930f92c6452ceafc155f59d8e279328ee20dee6e7a01b6d71c724cbb258b5691

Analysis

max time kernel
325s
max time network
335s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
24-09-2024 08:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Solaًra.zip
Size

56.8MB
MD5

e821007194332b5fb1ed3926e4e8293a
SHA1

b52a5f0e7c0fcd84b5adde7c8826208ce558431b
SHA256

930f92c6452ceafc155f59d8e279328ee20dee6e7a01b6d71c724cbb258b5691
SHA512

10a8e3e738d10fa76fa0f7150ef43fa1ea1fff9bc4f88737a74a3a29806e18fe44d654947cc821948860b1be24bab8637f40e0b66fb03affda5c3881d2832838
SSDEEP

1572864:OdXrKxWlYoIAVEypkQk88i4kyquqHMl6jxKW:CexWOoIYkbi4kyqMOxKW

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Soًlv1.17.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
5068	msedge.exe
5068	msedge.exe
4508	identity_helper.exe
4508	identity_helper.exe
5000	msedge.exe
5000	msedge.exe
5020	msedge.exe
5020	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	676	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	676	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2192	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 2972	5068	msedge.exe	84
PID 5068 wrote to memory of 2972	5068	msedge.exe	84
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3760	5068	msedge.exe	85
PID 5068 wrote to memory of 3320	5068	msedge.exe	86
PID 5068 wrote to memory of 3320	5068	msedge.exe	86
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87
PID 5068 wrote to memory of 1648	5068	msedge.exe	87

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Solaًra.zip
1⤵
PID:5084

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xb8,0x10c,0x7ffed5ff3cb8,0x7ffed5ff3cc8,0x7ffed5ff3cd8
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2844 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3824 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=3356 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=1812,5485418972446231579,12156685056792732426,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=4756 /prefetch:6
  2⤵
  PID:1372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2428

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004AC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2868

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Soًlv1.17\ReadMe.txt
1⤵
PID:2544

C:\Users\Admin\Downloads\Soًlv1.17\Solaًra\Solara\SolaraV1.17.exe
"C:\Users\Admin\Downloads\Soًlv1.17\Solaًra\Solara\SolaraV1.17.exe"
1⤵
PID:2004

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\Downloads\Soًlv1.17\Solaًra\Solara\SolaraV1.17.exe
"C:\Users\Admin\Downloads\Soًlv1.17\Solaًra\Solara\SolaraV1.17.exe"
1⤵
PID:1444

C:\Users\Admin\Downloads\Soًlv1.17\Solaًra\Solara\SolaraV1.17.exe
"C:\Users\Admin\Downloads\Soًlv1.17\Solaًra\Solara\SolaraV1.17.exe"
1⤵
PID:2464

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
148KB

MD5
e486dbc77390edb59d27f207c6853042

SHA1
8dc57fe96df11697732f82723fcfb435d37a53c3

SHA256
6fddea0b4beb8c7e120886220adb9da5db8b09487c7d26edf34ee6712be75f75

SHA512
f0efb201670b9cc6f3ba15d91f6e245735bfb15801fd66a5322ce09189908b9df91258e3899103e65e3dd5bc105e01d41a01700608147e6a51cbcc2f61ccadb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
109KB

MD5
3de8cd6610c598c7b334bd306c05f862

SHA1
1e6c17cd1326c7e2362032f946cc863dae4897e8

SHA256
851db695ab367071fd28cbaf437235abd0129b0543855a1b36fd3c89ad3f2057

SHA512
6905edf4b290ef75402e02131cc32719fcf2b20c369dd64f3b48382b7743b2aaad82a27feba30ee1a40b352c248ed93bec5df2b3802ac587afadeb85246103b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2d018fba69899b07a79143f7c5ec5abe

SHA1
9cc55b607bfa03de25dd0889cba77f0f0c16943f

SHA256
12a42ef8d96966582363a4b8814804d09c9522490fd8d8a961cd579f46416111

SHA512
bdb900ac92522166e7d2dd04f2bb4cf7fe8eef6b9b9d9977f7734cbb82271543649f80e5b9630e0d9939890a7cfc26987061ac4c9cf9572c7ca371c00c3be8bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cec21c32dae0dd7a9242589b9539d899

