53f5f3ce45266b4a644ecf7cb5e72d685

SHA512
8e871a525da9895a3ea9d163dbf65385ad28fb3ad12ea6253d65592b4b562a27d8637e1c1a7db46b3c44435c836653d3fb9b6cb008915ce39098a482452c200d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58436d.TMP

Filesize
1KB

MD5
a890a90433bc0a349e82071a51286df6

SHA1
88ec093e2d75171ab260a1a5a6443986326119cf

SHA256
45342361ff1bb8dc46b592aa6063e15310495cd363fe835f7dc653e37a1fc8a1

SHA512
0c306fcb4f623a82b50287a7d39534489211462bec0bf2743598111332b5bc6097d52566779686256b06707b6baf558d0bc1dccbb3d709186b05447412e5c76b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c3154375-31ec-4198-9ce6-2525c866182f.tmp

Filesize
7KB

MD5
6a7b5a60ba61d7e372a7ab5d9a60dd84

SHA1
31cc711e041b31811cc615306ce7067d84b31ba8

SHA256
f5ea8fc2d3d6569c6bfd0a4ab43034ef3305dd60e5744e8c646afd59fcb68ae6

SHA512
bffa7d5d29ae70e03ec44dd0809429c1c974535edc09fd4605bccd1f86e83bb008d1a458fc1cf63532916c03c4f8963e474032f07dee280c80712244e72cb3bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
68d4f87453a05910504c43e7d8ab9114

SHA1
e57b0feb454c7f0057485dc62d9890de79437018

SHA256
8a1bc23b24a3eb3e8b8657c648104241405bb8b00910df8dd6b9a97cf4b1c411

SHA512
91c787fe08d55aecf34c7f8a7130aea55e1cf9595380dd3d624bbd589b97b6e656e475902a5415ca45db28d689d34982cf0e1c07de8c041fa500be256a9d2ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
49709e4c0e60ed54514c7cc12c3b471b

SHA1
b03f1462f59ec621393d8f27e794662be536a48f

SHA256
c8b251d8951219252f6cddc06c5ab841caab66e580b439b618c4180a48c5935b

SHA512
1a777cbb29a7848e3fc6d24d8cf9e4ea82dd508241999b7c3ce06c2b0ba9589d0c404453e888cbf3841882c6a4156264f81c9bc2a7ec8cc4224697ebf72e67d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8396c2b89f0c67af5a2ebf70af6b6ac1

SHA1
fa47dbb89ab9245d9b0eea1d19ec23b0fa1d4a63

SHA256
347b444f8272f7ab8a07ae63c9101015eb22bbb014cc5f9ba2825a34b70cea7e

SHA512
154a4ed32b369da514f602787404f57e6368d114e5d16716dee86420963df51fe35dd12887392a45f71b1c925718c91f3eeb3a597447767b4b4534a34b61b586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aa976da76bc1feeea192b96a2c85eb07

SHA1
af7feb4a5ed91a66fc5961b3e9abd335a25dcfaa

SHA256
9b1a9df4d0971cfd84000110b89dbf73118887efaecf32a992bf9f6e4635d9d1

SHA512
84a3cdca9a1bfdd9496005f0b4550f4e6ea53e816d86e9deae0e4af18d913ba8baf9fbf7a2a118361e29fd6c66d32a00747f2b1d67203d563471ca4d8cf531ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Filesize
90KB

MD5
d84e7f79f4f0d7074802d2d6e6f3579e

SHA1
494937256229ef022ff05855c3d410ac3e7df721

SHA256
dcfc2b4fa3185df415855ec54395d9c36612f68100d046d8c69659da01f7d227

SHA512
ed7b0ac098c8184b611b83158eaa86619001e74dba079d398b34ac694ce404ba133c2baf43051840132d6a3a089a375550072543b9fab2549d57320d13502260

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
6dfd51b2d800f46d449d8e99b06689c9

