e374b2e875ac81359fadd54cb01e746af430034cf94e7bcc881cf08996c5cc45

Analysis

max time kernel
329s
max time network
330s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2025 05:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BootstrapperV1.23.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

9^/10

discovery evasion persistence privilege_escalation themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	BootstrapperV2.14.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	BootstrapperV1.23.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 33 IoCs

pid	Process
3420	BootstrapperV2.14.exe
4808	MicrosoftEdgeWebview2Setup.exe
3104	MicrosoftEdgeUpdate.exe
4960	MicrosoftEdgeUpdate.exe
4188	MicrosoftEdgeUpdate.exe
2060	MicrosoftEdgeUpdateComRegisterShell64.exe
336	MicrosoftEdgeUpdateComRegisterShell64.exe
4224	MicrosoftEdgeUpdateComRegisterShell64.exe
1904	MicrosoftEdgeUpdate.exe
1748	MicrosoftEdgeUpdate.exe
452	MicrosoftEdgeUpdate.exe
2520	MicrosoftEdgeUpdate.exe
3844	MicrosoftEdge_X64_131.0.2903.112.exe
536	setup.exe
1568	setup.exe
2344	MicrosoftEdgeUpdate.exe
2084	Solara.exe
4612	msedgewebview2.exe
3692	msedgewebview2.exe
3464	msedgewebview2.exe
4876	msedgewebview2.exe
4500	msedgewebview2.exe
2524	msedgewebview2.exe
3436	msedgewebview2.exe
6080	msedgewebview2.exe
5180	msedgewebview2.exe
4192	msedgewebview2.exe
3168	msedgewebview2.exe
6044	msedgewebview2.exe
1076	msedgewebview2.exe
5684	msedgewebview2.exe
1712	msedgewebview2.exe
4740	msedgewebview2.exe

Loads dropped DLL 60 IoCs

pid	Process
3104	MicrosoftEdgeUpdate.exe
4960	MicrosoftEdgeUpdate.exe
4188	MicrosoftEdgeUpdate.exe
2060	MicrosoftEdgeUpdateComRegisterShell64.exe
4188	MicrosoftEdgeUpdate.exe
336	MicrosoftEdgeUpdateComRegisterShell64.exe
4188	MicrosoftEdgeUpdate.exe
4224	MicrosoftEdgeUpdateComRegisterShell64.exe
4188	MicrosoftEdgeUpdate.exe
1904	MicrosoftEdgeUpdate.exe
1748	MicrosoftEdgeUpdate.exe
452	MicrosoftEdgeUpdate.exe
452	MicrosoftEdgeUpdate.exe
1748	MicrosoftEdgeUpdate.exe
2520	MicrosoftEdgeUpdate.exe
2344	MicrosoftEdgeUpdate.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
4612	msedgewebview2.exe
3692	msedgewebview2.exe
4612	msedgewebview2.exe
4612	msedgewebview2.exe
4612	msedgewebview2.exe
4876	msedgewebview2.exe
3464	msedgewebview2.exe
4876	msedgewebview2.exe
3464	msedgewebview2.exe
4500	msedgewebview2.exe
4500	msedgewebview2.exe
2524	msedgewebview2.exe
3464	msedgewebview2.exe
3464	msedgewebview2.exe
3464	msedgewebview2.exe
3464	msedgewebview2.exe
2524	msedgewebview2.exe
2524	msedgewebview2.exe
3436	msedgewebview2.exe
3436	msedgewebview2.exe
3436	msedgewebview2.exe
4612	msedgewebview2.exe
6080	msedgewebview2.exe
6080	msedgewebview2.exe
5180	msedgewebview2.exe
5180	msedgewebview2.exe
4192	msedgewebview2.exe
4192	msedgewebview2.exe
3168	msedgewebview2.exe
3168	msedgewebview2.exe
6044	msedgewebview2.exe
6044	msedgewebview2.exe
6044	msedgewebview2.exe
1076	msedgewebview2.exe
1076	msedgewebview2.exe
5684	msedgewebview2.exe
5684	msedgewebview2.exe
1712	msedgewebview2.exe
1712	msedgewebview2.exe
4740	msedgewebview2.exe
4740	msedgewebview2.exe

Themida packer 17 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/2084-354-0x0000000180000000-0x0000000181096000-memory.dmp	themida
behavioral2/memory/2084-355-0x0000000180000000-0x0000000181096000-memory.dmp	themida
behavioral2/memory/2084-356-0x0000000180000000-0x0000000181096000-memory.dmp	themida
behavioral2/memory/2084-353-0x0000000180000000-0x0000000181096000-memory.dmp	themida
behavioral2/memory/2084-523-0x0000000180000000-0x0000000181096000-memory.dmp	themida
behavioral2/memory/2084-563-0x0000000180000000-0x0000000181096000-memory.dmp	themida
behavioral2/memory/2084-1031-0x0000000180000000-0x0000000181096000-memory.dmp	themida
behavioral2/memory/2084-1067-0x0000000180000000-0x0000000181096000-memory.dmp	themida
behavioral2/memory/2084-1102-0x0000000180000000-0x0000000181096000-memory.dmp	themida
behavioral2/memory/2084-1130-0x0000000180000000-0x0000000181096000-memory.dmp	themida
behavioral2/memory/2084-1360-0x0000000180000000-0x0000000181096000-memory.dmp	themida
behavioral2/memory/2084-1406-0x0000000180000000-0x0000000181096000-memory.dmp	themida
behavioral2/memory/2084-1583-0x0000000180000000-0x0000000181096000-memory.dmp	themida
behavioral2/memory/2084-1641-0x0000000180000000-0x0000000181096000-memory.dmp	themida
behavioral2/memory/2084-1828-0x0000000180000000-0x0000000181096000-memory.dmp	themida
behavioral2/memory/2084-1879-0x0000000180000000-0x0000000181096000-memory.dmp	themida
behavioral2/memory/2084-1938-0x0000000180000000-0x0000000181096000-memory.dmp	themida

Unexpected DNS network traffic destination 61 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
96	pastebin.com
79	pastebin.com
80	pastebin.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Checks system information in the registry 2 TTPs 12 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	msedgewebview2.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2084	Solara.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\te.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\zh-TW.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\mspdf.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\gd.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\Locales\cy.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\identity_proxy\win11\identity_helper.Sparse.Stable.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_en.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\ml.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_nb.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_sk.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\mi.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\sl.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\Locales\es-419.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4612_2087917441\ct_config.pb	msedgewebview2.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_es.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_es-419.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4612_283906493\hyph-da.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4612_283906493\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\libGLESv2.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\et.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\Trust Protection Lists\Sigma\Cryptomining	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\Trust Protection Lists\Sigma\Fingerprinting	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\Trust Protection Lists\Mu\CompatExceptions	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\Locales\nb.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_ar.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\elevation_service.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\VisualElements\LogoCanary.png	setup.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Trust Protection Lists\Mu\Fingerprinting	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4612_2087917441\crs.pb	msedgewebview2.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_pa.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\af.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\mt.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\onramp.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Trust Protection Lists\Mu\Analytics	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Trust Protection Lists\Mu\TransparentAdvertisers	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\Locales\it.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_ga.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\ga.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\identity_proxy\win11\identity_helper.Sparse.Dev.msix	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\Locales\hi.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source536_947359554\msedge_7z.data	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\vk_swiftshader_icd.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\sq.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\Locales\kk.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\gl.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\sq.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\identity_proxy\win11\identity_helper.Sparse.Stable.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\en-GB.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Trust Protection Lists\Sigma\Other	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\delegatedWebFeatures.sccd	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\concrt140.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\identity_proxy\win11\identity_helper.Sparse.Internal.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\msedge.dll.sig	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Trust Protection Lists\Sigma\Content	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\VisualElements\LogoCanary.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\prefs_enclave_x64.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\WidevineCdm\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\Locales\lo.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_bg.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\Locales\nl.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4612_696588902\crl-set	msedgewebview2.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2344	MicrosoftEdgeUpdate.exe
1904	MicrosoftEdgeUpdate.exe
2520	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
3172	ipconfig.exe

