Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
84s -
max time network
75s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
02/01/2025, 19:02
Static task
static1
General
-
Target
Bootstrapper.exe
-
Size
800KB
-
MD5
02c70d9d6696950c198db93b7f6a835e
-
SHA1
30231a467a49cc37768eea0f55f4bea1cbfb48e2
-
SHA256
8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
-
SHA512
431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
-
SSDEEP
12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Solara.exe -
A potential corporate email address has been identified in the URL: [email protected]
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Solara.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Solara.exe -
Executes dropped EXE 2 IoCs
pid Process 5092 BootstrapperV2.11.exe 3504 Solara.exe -
Loads dropped DLL 2 IoCs
pid Process 3504 Solara.exe 3504 Solara.exe -
resource yara_rule behavioral1/files/0x001900000002acee-324.dat themida behavioral1/memory/3504-326-0x0000000180000000-0x000000018108B000-memory.dmp themida behavioral1/memory/3504-329-0x0000000180000000-0x000000018108B000-memory.dmp themida behavioral1/memory/3504-328-0x0000000180000000-0x000000018108B000-memory.dmp themida behavioral1/memory/3504-327-0x0000000180000000-0x000000018108B000-memory.dmp themida behavioral1/memory/3504-445-0x0000000180000000-0x000000018108B000-memory.dmp themida behavioral1/memory/3504-487-0x0000000180000000-0x000000018108B000-memory.dmp themida -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Solara.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
flow ioc 21 pastebin.com 3 discord.com 7 discord.com 10 discord.com 15 pastebin.com -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 3504 Solara.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 4296 msedgewebview2.exe 3596 msedgewebview2.exe 1028 msedgewebview2.exe 3580 msedgewebview2.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedgewebview2.exe -
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
pid Process 2372 ipconfig.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2584844841-1405471295-1760131749-1000\{8145252E-4C7E-437A-A5B5-2417D597A9D9} msedge.exe Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe -
Suspicious behavior: EnumeratesProcesses 59 IoCs
pid Process 5092 BootstrapperV2.11.exe 1560 msedge.exe 1560 msedge.exe 1596 msedge.exe 1596 msedge.exe 4628 msedge.exe 4628 msedge.exe 3504 Solara.exe 3504 Solara.exe 448 msedgewebview2.exe 448 msedgewebview2.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3580 msedgewebview2.exe 3580 msedgewebview2.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe 3504 Solara.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 3896 msedgewebview2.exe -
Suspicious use of AdjustPrivilegeToken 45 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 4108 WMIC.exe Token: SeSecurityPrivilege 4108 WMIC.exe Token: SeTakeOwnershipPrivilege 4108 WMIC.exe Token: SeLoadDriverPrivilege 4108 WMIC.exe Token: SeSystemProfilePrivilege 4108 WMIC.exe Token: SeSystemtimePrivilege 4108 WMIC.exe Token: SeProfSingleProcessPrivilege 4108 WMIC.exe Token: SeIncBasePriorityPrivilege 4108 WMIC.exe Token: SeCreatePagefilePrivilege 4108 WMIC.exe Token: SeBackupPrivilege 4108 WMIC.exe Token: SeRestorePrivilege 4108 WMIC.exe Token: SeShutdownPrivilege 4108 WMIC.exe Token: SeDebugPrivilege 4108 WMIC.exe Token: SeSystemEnvironmentPrivilege 4108 WMIC.exe Token: SeRemoteShutdownPrivilege 4108 WMIC.exe Token: SeUndockPrivilege 4108 WMIC.exe Token: SeManageVolumePrivilege 4108 WMIC.exe Token: 33 4108 WMIC.exe Token: 34 4108 WMIC.exe Token: 35 4108 