SHA1
09b7cee4cb1e90be72859f1260a89014a1ba3ed8

SHA256
d71ec12b3b04341423b5ce32a778beb29812cebe3f7830b41bdf5f9f8fe9072d

SHA512
a5a88490c3136396f0e43e5a8ac6e49fc3a9f7edb77becc741e6af679e10fcd1b3e3ca3cdd347e98731d0318407378242178eae9b2bb6114c8aff7303cfec4e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
b35315ce8ddfe69e97a12323ed5f635b

SHA1
2fe4664d57715ad025efbd39b5df3849b91ffca2

SHA256
f4a58798e966d2a1402b5ed3ebd8bb857da589f89ce3b7bff0faa2e53360dc8a

SHA512
f049803c42fe09ff9e4d9d9316a40aa1c7918bd9226963ee3bec61463cb273e24e302f0fb6657fea4dd814f809f0506adc3e444fe5558b7bcd03fca24132857d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State

Filesize
935B

MD5
6991d1354f88a80a165345570e947ab6

SHA1
a8fee4ced52d308dd3d8c8d970e9880f5e59eec2

SHA256
9b41fa9afbdaeac7d89ed06284fb1552ec819f64b272e3f2a655231dda9df404

SHA512
20d3a3aa266c8a31bd4677b144deb7c8088f6f7be1250c4401d8baea8dcd499d3311dc795b17f542f5735e2eb66b60074d8306b114ae46473bc74dd91cf52378

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State~RFe5b2d46.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
3f4d3f333bf0b549df73abe4417a8140

SHA1
ffa81427f0a50eb0fdc8b27811596a2f2947a37a

SHA256
5b5849585900d36bae81f4841ccdd20455cf2e132252e35eea4c938b22e2b667

SHA512
844bb7d17ce46f26e27121a853237d7a6a14cb8ea40c997e915d708f47928dc8f68fd65dc14b1ed1c157360d11b4fd3443d2d600f5c4d5fd04a35a4917af4b5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
d2c99e71a63838f6003eadc8684b5bb9

SHA1
6cd9e15cf2c4514059fd947ac26bc5f77d4a2061

SHA256
9ff75e6eff51a6e90bcc4a02150cd4aab12f228733043dc901496e07bcaa2e7f

SHA512
c96d4e9983e0370ab2ee3c89dacbe57f58d42b63f25c39dd0a221bdb74b145215f9f6a2eb355badef0318ed4ce415bf5155113a57c874ed9aced743d011c82d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences~RFe5abba0.TMP

Filesize
3KB

MD5
78dccdca73480391ae8b3294e88b2d4e

SHA1
b432bac31c37e8822c2f864105a1bf7874c1c356

SHA256
b7efbf145001d89aac15ab879d82137752343e5bd995f2a9f01ae02de55c7ab2

SHA512
81266e6dfb481d7510988f74cca416abfee4c620f73a28a43cdc8111b9d258674657b5c500b0790d479f1b06bf2083545dd770a9b7d9042b7c7f17336c608e49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

Filesize
8KB

MD5
f8a81aa8849265e0d5df27aa3b91ac5f

SHA1
3764d84ba8403886fc520d869adf4aea07f0c692

SHA256
128a2f14f4e469ab247fc86906a4dbb6ae1f72fc4ffa1ca41287e7abb389cd7d

SHA512
3647cd2e03f6611a12d6fad2574b2985e1e53383b748fc99fd714023a10822e5c6c0c04942bf428b7d40162de85fef6fff1e18d40ae508c9772d0a55298e6876

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

Filesize
8KB

MD5
b0bad53301a16ee19eaded7771c4febe

SHA1
9abdd1d598a48f98d3d1908ddb4f2de103425684

SHA256
36f132d2350cd72c57d6d6d4cebef6ef5717cef425e06e1f1cde1e4b503458bd

SHA512
d43074e0e805f54801216ecff4df66c74845f70893c7155c5d19aa9d46c543fa0c49503beadcdf83b48a0d46b08d675ac1e10c825c1805435e1db0416c0ee599