Modifies data under HKEY_USERS 44 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133812183080972460"	msedgewebview2.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LOCALSERVER32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\ = "Microsoft Edge Update Process Launcher Class"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\psmachine.dll"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CLSID\ = "{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\ = "Microsoft Edge Update Core Class"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ProgID\ = "MicrosoftEdgeUpdate.CoreMachineClass.1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\APPID\{A6B716CB-028B-404D-B72C-50E153DD68DA}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\AppID = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3420	BootstrapperV2.14.exe
3104	MicrosoftEdgeUpdate.exe
3104	MicrosoftEdgeUpdate.exe
3104	MicrosoftEdgeUpdate.exe
3104	MicrosoftEdgeUpdate.exe
3104	MicrosoftEdgeUpdate.exe
3104	MicrosoftEdgeUpdate.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
4632	chrome.exe
4632	chrome.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe
2084	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4612	msedgewebview2.exe
4612	msedgewebview2.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4616	WMIC.exe
Token: SeSecurityPrivilege	4616	WMIC.exe
Token: SeTakeOwnershipPrivilege	4616	WMIC.exe
Token: SeLoadDriverPrivilege	4616	WMIC.exe
Token: SeSystemProfilePrivilege	4616	WMIC.exe
Token: SeSystemtimePrivilege	4616	WMIC.exe
Token: SeProfSingleProcessPrivilege	4616	WMIC.exe
Token: SeIncBasePriorityPrivilege	4616	WMIC.exe
Token: SeCreatePagefilePrivilege	4616	WMIC.exe
Token: SeBackupPrivilege	4616	WMIC.exe
Token: SeRestorePrivilege	4616	WMIC.exe
Token: SeShutdownPrivilege	4616	WMIC.exe
Token: SeDebugPrivilege	4616	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4616	WMIC.exe
Token: SeRemoteShutdownPrivilege	4616	WMIC.exe
Token: SeUndockPrivilege	4616	WMIC.exe
Token: SeManageVolumePrivilege	4616	WMIC.exe
Token: 33	4616	WMIC.exe
Token: 34	4616	WMIC.exe
Token: 35	4616	WMIC.exe
Token: 36	4616	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4616	WMIC.exe
Token: SeSecurityPrivilege	4616	WMIC.exe
Token: SeTakeOwnershipPrivilege	4616	WMIC.exe
Token: SeLoadDriverPrivilege	4616	WMIC.exe
Token: SeSystemProfilePrivilege	4616	WMIC.exe
Token: SeSystemtimePrivilege	4616	WMIC.exe
Token: SeProfSingleProcessPrivilege	4616	WMIC.exe
Token: SeIncBasePriorityPrivilege	4616	WMIC.exe
Token: SeCreatePagefilePrivilege	4616	WMIC.exe
Token: SeBackupPrivilege	4616	WMIC.exe
Token: SeRestorePrivilege	4616	WMIC.exe
Token: SeShutdownPrivilege	4616	WMIC.exe
Token: SeDebugPrivilege	4616	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4616	WMIC.exe
Token: SeRemoteShutdownPrivilege	4616	WMIC.exe
Token: SeUndockPrivilege	4616	WMIC.exe
Token: SeManageVolumePrivilege	4616	WMIC.exe
Token: 33	4616	WMIC.exe
Token: 34	4616	WMIC.exe
Token: 35	4616	WMIC.exe
Token: 36	4616	WMIC.exe
Token: SeDebugPrivilege	548	BootstrapperV1.23.exe
Token: SeDebugPrivilege	3420	BootstrapperV2.14.exe
Token: SeDebugPrivilege	3104	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	3104	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	2084	Solara.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
2084	Solara.exe
4632	chrome.exe
4632	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 548 wrote to memory of 3176	548	BootstrapperV1.23.exe	83
PID 548 wrote to memory of 3176	548	BootstrapperV1.23.exe	83
PID 3176 wrote to memory of 3172	3176	cmd.exe	85
PID 3176 wrote to memory of 3172	3176	cmd.exe	85
PID 548 wrote to memory of 724	548	BootstrapperV1.23.exe	86
PID 548 wrote to memory of 724	548	BootstrapperV1.23.exe	86
PID 724 wrote to memory of 4616	724	cmd.exe	88
PID 724 wrote to memory of 4616	724	cmd.exe	88
PID 548 wrote to memory of 3420	548	BootstrapperV1.23.exe	90
PID 548 wrote to memory of 3420	548	BootstrapperV1.23.exe	90
PID 3420 wrote to memory of 4808	3420	BootstrapperV2.14.exe	100
PID 3420 wrote to memory of 4808	3420	BootstrapperV2.14.exe	100
PID 3420 wrote to memory of 4808	3420	BootstrapperV2.14.exe	100
PID 4808 wrote to memory of 3104	4808	MicrosoftEdgeWebview2Setup.exe	101
PID 4808 wrote to memory of 3104	4808	MicrosoftEdgeWebview2Setup.exe	101
PID 4808 wrote to memory of 3104	4808	MicrosoftEdgeWebview2Setup.exe	101
PID 3104 wrote to memory of 4960	3104	MicrosoftEdgeUpdate.exe	102
PID 3104 wrote to memory of 4960	3104	MicrosoftEdgeUpdate.exe	102
PID 3104 wrote to memory of 4960	3104	MicrosoftEdgeUpdate.exe	102
PID 3104 wrote to memory of 4188	3104	MicrosoftEdgeUpdate.exe	103
PID 3104 wrote to memory of 4188	3104	MicrosoftEdgeUpdate.exe	103
PID 3104 wrote to memory of 4188	3104	MicrosoftEdgeUpdate.exe	103
PID 4188 wrote to memory of 2060	4188	MicrosoftEdgeUpdate.exe	104
PID 4188 wrote to memory of 2060	4188	MicrosoftEdgeUpdate.exe	104
PID 4188 wrote to memory of 336	4188	MicrosoftEdgeUpdate.exe	105
PID 4188 wrote to memory of 336	4188	MicrosoftEdgeUpdate.exe	105
PID 4188 wrote to memory of 4224	4188	MicrosoftEdgeUpdate.exe	106
PID 4188 wrote to memory of 4224	4188	MicrosoftEdgeUpdate.exe	106
PID 3104 wrote to memory of 1904	3104	MicrosoftEdgeUpdate.exe	107
PID 3104 wrote to memory of 1904	3104	MicrosoftEdgeUpdate.exe	107
PID 3104 wrote to memory of 1904	3104	MicrosoftEdgeUpdate.exe	107
PID 3104 wrote to memory of 1748	3104	MicrosoftEdgeUpdate.exe	108
PID 3104 wrote to memory of 1748	3104	MicrosoftEdgeUpdate.exe	108
PID 3104 wrote to memory of 1748	3104	MicrosoftEdgeUpdate.exe	108
PID 452 wrote to memory of 2520	452	MicrosoftEdgeUpdate.exe	110
PID 452 wrote to memory of 2520	452	MicrosoftEdgeUpdate.exe	110
PID 452 wrote to memory of 2520	452	MicrosoftEdgeUpdate.exe	110
PID 452 wrote to memory of 3844	452	MicrosoftEdgeUpdate.exe	112
PID 452 wrote to memory of 3844	452	MicrosoftEdgeUpdate.exe	112
PID 3844 wrote to memory of 536	3844	MicrosoftEdge_X64_131.0.2903.112.exe	113
PID 3844 wrote to memory of 536	3844	MicrosoftEdge_X64_131.0.2903.112.exe	113
PID 536 wrote to memory of 1568	536	setup.exe	114
PID 536 wrote to memory of 1568	536	setup.exe	114
PID 452 wrote to memory of 2344	452	MicrosoftEdgeUpdate.exe	115
PID 452 wrote to memory of 2344	452	MicrosoftEdgeUpdate.exe	115
PID 452 wrote to memory of 2344	452	MicrosoftEdgeUpdate.exe	115
PID 3420 wrote to memory of 2084	3420	BootstrapperV2.14.exe	116
PID 3420 wrote to memory of 2084	3420	BootstrapperV2.14.exe	116
PID 2084 wrote to memory of 4612	2084	Solara.exe	117
PID 2084 wrote to memory of 4612	2084	Solara.exe	117
PID 4612 wrote to memory of 3692	4612	msedgewebview2.exe	118
PID 4612 wrote to memory of 3692	4612	msedgewebview2.exe	118
PID 4612 wrote to memory of 3464	4612	msedgewebview2.exe	119
PID 4612 wrote to memory of 3464	4612	msedgewebview2.exe	119
PID 4612 wrote to memory of 3464	4612	msedgewebview2.exe	119
PID 4612 wrote to memory of 3464	4612	msedgewebview2.exe	119
PID 4612 wrote to memory of 3464	4612	msedgewebview2.exe	119
PID 4612 wrote to memory of 3464	4612	msedgewebview2.exe	119
PID 4612 wrote to memory of 3464	4612	msedgewebview2.exe	119
PID 4612 wrote to memory of 3464	4612	msedgewebview2.exe	119
PID 4612 wrote to memory of 3464	4612	msedgewebview2.exe	119
PID 4612 wrote to memory of 3464	4612	msedgewebview2.exe	119
PID 4612 wrote to memory of 3464	4612	msedgewebview2.exe	119
PID 4612 wrote to memory of 3464	4612	msedgewebview2.exe	119