WMIC.exe Token: 36 4108 WMIC.exe Token: SeIncreaseQuotaPrivilege 4108 WMIC.exe Token: SeSecurityPrivilege 4108 WMIC.exe Token: SeTakeOwnershipPrivilege 4108 WMIC.exe Token: SeLoadDriverPrivilege 4108 WMIC.exe Token: SeSystemProfilePrivilege 4108 WMIC.exe Token: SeSystemtimePrivilege 4108 WMIC.exe Token: SeProfSingleProcessPrivilege 4108 WMIC.exe Token: SeIncBasePriorityPrivilege 4108 WMIC.exe Token: SeCreatePagefilePrivilege 4108 WMIC.exe Token: SeBackupPrivilege 4108 WMIC.exe Token: SeRestorePrivilege 4108 WMIC.exe Token: SeShutdownPrivilege 4108 WMIC.exe Token: SeDebugPrivilege 4108 WMIC.exe Token: SeSystemEnvironmentPrivilege 4108 WMIC.exe Token: SeRemoteShutdownPrivilege 4108 WMIC.exe Token: SeUndockPrivilege 4108 WMIC.exe Token: SeManageVolumePrivilege 4108 WMIC.exe Token: 33 4108 WMIC.exe Token: 34 4108 WMIC.exe Token: 35 4108 WMIC.exe Token: 36 4108 WMIC.exe Token: SeDebugPrivilege 1316 Bootstrapper.exe Token: SeDebugPrivilege 5092 BootstrapperV2.11.exe Token: SeDebugPrivilege 3504 Solara.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 3896 msedgewebview2.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe 1596 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3356 MiniSearchHost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1316 wrote to memory of 4812 1316 Bootstrapper.exe 78 PID 1316 wrote to memory of 4812 1316 Bootstrapper.exe 78 PID 4812 wrote to memory of 2372 4812 cmd.exe 80 PID 4812 wrote to memory of 2372 4812 cmd.exe 80 PID 1316 wrote to memory of 3324 1316 Bootstrapper.exe 81 PID 1316 wrote to memory of 3324 1316 Bootstrapper.exe 81 PID 3324 wrote to memory of 4108 3324 cmd.exe 83 PID 3324 wrote to memory of 4108 3324 cmd.exe 83 PID 1316 wrote to memory of 5092 1316 Bootstrapper.exe 85 PID 1316 wrote to memory of 5092 1316 Bootstrapper.exe 85 PID 5092 wrote to memory of 1596 5092 BootstrapperV2.11.exe 86 PID 5092 wrote to memory of 1596 5092 BootstrapperV2.11.exe 86 PID 1596 wrote to memory of 244 1596 msedge.exe 87 PID 1596 wrote to memory of 244 1596 msedge.exe 87 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1488 1596 msedge.exe 88 PID 1596 wrote to memory of 1560 1596 msedge.exe 89 PID 1596 wrote to memory of 1560 1596 msedge.exe 89 PID 1596 wrote to memory of 1708 1596 msedge.exe 90 PID 1596 wrote to memory of 1708 1596 msedge.exe 90 PID 1596 wrote to memory of 1708 1596 msedge.exe 90 PID 1596 wrote to memory of 1708 1596 msedge.exe 90 PID 1596 wrote to memory of 1708 1596 msedge.exe 90 PID 1596 wrote to memory of 1708 1596 msedge.exe 90 PID 1596 wrote to memory of 1708 1596 msedge.exe 90 PID 1596 wrote to memory of 1708 1596 msedge.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1316 -
C:\Windows\SYSTEM32\cmd.exe"cmd" /c ipconfig /all2⤵
- Suspicious use of WriteProcessMemory
PID:4812 -
C:\Windows\system32\ipconfig.exeipconfig /all3⤵
- Gathers network information
PID:2372
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")2⤵
- Suspicious use of WriteProcessMemory
PID:3324 -
C:\Windows\System32\Wbem\WMIC.exewmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4108
-
-
-