SHA1
10f507f5752eced733cc79eadf8082c5d792682b

SHA256
070c3de356af8e00430140a2cb88374d4db4ff6bada6bb6bdd0b7eb74b955784

SHA512
6f5eb5b333f0c565c2f931df562861ba6c8834ed9afcb5a1fea089363bc07d2e6962f49485a5cdf33ce7804702c31fc3d20041c4695b104561fa2d512fa4ee70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e649ea1061af95095239f4fb488a6d43

SHA1
a79b6b469f7cdee3872dfa2fb2e5b0985d3f4a04

SHA256
26bed59fa6d5986e32f783b0d7ec3e4a45eeab1087ad23e68c2419ad1dc34a31

SHA512
b9b1eb58e3cb116b414151888d48d6c47aa42acde66673496e12af0fe51b0f7c8da20b55b4a8f58bb325b4409b261b9b4b0c1b07ce22e383efcc7b2da09ef325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9084669f6459f818e9cbb8c8e8babb40

SHA1
69ba21a1a5ec73762dd82e459f2ccb6a88b13d9c

SHA256
2930bcee2177636dc31eb1855b1afcc82e6e1577e44237bc6fbc73cdf693403e

SHA512
787c574de083dd17d11774a048e10ca8be5cadeddae8888c6e6ad5ca881622c52ce961235fdc61f09aaf82b826b67b6b937e526cb159e5422c036672c763a9ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7146ae8e29bb83c42e94063ebf56f086

SHA1
943144e2c2be48edb4b3e83138eb793d8bfc2150

SHA256
10e85cecd4f8d6d61bf0a3ab5743f4f441cae3f9371c64cfd870fd58fac30c38

SHA512
325c94a1d852795b3839368661e644cdf60891b91a43603ecdb93faae1c9fcddd7b7869cf572a8a49224352b512f939436df2280314ad94da59913a5d24ab29e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa75a1f273fe3b369e88c4e3f930e181

SHA1
89ae8a4fec2ba0fcf798b8e78bb0fdcd555b580a

SHA256
d0790ed7fe08fa3537f67c195cdf4c1cb7b2a7f0ea1e1f806a46ec9224baf365

SHA512
64606c6739c3d934f1428a3e74b9fc117209502657739102dc5be621f70763611e41c1fd8e0dccec6648c6bb67fa0580103fe0a2967bb91a5412ab4e6ca08644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e765d3c8d9a42417fe1ce4cc7972ddf5

SHA1
4eaf1bda5d21beee22efd9947556a4dfb242fa57

SHA256
59237610064c52812eaa53beeae8065d765d27752866ad7e6cfa83c2029be0a5

SHA512
e309890067c05096aeda3e49a8b414992a5d32ee81ca147e2a8d03b84ed568c6ce2a12cf2c2839ed1a7e32f1e59a1eb8b5700908bb4e1dd30056ec6aeff36613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fe777947225431ff0be4d89d479447d3

SHA1
1ca5f5c76c9569d2f949a75685c5883082b759c1

SHA256
e18df420abdc9dfe51a89daa610f1b2bd361c1354ebee647b8b788e8f7b210f1

SHA512
abc8a36f63cf02aa87e70f98be3b890d674f13fd943753e79e3fcb76cc95c0df63fdca941d55143d688a98724bd27a20904084c889d4c1a6f5d5b298c45c5e6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
83b695a50fd08ad7e4b7cf77db442c18

SHA1
c1ee059aa0fb2d330cb1d2ad2e552c87457c4e3a

SHA256
22b17f4e70178a4d22c8c0c8ee3cfa7dbe594f931ba593ff0a843b2fb4472311

SHA512
0092a79a63a14567a4fa455b7579992d93444a8a47e954522ad33e76a05c6fb1527adc479435f733345ea87820b412c4fb8538e168dde0a8c4be9f0615de2cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
617f1cb1290fce4368fccc020ab561b0

SHA1
a479e859db2a4f2a110645593542bdf4018a9d42

SHA256
e81d304c47bff963b5d843877849dee31a014f94d07ed3770364d512a088fa5b

SHA512
955306d989f50ec109a30ab3d7088de1b6aa2661fb87497c815cbf982be78a0260815af09fffa614a789f8b28083f4c9abfc8ffa2a1189f550b83c7d9b7961fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9d7a0676-e87d-4dce-9f21-5d9e4ec66318\index-dir\the-real-index