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection	msedgewebview2.exe

cURL User-Agent 7 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	91	curl/8.9.1-DEV
HTTP User-Agent header	92	curl/8.9.1-DEV
HTTP User-Agent header	93	curl/8.9.1-DEV
HTTP User-Agent header	94	curl/8.9.1-DEV
HTTP User-Agent header	443	curl/8.9.1-DEV
HTTP User-Agent header	86	curl/8.9.1-DEV
HTTP User-Agent header	90	curl/8.9.1-DEV

C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.23.exe
"C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.23.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:548
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3176
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:3172
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:724
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4616
- C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.14.exe
  "C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.14.exe" --oldBootstrapper "C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.23.exe" --isUpdate true
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3420
- - C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4808
  - - C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:3104
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4960
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4188
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2060
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:336
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4224
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjY3RkZBNjYtOTZEMy00N0Y2LUE3MEYtMUJDMjkxMjE3RTVFfSIgdXNlcmlkPSJ7NTgwMEUyNkYtMURFQy00NzIyLUIyMkEtQjUxN0NDOTVCQTc4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyNTc2QkQwQS0yM0Y1LTQ3RDMtQkQyOS04MTcyQUZGOTFBQzF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjQzIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTkyNDU1NTAxIiBpbnN0YWxsX3RpbWVfbXM9IjU4MCIvPjwvYXBwPjwvcmVxdWVzdD4
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1904
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{B67FFA66-96D3-47F6-A70F-1BC291217E5E}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1748
- - C:\ProgramData\Solara\Solara.exe
    "C:\ProgramData\Solara\Solara.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2084
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=2084.1656.12650983501705813168
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      Drops file in Program Files directory
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of WriteProcessMemory
      System policy modification
      PID:4612
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=131.0.2903.112 --initial-client-data=0x15c,0x160,0x164,0x138,0x19c,0x7ffccc9d6070,0x7ffccc9d607c,0x7ffccc9d6088
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3692
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1804,i,15570046960110722299,13183868802289830591,262144 --variations-seed-version --mojo-platform-channel-handle=1800 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3464
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1964,i,15570046960110722299,13183868802289830591,262144 --variations-seed-version --mojo-platform-channel-handle=2036 /prefetch:3
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4876
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2360,i,15570046960110722299,13183868802289830591,262144 --variations-seed-version --mojo-platform-channel-handle=2368 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4500
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3388,i,15570046960110722299,13183868802289830591,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2524
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4652,i,15570046960110722299,13183868802289830591,262144 --variations-seed-version --mojo-platform-channel-handle=4576 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3436
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5092,i,15570046960110722299,13183868802289830591,262144 --variations-seed-version --mojo-platform-channel-handle=4448 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6080
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4452,i,15570046960110722299,13183868802289830591,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5180
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5156,i,15570046960110722299,13183868802289830591,262144 --variations-seed-version --mojo-platform-channel-handle=5164 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4192
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5160,i,15570046960110722299,13183868802289830591,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3168
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5304,i,15570046960110722299,13183868802289830591,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6044
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5312,i,15570046960110722299,13183868802289830591,262144 --variations-seed-version --mojo-platform-channel-handle=5200 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1076
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5212,i,15570046960110722299,13183868802289830591,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5684
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5496,i,15570046960110722299,13183868802289830591,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1712
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4572,i,15570046960110722299,13183868802289830591,262144 --variations-seed-version --mojo-platform-channel-handle=4912 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4740

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:452
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjY3RkZBNjYtOTZEMy00N0Y2LUE3MEYtMUJDMjkxMjE3RTVFfSIgdXNlcmlkPSJ7NTgwMEUyNkYtMURFQy00NzIyLUIyMkEtQjUxN0NDOTVCQTc4fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7Rjc3MjJGNzYtMzU2Ni00NEJBLUFCQkEtNkZENzc2QUQzMzAzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI5NyIgaW5zdGFsbGRhdGV0aW1lPSIxNzI4MjkzNDU2IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNzI3NjYxMzI4NzAwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTE5ODEzNTQ0MiIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2520
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{94A60264-2D5B-4CDE-A71A-421606E95B33}\MicrosoftEdge_X64_131.0.2903.112.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{94A60264-2D5B-4CDE-A71A-421606E95B33}\MicrosoftEdge_X64_131.0.2903.112.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3844
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{94A60264-2D5B-4CDE-A71A-421606E95B33}\EDGEMITMP_5ADD1.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{94A60264-2D5B-4CDE-A71A-421606E95B33}\EDGEMITMP_5ADD1.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{94A60264-2D5B-4CDE-A71A-421606E95B33}\MicrosoftEdge_X64_131.0.2903.112.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:536
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{94A60264-2D5B-4CDE-A71A-421606E95B33}\EDGEMITMP_5ADD1.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{94A60264-2D5B-4CDE-A71A-421606E95B33}\EDGEMITMP_5ADD1.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{94A60264-2D5B-4CDE-A71A-421606E95B33}\EDGEMITMP_5ADD1.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x21c,0x220,0x224,0x200,0x228,0x7ff6b7902918,0x7ff6b7902924,0x7ff6b7902930
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:1568
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjY3RkZBNjYtOTZEMy00N0Y2LUE3MEYtMUJDMjkxMjE3RTVFfSIgdXNlcmlkPSJ7NTgwMEUyNkYtMURFQy00NzIyLUIyMkEtQjUxN0NDOTVCQTc4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFMzAxODYyNS1DRkJFLTQ2MUUtODM2RS03QkVCNTRBMkUyNzN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMxLjAuMjkwMy4xMTIiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUyMTIxNjU1NjYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MjEyMjk1NDI3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTQ2NzgzNTM2OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvN2Q5Y2Q5M2MtMWQ1ZS00NDliLTlhZDctZjFlOGQ2YjkwNTA5P1AxPTE3MzczNDkzOTcmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9SEZlTmhHJTJiJTJidlVCTUJVdzg4MDQ5QldDZ2hHTFdBZGducSUyYmZHWUFldUdTQzEwNmN4NkpWNjF3OG9JUDluYXV3U0loUDVmaDB5Z2ZIS1clMmYlMmZFdCUyZjg2cmclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzY4NzA5NzYiIHRvdGFsPSIxNzY4NzA5NzYiIGRvd25sb2FkX3RpbWVfbXM9IjE4OTQ4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTQ2Nzg4NTM3MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU0ODIwMjU1MTgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjYwOTcwNjU1MzciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI4OTUiIGRvd25sb2FkX3RpbWVfbXM9IjI1NTUxIiBkb3dubG9hZGVkPSIxNzY4NzA5NzYiIHRvdGFsPSIxNzY4NzA5NzYiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjYxNDk4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcd06ccc40,0x7ffcd06ccc4c,0x7ffcd06ccc58
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2320,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2276 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3232,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3600,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4848,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5124,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4972,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5132,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5300,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4828,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:2
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4776,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5076,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5744,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5752,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5156,i,8694644700537881495,8084107886024233804,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:5752

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1540

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Installer\setup.exe

Filesize
6.6MB

MD5
f0dc48bc6e1b1a2b0b15c769d4c01835

SHA1
66c1ba4912ae18b18e2ae33830a6ba0939bb9ef1

SHA256
7ada85f31a3b501eaecd2aa37b8df1f74b470b355279b5db2d1fbc0bb7de4889

SHA512
d2ceeaf987446f7463e84a6286dc1c8f50a80466af641f77d174826189ff5a56b048e616ad8d97ddb12a2f68e182af80309be717367224605c06dcf74a84cc0f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
182KB

MD5
8f7c44e937ecc243d05eab5bb218440b

SHA1
57cd89be48efe4cad975044315916cf5060bc096

SHA256
bc3cdd57a892ce1841787061e23e526ad46575460cd66c1dc6dcf0f811563d59

SHA512
9f0020b81d1945fea12efe1a0a5e59caae4a01432429e065e35c73b15db873253094b2ff1f8903a348446dfc9c9fb658f8bfed8c25bc56e8b546c16304a385a3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
70cc35c7fb88d650902e7a5611219931

SHA1
85a28c8f49e36583a2fa9969e616ec85da1345b8

SHA256
7eca199201273f0bcff1e26778cb535e69c74a69064e7759ff8dad86954d42b1

SHA512
3906ddb96b4b1b68b8c2acc940a62c856e8c3415a1b459f17cf2afc09e05751e0086f8e4e5e0ddd8e45cfb61f811bbe4dd96198db68072b45b6379c88d9ea055