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe5a6524.TMP

Filesize
8KB

MD5
e201ffa0cfe54a4cafa6d338b8a8bfac

SHA1
8fd4571f1c43b3e06e581e42ad60107feb64eaf2

SHA256
0a4eab0f4890ae00a68e5a255e469ab4942f9fd632ab93ba6bae9e317c39a47a

SHA512
b2c428eebb185ee48213851805d5382ccdc82aa8c2902d9a7d74d1f001c6460fe74c9b5881c5dbd75d8fbc29cb0b1cd78954b4006374b60d6aa089c24f229c48

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe

Filesize
24.1MB

MD5
e091e9e5ede4161b45b880ccd6e140b0

SHA1
1a18b960482c2a242df0e891de9e3a125e439122

SHA256
cee28f29f904524b7f645bcec3dfdfe38f8269b001144cd909f5d9232890d33b

SHA512
fa8627055bbeb641f634b56059e7b5173e7c64faaa663e050c20d01d708a64877e71cd0b974282c70cb448e877313b1cf0519cf6128c733129b045f2b961a09b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
ee82e5db6c426fbdebde2c80845e6853

SHA1
d5db248f2fdc37ece7f666e3d04dde760ebf6142

SHA256
4c39e4e63460f89989a4d97f7809c0db476aa660756038de7f756fe456b66d12

SHA512
f83dd8973fc6d21d698c935ee2c972badaf39944e282ea03b29ab0c7ff78dbbd7779ada29de55138478a091b7ca986f337d8df99324fa717acc3578bb9952d19

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
16KB

MD5
739446e5ff2c54cdde50d59474824cb2

SHA1
c17be6bea79747b47a2fae786a8130be9a030662

SHA256
d256de5e0e6afedb1d1260e2df6196e04072844f24b6ea03cae085818aa3e663

SHA512
6029da043281a24948b60638404b5b0793e249583ab54448bb48f811d2c79d9096d415b8826b5dbaaad32de16d06415ca6b8f48ba05efb741ea6cf2cd778daf8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
3f63037e720a48e3b3b68be5a9bae7d2

SHA1
727f3bd04901be956aff65c81dd20212bb97fe9c

SHA256
53dec63d62bb9888b26e29e5e7f1d9af3bb9f927c8325a68fb2d7146738c2b18

SHA512
91191c2195c8f41ffbed0adf1f31f249b78422d646c59e4c3ebae830f16da8116114daedaace76ac25e5f647ccfc2376edd0bc0e2300e440021d629061c7f0d4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
16KB

MD5
8a30ba9ce1e14455459346a8d44f6d84

SHA1
0034d92453ace7a2381581249d0ca254ca61e303

SHA256
42fce72b28e4447176f0be8aaa5db4da5a7ee25bd5f408ac0a07907f1b654ba0

SHA512
896bb4c2b905dda4eff531b840ef5fd0146530e4e21539b8c7b0ed5a340237e4f339bdbb0f85f6e12794e1d48701e6f849ce442ef4c391fa1c78441201918c43

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
16KB

MD5
4aafabb96465993116748f1621c5bae5

SHA1
a5402ff0cc4a086f03626d43253400e5bb62ec48

SHA256
4cfe07dcb2eb89d8579e17cffc55b70d2480e615eeb77e6ab0fd1c0ff65e5254

SHA512
781b20ea4d5c078480c033668fdcc0185fd59f7cd58df3c84533d6a81b2e157d1beacb3daaf806f33ebfb1281520f925a96069fdab275913e550eab243b8ced9

Download Submit
C:\Users\Admin\Downloads\SolaraB2.zip

Filesize
278KB

MD5
ea418b261e24a56105a6d328b60e9cc7

SHA1
4f89568a40fff23b381eb1009a764cc7eaf6580c

SHA256
da9098d4713d46c44b95758bdf17e3d2fa1633b3130c7be47b7111132dc051ff

SHA512
95a04802ae713e00940b6ddb55bc75ea7d3450cf31b5fb9d55f0b44aa3629bbf2695d979e1cdef244b4df987db89475cb7185f648cdaffbaa8189e3187dcc8de