Filesize
2KB

MD5
aa641f16f30a3089eb1d3fae75c9c2a4

SHA1
f00734468b0afeef47deb0d0a213412d1b818d50

SHA256
b9b956268e33d591466599bfdc99703b7c370e425bf47e37d74263dc87f1152e

SHA512
065a5228412f14257e7e3b80266a53bac0b79dce25ad54feaecaedb65cb2440ac6fb2b535e108aae63e97086847db5c9e197e0f1ae55680200b67fa52462cbe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9d7a0676-e87d-4dce-9f21-5d9e4ec66318\index-dir\the-real-index

Filesize
2KB

MD5
7dc92e6487ca0e955da442f44d9a5a6e

SHA1
48c7a2ef06a5991e4ebe11b2c7dad100652cffbe

SHA256
906e3ff42d3fa91eeafd3addba39b9fffb033d88ac556841cbf1dd19be49f647

SHA512
4bec52dd7b6ba0bfd3918f7a70d4968c369eba525aef701fe28503eccc49fed6cbed49a929fd32b11a99fedfc6f1a62529e21ee3c7c713dd561bc8f9e83e44e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9d7a0676-e87d-4dce-9f21-5d9e4ec66318\index-dir\the-real-index~RFe598e3c.TMP

Filesize
48B

MD5
c84843e2376fee6b2e3d2d4051c25298

SHA1
86e8d02d6e64138004b580e51a63e115d30ddcc2

SHA256
262e478a2e222208128b4d631e7643949f82402403cdb18b984d638975c590fc

SHA512
7d0f0607689085988d8c4522d89ff6ca1988c74bf10a8e7a34085ff64110502e5684fcfe782577efdf8c8d314723f54a89f56d45c124c5b4d219d5fefd6297e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
724287fccb4b10439407cecd7192324d

SHA1
699f9b3400d30c71c22309a340b8647733d16d1e

SHA256
ceb385366a8ba509e1401201d98e7d3a32b7d82e99461c953033ae533eb7744e

SHA512
b9190c9a48b8e58558dd80a4dc9d9a6a1d2116a96d3a18bffd8d56deee45b307ea0792b6e043692cb66fa52a51ca1a0a7e8495d7b0d61fe23274d8fc1a5e8e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
72e04d7cbd9f7d89da210b0c07c6a5c3

SHA1
95f8d36908214b32e748186c0784327758fca179

SHA256
5b9c37537c695b85c6d0e3e818b6d264badf4fe180c9d748dcc6dc064d102e78

SHA512
d305ec0e35b5f787db8c0d42b25813104a6c938e314a6d5701835c6c48e9c41ac3ad71fa1cbfe0d68cbed56c5213199ab3eb1f4c20327a2fcd5256066b636c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
2e33019228b5400e7c1fe00912087571

SHA1
bc2b161ffe3bb959eb22f7511fde55e2169120b1

SHA256
c6f42bb08251f0a69386990386f77e7230a98cbd3498b6fbbc54847be2e126b0

SHA512
8ce71625dd05c67b2dcc6cc6667e0810f424bedc8a2e7bdbae32a6c1fdddb7c89bd23064bc48ba81cda5e007878d76068ca061c92a3a2193fc44bbb76fe95775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
bce8cd9e357edc72692f50813fffd1d5

SHA1
9e0df94e255807df393d3d68c5ca3a22202337a0

SHA256
bc19a6e10a7a7f21614a6aab3ef959a5ce9844f0fbde7b093a220c4fc4532e54

SHA512
907bccbea9e7bfd1c9afda0ea1e2b32edce54ae188af8cab7d21e63f4bbe607b9cedc24e72f83bf6a7e24c82c16d30f48d6132bcd25e94544f919a76bf3668fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
fa3fc35f41b7b4e1b1c280f066774e2d

SHA1
7294f802fa7973d3766cce8ed182117afb3e6dda

SHA256
cfe5bfee1282597e3b9dde41a3c46e6c3ffdf707ec6d80fa31d27ef958d1232c

SHA512
764bcc330c68dd849b832258f21f443342993377d3789abeff630d41cf3ce2ebcdde9cda756808bc2a5a5e859d44b6ded40cd2fa24586383bcf9e61bf0a9724d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
73a0ebc6f3391f4874da5133b37a60f4