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
215KB

MD5
714c34fe6098b45a3303c611c4323eae

SHA1
9dc52906814314cad35d3408427c28801b816203

SHA256
fbf495968c4a385ff0790e6b65d26610ef917a2b36a5387eff7ae79d7a980ac5

SHA512
68a65496275a1511b2d3bd98ac5592cb1c1eb9df0448471a8985cb2f458c66163e6d55545940de72dea80118ff8ec7ba0ad3276f51095f55c1243fb9f3311345

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
262KB

MD5
c8b26176e536e1bce918ae8b1af951a2

SHA1
7d31be0c3398d3bad91d2b7c9bc410f4e45f37be

SHA256
be6ab7dd506e44a0a9eb0dd531929bd8aa0796d85a0353e6944bc6bf1630b717

SHA512
5a362cbabebbffbb0797646576b65e2934a3b0a30306d74078ef2448fea3940df14f0b8f149691a100cc170bd548c9b420dcc8aa41eb1ea0700c9f155626c565

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdate.dll

Filesize
2.1MB

MD5
40cd707dd3011a9845ff9c42256ea7e3

SHA1
4045ae709979f75b1cf32142c1137b4be2ab9908

SHA256
9f4c7072716e0be1be08207a7024a5e41162e288e677d805be8e5469a8bd4909

SHA512
bf1ada8a0d9c3d9f39fb739d05fc4a61f0a7e0e1bb5eb44e6f0f5f58381ee6d80aad89dbc3211b70a6294fc69d5820c70fa8488ef2f793a3710ecff5ee90422e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_af.dll

Filesize
29KB

MD5
e91e279752e741b25cf473338d5aac88

SHA1
2b8ea61868a26408cd1dd351cca5139a046bbb7b

SHA256
5635ecedd84330f070a9d6f4cea8b8b81e9dad8592d336ebfd236b7d67e58acc

SHA512
7404cdb82309351a21415b045fc7165137492aa262d00fd0f74bad4262ce10e86c3bde1718c38757b7133e41d044035e731c52cccea285d659c4a570776ae535

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
bd175cb3dfc1d43944223bd5d7177539

SHA1
193623dc372937f31a545344d340360665b8d69a

SHA256
bf0d65cebe0c29f15a616a0dda2f1a414e3f96fe7a28ff7876e811855be6621b

SHA512
f5742352852837ce16f3cf1655e4d41e301f0351b68c7346457978aa310b95b69b1070741fc2ab8be5ff449f6fd44660df3b15811630efc1420ced1455fcaf5f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
42015aafd53012b9c8afa009ee501fa0

SHA1
c1fc049feab4fb4b87faf96c31b3d1160f1c1d39

SHA256
86858a1807e6cf0b91565ed7a5a15db24720b0a7f60ae41e67dbf9faeb6ef2fa

SHA512
9ce323da000b51480ee35973872fc7d181e1f69e820ac737c62c36eaa81eb99965bae39fdd394459adfaf8f746f5dc3b768015e01d8724e2d0718f5286c29389

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_as.dll

Filesize
29KB

MD5
8a54873d54a41442b62f9fea9492d3a6

SHA1
fb19af151b15f4bdb7a555924f1835b0337ff1d7

SHA256
af9bdd050b27b8883f72e3596179fe244a6a2e3545950c82889aac7198cf3c32

SHA512
7cc0a578586853afd027264c3898cb1460b23a47eab9c79e064b9f327fbdee6e3f9bc7043a5a76a710ada05edae4ac0b47529be3ae67ca9b5afaaa16151797c7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
e47db9afb646fb31cc8650837f487134

SHA1
f304204c908ea1fe2bcaf76040d5d1f13f1e99e0

SHA256
4e03ed7a538793fdcd4c646c62ddd278c46911099e6485bb2644a17ad3a8ecf6

SHA512
b2b01c86c78ec3450635c0fdef9666ce302600956e8def3bb02d205ba2a11b3d422520a64361c6f666998bd82b5557ec96cbcaba9e1b712c756e75128c8f9bc0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
5887cd452245dc7bd0389a0ad5db98e0

SHA1
6486d0ae59ba338e8bce87b438f86691e955840d

SHA256
922a102cae4e74bfc0b402bbb136116eddc71a8adcf7f1268d48006c858d1d60

SHA512
0720aaebca04e84d8af2d7b153b0fc51e5651cf664051b8c4b44159ed4c6328eb237ba4f4c97bebedbb1a45ca5c1d0f249cdccac76c6d5619e0e761d12aaaba1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
6aab6d42c7b7a90523a3272ad3916096

SHA1
cc638bd6ec6478734b243de2daa4a80f03f37564

SHA256
67180722f255985e849ec3ab313dcdc0bf2834bad7b6163a0b14587fdf4b4c66

SHA512
ebc17e0ef86b8e5bb938040ad78b299e33d1228c730666526aab27e464626b71ea900cb6dbe074bda5e42e77cd569b083637e233d757b8b0bdee2df2e0c509f2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
abc20df0545611a835dcd895d2832cca

SHA1
39e90363156c461e5aef64a714ba43cc61617ee5

SHA256
75d8c2e259b4d113c0967615af61e8f54eafb49c498767291627faae9fcf504b

SHA512
732f31d175f08c5c69b9cf540e2b0e72b8986b44d1ebfdf0e56eb56b68bea64e6446932a546f1fc30dbbbad4ccaf6bc935177a6348c5280ef786d6d8dfa7b325

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_bs.dll

Filesize
29KB

MD5
327e92c7a55ec996ce09dfcf8c89e753

SHA1
2a51c99519257ddebf0d8280d46e0c0fd416e7a5

SHA256
2b61608a7aca43b7ea4374b79acc6e15deb382eef0fa8751c8e57e03e061cab0

SHA512
ac3ca0f66b899759f0d23ba64ff291486edb1e1d3bb626ad3efe3e3a6fd2aa4081411546e4849ff1645dcd26161f35defbd8442278e6d6f66311780c60474296

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
30KB

MD5
e0d2675c6de1b8d4e5e463246529a304

SHA1
132dace535b9cdc7a4e5f6137407d5becb23c4c6

SHA256
4af082aa0193b9b15622eba1f6165d0b6032b4dab17ba16a8a9affb267ebec34

SHA512
afafc1ca5abc636066ee98a6c68356d68f506fe3734a4b3e68073eed1f2ddc51840464e91d3cd3b28648fcc26b9457ef6484100f9543739220ad75a9eecb1e90

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
bfac1c3869df5375aedb24458cf321b7

SHA1
848232c155c7dca65f6cb22d27a72f2c78e964d8

SHA256
a9f5cf25b9512e1d30ecb769a5eeb694888b72b7f05b78c417814802c5aedbd7

SHA512
732270e8e8036f8ec59c214ca3804c6c67420bcf5fd633347c764f90b06b25fd73a0c7aa75ec42461ae3d3570fbfec5c5a7eee10e8d494b805b7c7e0d4aa227e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
c5681c3b4a8145d3b6cbf51e3f0b12fb

SHA1
908a0546ce091906aa5e7728660b838bf1e619e4

SHA256
2b47a6c19ec492149eca6afb03ca82ac1418a727f35cb641bce9f22136dd3459

SHA512
06c850119b5199bfcec41abe2b5e6929e0a960b69337c6048e0dbdd37ca56401885785de96cec235093a4d6536d9de55178a4c739a6ebd5e34514e12635b6d31

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
3206ad1fbe5c53d278607da7767b1996

SHA1
6964da8787c299e71f8428b22ed8ff6909912034

SHA256
9ea2727ca92f74c7c35ea22287f13ef262241a905567b908e2860f19e044a848

SHA512
38281ab3590a2e6210d1d9c0d1f5a4a3ef19772065f87d94570bb448fb83ea0579aa8bac9e94b05ba2b6bb2bb882f1be6d45c921c52ca2f0608056512fb3338c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_da.dll

Filesize
29KB

MD5
7f0ce1bf90bc88d5fb4d32d359063868

SHA1
59d8ba8397c325ed7b2dcd6a262906795549af6c

SHA256
1147a2cac674209b9087f7c81c09000a2177bb7d42d0d518e3c93d8a9ee2d7fb

SHA512
5cd723cad43388c7e2db4452caa20c07e73a676c82bfaca27a293ab70acdbb115fd82c7a65dee3e6c6d8969c4b99e90ce832760b6f7ab47e9a4f631ce53813d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_de.dll