Download Submit
C:\Users\Admin\Downloads\SolaraB2.zip:Zone.Identifier

Filesize
109B

MD5
08308d46d107e28cf78c9d226993f383

SHA1
1adfdb5da776f5e453c7db8804be429352859517

SHA256
be4109447ecad1510a573e5f204818be50931bb8885f4bb6fc590d5023ad4b2a

SHA512
8a7f9efdfd84787ebf567b1de69d13ca20e17321d757bfe0cdbb45b45cf95a49dd31dd1aeefae695067af0f36c9ad004bf058db97dfe97c24801c498effb3670

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 659024.crdownload

Filesize
7.6MB

MD5
dbb820772caf0003967ef0f269fbdeb1

SHA1
31992bd4977a7dfeba67537a2da6c9ca64bc304c

SHA256
b2ac1e407ed3ecd7c7faa6de929a68fb51145662cf793c40b69eb59295bba6bc

SHA512
e8ac879c7198dffb78bc6ee4ad49b5de40a5a7dbbda53d427d0a034941487d13c8bb2b8d590a1fcdd81cd6abb8f21fdfcd52924eb00c45a42ee06c1e4b3d590f

Download Submit
C:\Windows\Installer\MSI9437.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSI9497.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSI9A46.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
C:\Windows\Temp\{306AF57B-F1AF-4082-8459-B62722208043}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
memory/3444-4706-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4380-0x000002AC6F5B0000-0x000002AC6F62E000-memory.dmp

Filesize
504KB

Download
memory/3444-4388-0x000002AC6ED30000-0x000002AC6ED38000-memory.dmp

Filesize
32KB

Download
memory/3444-4384-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4547-0x00007FFD74C50000-0x00007FFD74C74000-memory.dmp

Filesize
144KB

Download
memory/3444-4546-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4383-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4382-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4585-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4951-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4949-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4598-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4611-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4612-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4379-0x000002AC6E9A0000-0x000002AC6E9AE000-memory.dmp

Filesize
56KB

Download
memory/3444-4378-0x000002AC6E960000-0x000002AC6E982000-memory.dmp

Filesize
136KB

Download
memory/3444-4372-0x000002AC6EAA0000-0x000002AC6EB52000-memory.dmp

Filesize
712KB

Download
memory/3444-4371-0x000002AC6E9E0000-0x000002AC6EA9A000-memory.dmp

Filesize
744KB

Download
memory/3444-4370-0x000002AC6ED70000-0x000002AC6F2AC000-memory.dmp

Filesize
5.2MB

Download
memory/3444-4665-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4369-0x000002AC6C170000-0x000002AC6C18A000-memory.dmp

Filesize
104KB

Download
memory/3444-4685-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4389-0x000002AC728C0000-0x000002AC728F8000-memory.dmp

Filesize
224KB

Download
memory/3444-4947-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4381-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4945-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4943-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4932-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4751-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4762-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4782-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4390-0x000002AC72890000-0x000002AC7289E000-memory.dmp

Filesize
56KB

Download
memory/3444-4793-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4795-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4823-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4825-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4881-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4883-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4894-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4905-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4919-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3444-4930-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/4724-1473-0x0000000000FF0000-0x00000000010BE000-memory.dmp

Filesize
824KB

Download
memory/4724-1474-0x0000000006010000-0x00000000065B6000-memory.dmp

Filesize
5.6MB

Download
memory/4724-3939-0x0000000006E20000-0x0000000006EB2000-memory.dmp

Filesize
584KB

Download
memory/4724-3958-0x0000000007300000-0x0000000007312000-memory.dmp

Filesize
72KB

Download
memory/4724-3940-0x00000000072D0000-0x00000000072DA000-memory.dmp

Filesize
40KB

Download
memory/4884-4422-0x00007FFD83AC0000-0x00007FFD83AC1000-memory.dmp

Filesize
4KB

Download