C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.11.exe"C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.11.exe" --oldBootstrapper "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe" --isUpdate true2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5092 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/invite/8PgspRYAQu3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1596 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xb8,0x10c,0x7ff851893cb8,0x7ff851893cc8,0x7ff851893cd84⤵PID:244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,16743271804106179726,17008350926405993264,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:24⤵PID:1488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,16743271804106179726,17008350926405993264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:1560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,16743271804106179726,17008350926405993264,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:84⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16743271804106179726,17008350926405993264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:14⤵PID:572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16743271804106179726,17008350926405993264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:14⤵PID:4268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16743271804106179726,17008350926405993264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:14⤵PID:3728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,16743271804106179726,17008350926405993264,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4848 /prefetch:84⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,16743271804106179726,17008350926405993264,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4860 /prefetch:84⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4628
-
-
-
C:\ProgramData\Solara\Solara.exe"C:\ProgramData\Solara\Solara.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3504 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3504.2952.37023961730198738504⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:3896 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0xe0,0x108,0x10c,0xe4,0x114,0x7ff851893cb8,0x7ff851893cc8,0x7ff851893cd85⤵PID:2832
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1928,7207142314554072438,5229325281793373367,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:25⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:4296
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,7207142314554072438,5229325281793373367,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2044 /prefetch:35⤵
- Suspicious behavior: EnumeratesProcesses
PID:448
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,7207142314554072438,5229325281793373367,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2480 /prefetch:85⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:3596
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1928,7207142314554072438,5229325281793373367,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:15⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:1028
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,7207142314554072438,5229325281793373367,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4480 /prefetch:85⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3580
-
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4712
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4848
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:852
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1824
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3356
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
557KB
MD5b037ca44fd19b8eedb6d5b9de3e48469
SHA11f328389c62cf673b3de97e1869c139d2543494e
SHA25611e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
SHA512fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
-
Filesize
50KB
MD5e107c88a6fc54cc3ceb4d85768374074
SHA1a8d89ae75880f4fca7d7167fae23ac0d95e3d5f6
SHA2568f821f0c818f8d817b82f76c25f90fde9fb73ff1ae99c3df3eaf2b955653c9c8