Filesize
31KB

MD5
d9eb30f1811161a6903901f1ff316ebd

SHA1
7ce5e34af30e821a0bbb7074da57636c1be15d6f

SHA256
73b4fab09f7f224b2527dffdb617b7f852c78eca8989d493ba2fa2201b1becf3

SHA512
9d2e2a44fd027c30836254de1ec99fdff4bad2d3488f25d88a9f80f5f994dd5c660903dd3586dca85fa9e1a269ac8c51b5a060156fa65dc1df0d8137bf878c82

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_el.dll

Filesize
31KB

MD5
85dadb4cac0d76fd821346c411d5c3d0

SHA1
999dc0bd7250f71465f5098dde263a7a82ba7b3c

SHA256
1392f864c486e4b4b6859d900b12182f5ad5ec90e183808ab7ed0049aedd807d

SHA512
649833bf473139db879c2c7218567c49ad6436e3af1efdc7d9e9d48b8d3347e2bfacd6140a59d7973fa9df9cc9cab0e042bdaa7dbf32846bdf6b812b7ecaef07

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
5d4f7ab307f71d761a7f0e193f4b2ca1

SHA1
a3580268a98ad5242c7c56fa759f39276b6149de

SHA256
e2f0a11b5269b08261397e2ba8e2a5e44d5bf2e042a1cb91ad395d7c274b44d8

SHA512
307c489db833e4f2c74ab5201909ad2c53c691e0409f5abc29540a84d1c5ae146a072fecaa0ac886c83e4521fecc58ae5b0ff4331f3b37f39114d1fdea731021

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
cfb71031c56d9e8b9490d01fbe86302c

SHA1
9e11ecf5efc88e0beee1db46620bebc73f86dd21

SHA256
b18e14d0e24546193822b83996c5b311500ca213beb4d497cbd1dda9dac9db2f

SHA512
9cf993ea53673e416eead78d45a6d700b74001b69b1b987d479e77348ea8dc151f4ba6d6b1220db21ce792f9da51b9c83f33663621f9350b848a766ceae92370

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
b25a10d8b739ac2eac10b7b7fc7a61d5

SHA1
ec993d8113e4c0a4a1b36920a8991521e4f7eb57

SHA256
cad0cef66ad1097dc11e6396d0a0fb11ec1734acfde15e9eae402ba0d068615f

SHA512
315971e819d2c3dc5fc30ffe2275c3608125f1e4f14dbeb39aa0fd014291dec0c5efb3e02628bf345c92ea0faaa38e30d4ed5c3793995afff9cb9c933f234513

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_es.dll

Filesize
29KB

MD5
6c3d219e2169f5566a8bed031b21bdc4

SHA1
073a61c02b87e37e87fd3c8e609a56828ec49a47

SHA256
3a841555813f21928fdd45003a3f694a87074869b001b3e063eb97ad35d8fe17

SHA512
2b57d8325ada86a1ea01df0c7d0122875450f913bc8c21d8a7dd44ac7037a170e2f4fc92c13c58980aa9371a7bdfdfee34b9e188e16ad0b89181f7f901467152

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
27d45a84e2b94a60d5a821597fdad6dc

SHA1
2125fe5fbaa2db280a859ef3a7d27ba21efec036

SHA256
65f3cd75a7121dc3d417a9c3180bb52b485b5e7d0ac3b483fa355d13515f970a

SHA512
eddccfeee69b7a53adf32e72724ec8ba1668d1927322ce61429a4c663cf3d17e3f6f59fe1930b96f78faa70d30edfd7845ba53cc161f06a4e67ad43d11cd576e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_eu.dll

Filesize
29KB

MD5
d8323f3db20d104441f548decfd022ba

SHA1
de7f58b9ee7cbcad73433a17ff55385fd7e91035

SHA256
d07d8eb066e953af02a6e3a160232a73c1b66bb54d93d6b2ebc1557d1d322358

SHA512
7de3a803131086c3368d4acada0b6a29ef4ed4102a151eb000056c233da4853c97e394c98d6fd856714758ee17a0cc4c3df061a1b5d2b2b3e3bf95447bb729a5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_fa.dll

Filesize
28KB

MD5
6ba182cbb744541288629a2464ba99e6

SHA1
366751e425128654514dc82112238a7d6f4c9908

SHA256
cca362dd297b8d8e20893cf4da8cf9efc9848f97a04a9d69cabff67ae947607d

SHA512
ab3da91d7ab7150100b580d7b25a5fe9cea67affb1c4ac9e479b70e2d17ebb14a0745bf62ffb3792b8ce4cbea130cbd0012053a5dba7930252e2c09b763ea658

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
e7a774a7b404ab800efbdf7ea52e7ead

SHA1
3f0476821281614b9ee32faa5c534de5f6dc21f9

SHA256
1e1f09beed91a6a84535a1cf2b4df5e416cbbf785546f798d736009e31f95691

SHA512
85091f8bf809e88e248f4a899682f15586a083d1bb94cb5674da0e463716fa927ebef578519b653ac4ced381f98c4cf7a409c1ed52927dcf7fce4813008ce900

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
1223e486deb013055cb0b7729681b9ed

SHA1
b5b43fa89f066a9b6ceb47389c05b69ea6a784ba

SHA256
fae283a78757cdc548c728a38cb041db4ffe538c5ee7d2aa2f55e3469f95fa25

SHA512
8862d2f4778bfd0659dcf9dfb992072767af30dea46b34d626580ab8183a765d0c0f95a7070f0aa36e694d9e559f843672000aeaa4d8abdca60ff83da5a2b857

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
9fea64a22d045d8edc38a9b8480a9c12

SHA1
e3342e26166a43a21729b8aadeca653c03dc0528

SHA256
2f324851f0ccd101884b78fe1eb07c2da2932a68015eb8cfb4c801e288c8771b

SHA512
a3601640cf961c88efa476125a71786a109d23355922eda45b5be8824ccce650d703546c5c8c281308dce208edabbeea5cbc3b44ed678d9d36970c4e5f236c0f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
498dddf273f0f2973b1c4581e820f10c

SHA1
aa048015a3ed6ebf9b4848a9cc54beb5e39eedd7

SHA256
9ec8cec72404794a2b2a738502c7f531d976d8c99a57d2b5d2f0f2e818e35e04

SHA512
3596b20469daece28496a13b02ae0c1cd9265fc0046e1fffc384b8a16a4869402831386679c3e9cdfe03903df0b191d2fdc04cc531104c9c0d84bef24eb4d60e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_ga.dll

Filesize
29KB

MD5
81d35302b31bef2a99e154eb64abbaa0

SHA1
ea72f2aa526ea299d5515921fa0ac8f502ce3cde

SHA256
0133af05b669f957174a22b0b568a17a9bef1e387f52ae157766fae42d4e647d

SHA512
4d1df9684e7247ec0d8fbfdcfdb6ac5b2811de649c5b7ee4a20e5733307cdf5855ff767ebcb12ba15b33be58d82bacf9a02522126d927304e11f8e64261b46bc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
2e88f4aec46a293b3ec9bca2d7d2fe73

SHA1
ba34b9635832b2704942d7cd8578c8d70f0ffd2e

SHA256
f7278ba46204bfa387eff0e72fb2a8dd32ccea154fb268a8c39b03ad5334cf38

SHA512
b7f655cdaa3a34a8e0e00186cc49986cf283785a133af87ae47c3a3614f0d15d5b51b4091ff33bd0fc445815665edd37d378a9665d3831d2281b0bf6cc933c87

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_gl.dll

Filesize
29KB

MD5
2dcb17e8da6ed1a62a53029940592cbc

SHA1
b12941091cd1a554cd23d38dffbf75ec8ff57848

SHA256
a6770040c2f93ffc5c542dcdb1e7ea529d6036920957a9709153d80d360b178d

SHA512
0c82b39c7128d81739f64346948784c60d2cc409b637d5ca79825ef12766c10861ac3c119a5f232b12f52e50d3ba6818532968c75fbf455e75bd3be83c931f10

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_gu.dll

Filesize
29KB

MD5
571b69e1a8f9cac5eca53ba624aae924

SHA1
89798cdf858a4ee42ab4ffc01055c0463b6c4c0a

SHA256
37e67d7511d261ba1e022c9019d1b223d6d092260f97b471fbe2259ac5af6d3b

SHA512
961834f77c2683332b7a650360c09fb08e7efedf4249e48662b9a4fb9534bdba687eb9320da1a3aafe6a9c30d624c4bb94b55e1bf086a970354df61f2065e181