SHA1
448d94936ad7d9663e1a2616b8c76e404eb33b7c

SHA256
7ae445149dea8ef220c85f139ec2f76f6ae1571feeec4424bbf2f26787f8c0c2

SHA512
d2ce4252480d6590d0a0969fee2a8fb66260f95ecddd1f0af1066370bf67297a9873addb42a8d40eff514b052cc8f22eb9d93a77e952aa94201b154fe4e9cf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595663.TMP

Filesize
48B

MD5
387863fccf727bd7a159d4fbd6efbee8

SHA1
b6f0b3cfe8ff4c48d5c55346f4fb1fc7a40a90a8

SHA256
e9db95db88070588d0814d0fa05309f2b498a182ba3480274647d15e17a97819

SHA512
5f04e9ad140c2e7b475cee5c880a644c2fffd81b3c4acfb78a072bf245231bca05327e0a755c96e32cde9a972d29530b80a5ee99bde1c40fdb5df0f12046cd18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7a3e731ea7fab5ca8d7cbbbf568ec6b8

SHA1
4b144e4a5e2acb0123ceb6691083754c4db72a86

SHA256
e2903025470630186f1ead4c165f401248ac6614e56735ca7b7fdae15e9d621b

SHA512
edea96cd15c1a97ad5bd24e186d71aa3460d38387c29ab3789790129b43cb4e78b9c0dd815924d2de93841480adb79796bccab75669cdc0e5f1039573173b2f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e14a48f4803d6c5af00a652ccbe94b12

SHA1
728e5533f9487d5e4e0359f5e00ba02e6bf38350

SHA256
1cabdafcb4ea8dae314ee950ec67a7f88c2059a72239ef47eae21a7f9e5ebfdf

SHA512
7e2264dffd38a665f949fb7706ab6ad4bd31f3edec8c8e944ca545a980964651b2dd890e5aab676d919d1a1f71aec63d2c557711835f484b66dd2a5e8a9c38b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5919d7.TMP

Filesize
538B

MD5
a5995f19047dff231bcf212a20e70285

SHA1
ba96e35b3f2a315ca208e68adbbcb8de6ad50794

SHA256
d4f4fd2e9a610ce8f5168d459f89143a18304fec599b64e5848f63aeeccc7f10

SHA512
f25130c3c04f0f56bf2f8187b7b63e6b8fc096cd158d4c639fc1ef05d3d9e4a498b66a5ced1aa80c359d54a300db68b921c760a9fe4799ed58e95d87814e90e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
21de5893b9c3a5d04274c689d5d9a8df

SHA1
6fd8e1a85889fde48022a412e8a5ceebcdc9d0b0

SHA256
ea7b0eda5bde808054e97103a13cf00c2c7ef338376540935cd62a96ad1ebfeb

SHA512
34ad833cea5c0046df736540442dffa6352a107d8454f3968ebb200d567139e7f9e4a58c8db7ef58563cc66484f45c6886e38a063a0036fe01250fe3b65472cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7274bad9bbd02608a980394d62744d56

SHA1
cb6dc34854f1fca80195ed7437ed8b0328ba5e6c

SHA256
9ee2c94f0556781b3d934891cc8df260fd2b9b76234df282fa013654739cdcd6

SHA512
3636f726de06dab9207756f98b644e370d669105c7beba3730854606b4e2097e6028559984c6184318f4644d02ccb8d9482adbdfb5b83b48928249d5e3bc2a9c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
a73ea6e1db27acedbe4055c448f82ef7

SHA1
01769a266d26c4b4b374099606e86b8874ddd55f

SHA256
c3059c62596021e555ec7901361fcde75078ad931bcac6027539930bef8b77d9

SHA512
f9cfe99077e40ac3ff11ab39020d6e159ec06cf50f9b1d156858198d48851d29de8882a18609a17dd30ddea421c6c415683b8d7b14fa30a51ddd1cd76032deb4

Download Submit
C:\Users\Admin\Downloads\Soًlv1.17.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1444-647-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/1444-644-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/1444-703-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/1444-682-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/1444-675-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/1444-623-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/1444-672-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/1444-600-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/1444-589-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2004-587-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2004-681-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2004-646-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2004-641-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2004-599-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2004-588-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2004-702-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2004-671-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2004-579-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2004-622-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2004-674-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2464-673-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2464-678-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2464-645-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2464-603-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2464-628-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2464-701-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2464-594-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2464-652-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download
memory/2464-704-0x00007FF623530000-0x00007FF624378000-memory.dmp

Filesize
14.3MB

Download