SHA512b39e07b0c614a0fa88afb1f3b0d9bb9ba9c932e2b30899002008220ccf1acb0f018d5414aee64d92222c2c39f3ffe2c0ad2d9962d23aaa4bf5750c12c7f3e6fe
-
Filesize
14KB
MD5c051afac7ab368992b08a41750b3446e
SHA13443c8d9e158d943c8cf7053959e502240cb23e0
SHA25646f67f8d457e2b93f3e8169a552af3438bfaa5df6aa91af2caf3397bcdec3bd4
SHA512de43d06cdddf40387b7e7efd162f0701e779a539d76cef6b85d7fb61ec182000d748c7a5127bfb63c1c4f2cee9657464698c0ada425bf6ab3ca299bee2401714
-
Filesize
14KB
MD5610eb8cecd447fcf97c242720d32b6bd
SHA14b094388e0e5135e29c49ce42ff2aa099b7f2d43
SHA256107d8d9d6c94d2a86ac5af4b4cec43d959c2e44d445017fea59e2e0a5efafdc7
SHA512cf15f49ef3ae578a5f725e24bdde86c33bbc4fd30a6eb885729fd3d9b151a4b13822fa8c35d3e0345ec43d567a246111764812596fd0ecc36582b8ee2a76c331
-
Filesize
5KB
MD58706d861294e09a1f2f7e63d19e5fcb7
SHA1fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23
SHA256fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42
SHA5121f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f
-
Filesize
171KB
MD56af9c0d237b31c1c91f7faa84b384bdf
SHA1c349b06cad41c2997f5018a9b88baedd0ba1ea11
SHA256fb2cbf2ee64286bc010a6c6fe6a81c6c292c145a2f584d0240c674f56e3015b0
SHA5123bda519fed1cfa5352f463d3f91194122cf6bf7c3c7ab6927c8ca3eea159d35deb39328576e7cbd982cfdf1f101b2a46c3165221501b36919dbde6f1e94bf5ff
-
Filesize
2.0MB
MD59399a8eaa741d04b0ae6566a5ebb8106
SHA15646a9d35b773d784ad914417ed861c5cba45e31
SHA25693d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18
SHA512d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8
-
Filesize
31KB
MD574dd2381ddbb5af80ce28aefed3068fc
SHA10996dc91842ab20387e08a46f3807a3f77958902
SHA256fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48
SHA5128841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e
-
Filesize
27KB
MD58a3086f6c6298f986bda09080dd003b1
SHA18c7d41c586bfa015fb5cc50a2fdc547711b57c3c
SHA2560512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9
SHA5129e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017
-
Filesize
695KB
MD5195ffb7167db3219b217c4fd439eedd6
SHA11e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA51256eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
-
Filesize
613KB
MD5efa26a96b7af259f6682bc888a8b6a14
SHA19800a30228504c30e7d8aea873ded6a7d7d133bb
SHA25618f4dca864799d7cd00a26ae9fb7eccf5c7cf3883c51a5d0744fd92a60ca1953
SHA5127ca4539ab544aee162c7d74ac94b290b409944dd746286e35c8a2712db045d255b9907d1ebea6377d1406ddd87f118666121d0ec1abe0e9415de1bba6799f76e
-
Filesize
152B
MD51c5e9665f9cc84a164262b6d8f1ccca2
SHA19d6287c4e035f73632eca50d3800a76e3144d382
SHA256f2eb294cfb98703f02b0d71b36737ad86a82aaa97bb8893e7d053895caaca22d
SHA51244fc93a9de61e7fda15d59379a78574e9785ae480a2791b338ebd3274669e12927af07a4ae5b454d08f0de6d7152253c9e2c354dfe854e8f514429711c86c197
-
Filesize
152B
MD5d84d6a1123e37fe8d9bb57d44cab8b60
SHA12dc16134a4e6666c9b5582cf1dd955a3564bcc34
SHA256b03715781377bd5ead0e94e7eae00f786e0754402e5452f9e9353182c732fb3e
SHA512b8bc89ba6dab8584e997107f0426eac3089076b25b156127b5fce35f81a968872e6f495f290b7abff6ed2a6b928cfdfd3ce458a0a712c7dadae5ee9d4cf345ff
-
Filesize
20B
MD59e4e94633b73f4a7680240a0ffd6cd2c
SHA1e68e02453ce22736169a56fdb59043d33668368f
SHA25641c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
8KB
MD587364bca7b1be0fc73e50bc4bf1a28ac
SHA15594ee6e4cc3050ffe9f9daa571b98d901049aa3
SHA256a13bfa854b3156e52a4df1f8beca377ad1ef1d85bf35a3502161b5b905f5947f
SHA5123882399ef8e4a0bca062ee9d9512e10bab8d5750192f50e74f7ed423641faf4df0f8774d2087ea0983d5f47fb3b42b66140d69fc02908499f4869ff83d8fdabc
-
Filesize
8KB
MD57a42792731dd3a18dde4c33846eae4ea
SHA1b561195e8a1fb3f0cf90cda52734d17151b4307d
SHA2567d8e84f1ba4950a13a25cd929784af6dde0598979566de62bdf8f2fe302d8f9c