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_hi.dll

Filesize
29KB

MD5
4e8b170283c3f3d182eca7ce97e71a08

SHA1
93d86d961014b12c1a376effb3c568318db1ecc6

SHA256
0eb7739ad2863ccc13fa5cdb805189634728a7613918cd54bfe53a06d9c26cf9

SHA512
76a384ede88986c03e659c61e5409446bb472fa50c2e2e6f6e907f74e675ef0c5e932d950733ee6dc0c167881bc948d7ba9771bb77f31db3fb540277afb829fc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
54df61c0431c61851d8b61427f2cd68e

SHA1
84c99b724a2a5f321fd161d3beceb894e377a121

SHA256
6e96de38195de0095c6ab16696ccde2577a65e8c23d07f31e9f3c9f52d76c7ab

SHA512
46bea4f17fb327bce8bc6cb5329b7086a772a6eae07a8f2f34309a42acbb9f3dadd675d9c8d9f9e72c85149b48419fb5807acebbcee5bee150c754f94e98d7c4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_hu.dll

Filesize
29KB

MD5
6b201af2eae546c9b638e38cabd9676d

SHA1
626b2029d573f371dbeb7b7878779383adc6253d

SHA256
c849d765c73a969ac10acff6195edd9339054b93a15152e5d1eb1fd1b5017b06

SHA512
1c35c169cf16a37a5537d0911af7da64ce9a0f999e76464f3410ebb224b9e65bc71deaa253e549b196c52409127b55cbb2e4a39bf9731b3ee76dae560b74fc2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_id.dll

Filesize
28KB

MD5
17162657113e9d8d7c1763bfc0ec991d

SHA1
f2507d9d1516bbcfbe408186894474c592f141a3

SHA256
60d759405a83ec4bb64144ed61b0e9a704bfb3b74e8f956277df71a38b19fc9e

SHA512
450e90b4c8ee384994cd6f56677dcacff258eb12442af3fea3a977d7d00b943a1b1f6b12769d4a02aeadc4f4c3b82a06cf8a667ce6691ace5d479d1261a1a629

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_is.dll

Filesize
28KB

MD5
625060f019c3bb8f1d49a9b128e1e4e6

SHA1
0e22bd7e23fed0e856a09bfaf5ee105a3dd27edd

SHA256
6117fb49f06f4d8e7268de9e41862a940fd36600e23f670f3c77ec0adb27257b

SHA512
962910c5a438b0289eea0402a262b8b7920255a1dabafdcc477cbebcc36a1c31b69784947c794bf720e16c0798cd958616a763e67c42327a94f7e66daa63a07c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_it.dll

Filesize
30KB

MD5
258b52e60a1e353b6117917154c7b24d

SHA1
c109ef8d1382991b02fe953679bf3fed063e9e82

SHA256
2362d8f1e8f2c92e43659d73052f2a43dabf95121f852d6d04471710f2c7109c

SHA512
fdaf605922e728f87d7d916f75a83f78f4549dbb35f9d2e7717d369cd658075655a1b903e705b5cb609880033c080e4b3135902fcaba7a8a96c2904f05d53164

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_iw.dll

Filesize
25KB

MD5
973e14a5557248bdc2cd3a5fa3540a77

SHA1
66818135e202fc53711053ceba04ecc8b9b28506

SHA256
0af05d8af74609c9436ed0dcd3df52f7ef3dea8b786c85376c57c0cf128b3045

SHA512
e8c271f52fee4f249c27c4c344b5ecbab796227aabeb36b0b7a7d82d5463bcaa707b1f8ea47b863f2d87b35fe9b361ae2e2b7d1c16a4eed0ce0d530e1e34b26a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_ja.dll

Filesize
24KB

MD5
dd5aa26cf2d67f50540da8e552f792a7

SHA1
0b14b06a2beb63fde2c1bc86c49a5117287de2c7

SHA256
b11af70867ab588c412cb5d5cc36ec888e74a50f508eb31a28db559aa00f8a35

SHA512
9bc1d7965a66ddbe7dc3fefbf2eb445a0857f83a28b2b3e120de80b03b51e87e6acd20569f2b002bb7adc41cbfe147572306094d83c8ffceb44f7a8417d89e0b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_ka.dll

Filesize
29KB

MD5
3cba4b52b099039d2fbed395a3bc7568

SHA1
1a5204510d2c02d02ce361c7a3295498a60efabe

SHA256
79d4684d4d365b2c89f16fa0522f66031a1037cb4ad2a33050ed97a1df825990

SHA512
6ea41e61e4fa8cbd73e693db860a84bb4c6389b0aa5aace965a9567f6c16ae23fd51c018c6d96a1c08500a3cfe6327cc4c9ca9aa6bf9ad0b2f0d0c71e8922e05

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_kk.dll

Filesize
28KB

MD5
6543ba7290488f5e3f68675a598255fb

SHA1
7359895f909776c5f14f6e5ed0fa11cd50853cd5

SHA256
df016969fc3ae57abbe8fa9f811364cd84612af0e819284b4d1acce981f6c21e

SHA512
90f376c59d67d89bcd646895209c0fca92866f9866e1cee7a51745077ad05f730cea2624837baf1e5ba92365ff46955ece98938849b87ed7f89a92897949d0f1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_km.dll

Filesize
27KB

MD5
4d101ce3ce6be285845e8f8bae548097

SHA1
195f314bcbee9cc373136334b5089e855e71286c

SHA256
3f11a2020839f5993e6e3cb9b5e7c5c659753cfa49257d3ebc015da6a8ead94a

SHA512
c31214e9aacfe7056be1f7ca6399270e644acef060d208d805b59bc6635772592ae166b06d038e2eb74218c451ef0fdbb09dc7e2ef6d23b751cbd6ae935cdf6d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_kn.dll

Filesize
29KB

MD5
cd6084bee91407a5bb932cad81ca0636

SHA1
c9e56e6d15b413a8061ba38d05ff402b30688684

SHA256
01551c5de82d4d9b262735ecdc39fd6c4ea5a94acb9cb1dc4cea0e3bcfe7ee9f

SHA512
4d1cfa478050c87ff0c7d0b17ab7c23fc6bc400214b121bc86fc217b7b8b764c8109bdb15a3790822295556a7d8706aaeb8ff642b24d2fbd582b2ede61a76a7f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_ko.dll

Filesize
23KB

MD5
e73046fc5427ed78ca02c7f50136efdc

SHA1
df58d20768edc25637ad8fa38f71d25a86633725

SHA256
49e0f43057c404a4ff5a2bc306f70c3728412b887e07870cdfd1f6eb3836ee88

SHA512
fce94d5a6b8f99a5af8f30314a0a7a5a3a557fefc630b907e5266c9f397bf6dd1a8211fa9d6535f75a0db7016ae20a3b295c4780383516d7a234225b798be584

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_kok.dll

Filesize
28KB

MD5
735d775e6772b5072227a3efc91d6f5d

SHA1
b302aecc725b87d3b0402be8d5b30c35084f2d81

SHA256
11c257e800ef3021c2d6147999f5192b28e48a0ff9d486be5e47c181744c15a1

SHA512
8dcd0e07b90ceb6d6f39af9077bd85eba46506791491eda63b05471a7f984c2d1b67cc1335f788682ade2124b32e8b5b436bf717f6b5e2de8276dddbdab3fd34

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_lb.dll

Filesize
30KB

MD5
8fc766f256ccd06f09106c10f9a20edb

SHA1
867c9da84a0e61a8b4787bd3618ed25aea80360b

SHA256
7cec1855457e12c2adcdc3790856f775fcac27bc4911258937f8b08ef0a0d1f8

SHA512
4f545d4914ab62743d2a0c6a461c03597d38b6a8ceff85b154629d2676f41b9cde7efe2e8131d2749321e56e7ac7d90e4f958917a989170bf505840bfba059d9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_lo.dll

Filesize
27KB

MD5
f59fdfea8b8be13fbf3ee855f0f840fc

SHA1
32743d1ccc6702bdcb8e4e1320c60ce3ae0c3a36

SHA256
ca296d434902c4146ad1828ab96679d937d8edb85adf0184de00732d86e49d08

SHA512
fbf31397247f434d67f1f02751a12ecce46253e43218dff701c86ef3990d8ec8cbe50dc94b32810ec665e42246277ca14846ecc77350d0fb4a706b5d03c1484c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_lt.dll

Filesize
28KB

MD5
f4bb4677d5baafb96c2489db597ef7ef

SHA1
ddb9566fa8f2206df5b2a6e71870b08a4ef3e418

SHA256
2a0e85a66fa811b55b5fda8dbb45b5db4ea01a32cfc927e22809ad5f3c8bebfd

SHA512
4beb5fa5ff8643622bb6c971a84f0af33328a98fc6caebc44f02d243c3aa5fb30f390dc65921fc1aabe7099b94a8c4e748c82543670053ff6d20a3c0a15a513c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_lv.dll

Filesize
29KB

MD5
f4d4b8ca1664b954595d872cd6ccccd7

SHA1
288231017312ede121141f94ba89051fb6f3c3f1

SHA256
ec7072699b9c3954d0eae183312d4041299a1f2cdccde2ed8de3fe96837745ed

SHA512
b1474c0c4e87f499d8f1b3a83b8b001c72a48656781e8c3df87cd0a5eb2a6d9fec5abdf56922eac3fade2df232322e804f315874d983fa256941d4e03ecb93d8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_mi.dll

Filesize
28KB

MD5
b112ac05613a1942f009db22c776170b

SHA1
3124e35610322ba8eec2779f4d4904a569e093ef

SHA256
9c1f34a7971ad37522136dfe3e9bb8c6939b69e9adc2ecea44ae495ade165419

SHA512
d47455653a9f1d69b0c63040eac6bbdbb8b3f72060862c1adc2bd589bbe20c04f25272e69324b0249a79eba4f089a3e68e787ee80a4d992df160597186d3ca89

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU38BE.tmp\msedgeupdateres_mk.dll

Filesize
29KB

MD5
3824b848b8d27996e03b77e47d683ad5

SHA1
2112959b86d3699f7748120e9ce704a4b1d3d85d

SHA256
42ddac6cb468b4d938fac198019dfcf36b33bb8b370755425a6a5950d226878b

SHA512
cdfb37d6ffb0f344dbfb95af7cee8f0d7f420a1a98f934ced93ee0c349b1f2661e8331f4ea373a7bd535df89b783ec662935c9dec8f86c31c91bc6383af01028

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
7a0e6fdb07c067e865d02fe965b21175

SHA1
31fd7c76b74ddedfcfed43b71fe44b855c60c902

SHA256
f0046c386cf3bbe2e06b73884cf8b02df7e3a3a04ca2f171f458e594ce24d113

SHA512
595355e6bc5884b2b55c465e00083aad39f70f8d4f32838aa7ca8f5b5a73218f3c810239a71b371af14ce3e23a024727e847afbcc895e2d1779ae5fb62df5f62

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4612_2087917441\crs.pb

Filesize
289KB

MD5
5533fc3f4c1820b787df3ec6fdc2ef1a

SHA1
f39ff89fcc1af711e8127c52ba55c8ad347e84a2

SHA256
56711adeba4ecafe298eab09cf0ef2f1d7f3260a2aa4366b927029781d270938

SHA512
5194c0562b8cb8e23fde7b561b00dd6bed93782f2e9253324a8e8ef05b69b66a549f2061ff3a9010a73a1412cc64889bc93931d0f212b8a68e39838dabd8e811

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4612_2087917441\manifest.json

Filesize
102B

MD5
4990de49d0c65d3053a4fb0172694ca9

SHA1
d92e3985ceb81c788f3a20c04a58bdfc305e35f4

SHA256
36e6eeb1e6c941c6b3898c447b2964e70ebf671c5e5d7568792843cbcaac1cc8

SHA512
0b012329eadbeb45c20794aa84497d7285c837a8d6b2895906da1506dfc26698440e1c5ef7a4680ffa732274011fb1b8c7f510ec494a8f7d2a49ad58317ee47e

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4612_283906493\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4612_283906493\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4612_283906493\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4612_283906493\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4612_312612579\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4612_339664497\manifest.json

Filesize
80B

MD5
9e72659142381870c3c7dfe447d0e58e

SHA1
ba27ed169d5af065dabde081179476beb7e11de2

SHA256
72bab493c5583527591dd6599b3c902bade214399309b0d610907e33275b8dc2

SHA512
b887eb30c09fa3c87945b83d8dbddceee286011a1582c10b5b3cc7a4731b7fa7cb3689cb61bfead385c95902cab397d0aa26bc26086d17ce414a4f40f0e16a01

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4612_696588902\manifest.json

Filesize
114B

MD5
e6cd92ad3b3ab9cb3d325f3c4b7559aa

SHA1
0704d57b52cf55674524a5278ed4f7ba1e19ca0c

SHA256
63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

SHA512
172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4612_711177744\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4612_87820799\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
90KB

MD5
53e927fc0c7ad0ec60196e7d693efe26

SHA1
d6b191cbb212fa9c9c6e8387ac8aa09bb2d2669d

SHA256
267ad1f4f7d16c1fb2db8cacb73c76c6bb21e662e5ef0a986fea6a17761a218a

SHA512
a4cafb75d36cb53ad7dbabfcb6de255ec83d46e0cc4be516b06d69ee9ed5778b1891691c9bc938a38016faaa4509c47fc96f9e6dc7f6b778d027c1edc9a6e344

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
613KB

MD5
efa26a96b7af259f6682bc888a8b6a14

SHA1
9800a30228504c30e7d8aea873ded6a7d7d133bb

SHA256
18f4dca864799d7cd00a26ae9fb7eccf5c7cf3883c51a5d0744fd92a60ca1953

SHA512
7ca4539ab544aee162c7d74ac94b290b409944dd746286e35c8a2712db045d255b9907d1ebea6377d1406ddd87f118666121d0ec1abe0e9415de1bba6799f76e

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\CertificateRevocation\6498.2024.12.2\crl-set

Filesize
21KB

MD5
846feb52bd6829102a780ec0da74ab04

SHA1
dd98409b49f0cd1f9d0028962d7276860579fb54

SHA256
124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

SHA512
c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
c29aeedc06462587a34d69fecf7d31ba

SHA1
859cff2127181f1cc55dcabd350b8a7c81a7ceda

SHA256
6031ae24db2857d0a849a224dbe139a22498d6603efb26e2ebd8d9b6a3b2f8cf

SHA512
c26217abf198c4e5ca6642d7571a394601d3cd2bd0d42f96f1ecf516f235d1b42a9190ca1e1ad5824f5365e17bcbdf88ca962daf0e9965b648ec7fab8e2a825e

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Extension Rules\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
1KB

MD5
941aacb6d40330fde6f2d046b5334b3b

SHA1
0d14e5fdc52917097776e54e94cb9d732867891c

SHA256
e3aa556f71e672235394dbdba971eca535d9ad64d08e125728a2b0627c0d02fd

SHA512
0dd8e838d27f05a65d6fe42b264f4385170947a9bc6bb9f66ef44bb520429273864d946c62e6229f2619c4ee4c33174a08f9c1498f7cf13316b82af23670e586

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe5acf09.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\TransportSecurity

Filesize
691B

MD5
acf0cdc9e59e302e281107473b082324

SHA1
71daea6a390e9af2f975432c897916a20fff8e68

SHA256
70b564ed241140f53f436a16fac75e5262ce07a406f09afd26a462545b45f189

SHA512
08fd72989dcc8aaeb0163167783c2e0d0798a89dd5e86e8e62be1ba278ee84e8bb246391dbc8624a254eeac456af09a624c082450a43377480a0b054c9a217be

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\TransportSecurity~RFe5a1b69.TMP

Filesize
691B

MD5
8142f11361c3b4dc94a4676a722cac78

SHA1
6232d2048d04886a5fe11b5de2de572106737bc7

SHA256
44934ed36c30a0179ccae43efef509e2de012308c34ab5cfa07d44f23ce5e43e

SHA512
ac0b4e27b9b00180cafce5967f271ce9f65334eeaed275c34936b9960f7c16562c35a4e2c851b8bf131db328271799198666d211c88c6ecc441a2dc64fac3415

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
5f0989deb294faf90e3907abae015aca

SHA1
b10f0db2d911331ba5d7cb4074650d31f66d475f

SHA256
cfa743ca0f464fcccbf06baf22981d5c8ef01dfe9d9ac9aa525518f85da3107c

SHA512
4f299784b90983dc23e584989ef85422b22c274f19e37ad33ac8fd6f1349419a5af60bcd0eb557a1be73fabddb9136c3ed277892057c21ab179aef3645ce1e02

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences~RFe5a1946.TMP

Filesize
6KB

MD5
d48b3331d7844ba775c6a1ac7403ba25

SHA1
c9fbbcb4495692c50c90056693425ffe6b0cf709

SHA256
5108adc7a4036447b25c114462799f4e78113db4ad3ff2a14780b9efec55d22f

SHA512
05a1cc83bc6c0d8598ec7d9388573f7691662019d4f1a5d19a5c0c7a0b297c6f80b0f0c58d3936ef9be69fab51403aecf914845477f982e5be829090ae33d2f7