SHA512caf4252d96d480747b8d18987712e9a96d1d84dd017fdaafcd22156360e4eea4b85fa909039b2813e1f6319e28c09e32113c4d3e4a8da033c7e249a831a9c145
-
Filesize
264KB
MD5d0d388f3865d0523e451d6ba0be34cc4
SHA18571c6a52aacc2747c048e3419e5657b74612995
SHA256902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17
-
Filesize
6.4MB
MD5ea941865c88edbc63d9f8e7f690cf03a
SHA1c3c2a6ab54b6ed8023fa492afa744ac15ae1f239
SHA2569d017e4532eb760a48aaf663fc70c732f06839a027c47b447f804fcb424e59bf
SHA5127383dcc92a9c8d469ed4c0d05240667d139c5b502ea80da521ed3750301fd0f805e38ba2df28e1dd45e359c7975314a5f99f17de69113e3ae34d9041ebbf07a7
-
Filesize
133KB
MD5a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1dd109ac34beb8289030e4ec0a026297b793f64a3
SHA25679d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA5122a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50
-
Filesize
5.2MB
MD5aead90ab96e2853f59be27c4ec1e4853
SHA143cdedde26488d3209e17efff9a51e1f944eb35f
SHA25646cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d
-
Filesize
152B
MD502a4b762e84a74f9ee8a7d8ddd34fedb
SHA14a870e3bd7fd56235062789d780610f95e3b8785
SHA256366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da
SHA51219028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f
-
Filesize
152B
MD5826c7cac03e3ae47bfe2a7e50281605e
SHA1100fbea3e078edec43db48c3312fbbf83f11fca0
SHA256239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab
SHA512a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize576B
MD5ff9f21e0a3e8e1294392148e2738179d
SHA1eeae692dca51e2c8d0a3db4ddbca626dddf3c64e
SHA2564ad10ec25bded0138033730ff5950aebc8e27e2acd88ef4ab0d9eac7b0a1db3e
SHA512f649cd8dbf63d4a08cf2b517787f5c352c3bcd89260b21a6e82f2dea4e7520255b55b58ec6c052fedcd411edaafe05c4e76daacc0def485a1c53bdb47e6976e4
-
Filesize
468B
MD51a6bfa31f9a9acfb08e1770d420dbd16
SHA1265d0f914d83b6c86d206bfac274ec6a21c2e1a2
SHA256fd08f1296353381d7b1d714885266ef5ab8435d51f3c3aa2afbe1378514e6467
SHA5128c537b1654ee2a31723fcdd2e78e250fdc13890adb5c8f6f60e909bd8fe2782c2dedf263aa30a4354543cc6318e721d9b41fdc473d85730e7f65f2122628356e
-
Filesize
5KB
MD5c84a45f3e4c57c6cbe2933e3441c3529
SHA1c1ba2ff5a8f474e08df0434327c847653393078a
SHA256dbe64d8e33841935d0f72b96f66e4658f410921bd24e4ab38dfb3da91ed58e2a
SHA512cd23fa1af8c55aa86d5e31117f286d96c9e4083732cc20cddb46a38becc0dbc52cb350b70b90fea4755d9a84065a044a852782337a0c483f652a8d81e347f95b
-
Filesize
6KB
MD59d219916552c9fd668f204dc498fac1e
SHA198562b03a42851122368fd4d6375da02a0ee9883
SHA256e64fd7a09d39b45c91e688f6858d7aea87ec6951f244899b8aaea014ecb21e8f
SHA51253d5a305aa3cd00bd071ca1065bba958822ab38ace7110fb5b700e87f75237a24f6f581f83ae6d202cc52d3060823f5dbf068abb4dee52545d2fdf6aa8fb087b
-
Filesize
10KB
MD52c88b2c9b659ab774fc6c999bde6b906
SHA165b061fdc17dfcddee2df20da2dc737ee712677c
SHA2561e9925cb3108eeadbddcd9757fb7716591defc1461c905affc81f690aee04f1a
SHA512c145f1d01b308d09e8b6bf0fdb75ef3733bb6063a4f4fd6520b327c3d0829761b260febf1b90906639c9f1040300d7837edcc404393ee8a1b0a253b6ce038d62
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD571a6b59e08e25451e52675c842fae23c
SHA1565a97673954a9209c7a05fba20b89d10b88025f
SHA2565b96212d3d1347b76c8c1c64b2f7ef981242bedd3b84b766b543d56dbbf8dbd6
SHA5125cc98eb2aa02e2e69165170451d89dd880893e6b07440bb84fbab6cf92cb558bd58c2235d8d64ff43d380c5e9869827800d310ee67950bb21b498d89fbb5aab3
-
Filesize
2.9MB
MD56ba3f4d057686fee3f1f792df10d5869
SHA1ade4a1ada7886ca1bd4c8d7d1d3cba62f9e018a1
SHA2561aeba3aa813d2a63819a2051ff3a657cea022d4df5e6a6f88abe947d1db00177
SHA51279e93fba04fbdcad41b2b45462ee4994e08d8a63eee9fad2713a2b886d8fb4f697c489150466c883c3b0e039b4922b709fd1dbd4bc882cb16b9d9efc139a2285