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
47c29c26d466cb61081834cee9fb63f4

SHA1
4abed69690c8ef93d4232c9c838a67ce769c9d56

SHA256
1bf6de5a06b012584aa3a27f6d0768e1befbecb09308e47577b53966e018c293

SHA512
979d3b4bdedead7d04ba87b144eca19e32d26376b06da6bb7034a448d0b77bd71814178f422613ed902c86ea52ba85c4acac0985d6064e53de1e67a10def675c

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
d92002ce0d6f7d6c2b7161629fafcbd3

SHA1
b766e672ab1dc45960fad6447f5bd28335b35f1a

SHA256
6167df965c266af9d1534479ae7df35f9cf13ccfb9ddcb94659fe4d30c7ed161

SHA512
37fec133bed8e8efc5d0d84809869b93d4a03a6d24110bcebb6bc46029a461ccd4262a64244b34a1ec09fca98a936ec107ff8164db9b5aabdec25ef98aa960a7

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
2KB

MD5
e5d227d7317aeca6e55a0bb8b8387aee

SHA1
548368fdbb0699da3e18c3a07585d1e077a222ce

SHA256
7ece72583a6ed417ddfc53dac208a80494c0d16a6b5726755b0dc5cdc9dab2a6

SHA512
e0b1ae1ad68292bfd07ae63735bdde8e0c314c4301b78f40f0baca7defc47e858aba70cd814cd356df3c4b74ec8ab1243eaab31e05a2e4d4500d9a865ed1aa19

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
8acec79220a139ee2ffcde3ea00671db

SHA1
507a59e89209901f6ec69880b679c63dd6ac63e1

SHA256
63f39802e702559c87132a3b12b33e5e388ad58746b9c2755c6d2f8d4048ec1c

SHA512
df0b95ebdd33ecdaa474d37a5f808f605057054f47530ed313748f3f74c5745c770079938cc84af501866fac00e5a3d21eae55c7b0275f909840f3e33a9d02eb

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
4KB

MD5
6f7904c6283a965ec1eccd27687142cd

SHA1
bb034020611ae856443abae239e2071ad0811e28

SHA256
6f0d5c0c672fd1f034fe55feed3a2c20654c311be21a42ee56e70f777654d875

SHA512
d6c706ce09a841c1045e8d3dd95609b141bcc025672a0939b7dfd7666cd25ef1e677c48b120f8da2454259a337c31d8233dee4c45750976a0d4e69ff0145019f

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe59bbf3.TMP

Filesize
1KB

MD5
3d529271a05876240763439664517cda

SHA1
21f2b9bf360cd297f3520e4b8d5e3a7e274a4539

SHA256
224c62a18791d1cfb1fe992c12bfaeb9591655cd0ca99bfa0a016729ee641bd2

SHA512
550ebf7adbdf1da8876bfb9b64db78bc9ac8deaaf59ee27413e99d07fb20d466bc04b21cbe003415756569811b1e7a4766bd9e1fe677291a481596a0a19c0003

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\PKIMetadata\14.0.0.2\ct_config.pb

Filesize
10KB

MD5
88ad775479d6dd2b7bf029dc6d8146ef

SHA1
cd8b05b3d74a118a34ba656cd189f01775478d8f

SHA256
7e0b43739efe05e89cb861e4c92665dfa904d40af825264f76feac68784eac39

SHA512
69195d8d431301af10786ae123ed38332e074996ef6e66f5941c4d9e6b3a81df28c1d3be4a7a527484d68740aadbf09d3daecae43a9ad6f7356b8ee68a8e38d3

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\PKIMetadata\14.0.0.2\kp_pinslist.pb

Filesize
11KB

MD5
4b87d1a12e1915c798ceea1f06f32ba9

SHA1
5a53de4e41c46f8a7e305d0674200683b166dc71

SHA256
6df3b6e3ed215cae075b142bdfc512ec65fb945b5aecd387062542fb31a4c9d9

SHA512
ea06172e1f46fed6f9d679206eb612f09ad1f5bec9c11938d2a100d8d058ff8bdf121c0cb69d6899fe4f3531c656a5beb78d2f98e4c06c8e5d8298f2b79d1b9d

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\TrustTokenKeyCommitments\2024.12.14.1\keys.json

Filesize
6KB

MD5
b4434830c4bd318dba6bd8cc29c9f023

SHA1
a0f238822610c70cdf22fe08c8c4bc185cbec61e

SHA256
272e290d97184d1ac0f4e4799893cb503fba8ed6c8c503767e70458cbda32070

SHA512
f2549945965757488ecd07e46249e426525c8fe771f9939f009819183ab909d1e79cbb3aeca4f937e799556b83e891bbb0858b60f31ec7e8d2d8fbb4cb00b335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\215e9049-2558-4d39-a52b-74ec07b080c9.tmp

Filesize
649B

MD5
36bd2bec52291810668500a2d9fcd22d

SHA1
1e8782d4d56273c6868ce714a0718feb4eb4b7d7

SHA256
71bd06bab2003573faaa46f775d4d7b6b0bd843b1dfac19f63252b74299be5fc

SHA512
84a4a8c5a0612ee64cfd85265e0f7b1b099d7ba51e29b40914dd0fe8f8abbcfe6f521c418ccece5f501eec5f58cc8eeee928a9c5b3307db3d06fb812b3accc33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8360e9fdd9cedfd9cc0f0d0d204eb7a1

SHA1
e55a9261118d5f9d684d7a822bc615323e01998d

SHA256
bc0a9b1d1b83badef6ab2c050e904d152ce2dc672f756ad1e150312450c6af5a

SHA512
c7e5904069f7b86a15c57baa6adffa82e9ac9b3465380daa619576b831cd3461c4aaaeac5fc1f5b581efc1720690551d7a715296afc653b60e3cf99fa0144436

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
770f276ba3334400fc285c3cc9a006ef

SHA1
17077305b6399aa1f792aee23536304f10748374

SHA256
a83fbc94320f4b3fe9db5ea7adf803bf2dbdd025ae67ea35ee56281236d2eb1d

SHA512
03052cb59eed4469fe9bd83b879d9afe0d184785045f48e5ec1208f5a1c93f18f057f9043ebea0ed8449eb10dae83572d5e4890c14cb3363142933c910b5c36f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
955014d5849b38b01131ca4d04e3bcca

SHA1
db999721f58bdf93cec01f1c778fff73f3b5d842

SHA256
69a1798e941832ad34507dabc7816c14dcf14f2bda18419164d2b73ff5ea6627

SHA512
8254550fd4737f1d4022243d82e8cae6e01f78270f78e1afc770a260f25e9843646cb6027a60af7a62f0787074d622fc1c011f1eccddd0deb98840d247dec048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
42802364797057b3aa1db8ccc4723245

SHA1
e25ea52ce38f6ac32cba6f9d7548fac98ddcd7ad

SHA256
8460f0863e52e12de7dc1c1bf92804c43c82fdb9f85b332139e7db33158bbc83

SHA512
7c8395d3b38c83a55d35d1e4310b4fb82db9cb1c1fa6cf0aff3a29c5f58866b069b73546c29606873bdf5e5f0daf4061979f4e3eea36b7aaee447d7f24d2330b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
36084e94834d4b15cbf9f1883b445068

SHA1
d1ebf5015c857b95c0be9a96019352d7e8ee007f

SHA256
ce76e7d012b5624dedfe4741267c8330b94ae526502ca173cf3be7a48ec6e156

SHA512
31dc0f085d371ec95671f2e1a95e466ead384642dba572246061a6a2631237c4236ad6140cf8547f48672dc88857ee063b741c34ac4fb0021562cdc15e3d4e69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
efe5c5d1a41be69dff215516884723df

SHA1
5ae2b8fa57082d985f45f755b2fed986ab163fcd

SHA256
e76d64a9e1006db022edfc98e18756979d1d0f2d161b9a0a521e91db7156c45f

SHA512
658c623851d84a13b0e6eb693065333549111f3c5ae59c9fb1edc9cd3b0f6bf983df1972de5b1df81499d365a1035098e0811e20fc6b17052f600aa6b00c8220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ef29e40d8602ad28bb259180598b6f9a

SHA1
8dc0a8a427408451da67cd744b76930bff5cb1b6

SHA256
812568798dba8a1ff7c7565bbc67dc05f5bd5e706343516b4ccd5b86789fb76f

SHA512
79bba5c70572f72988c63b3ed9c545c03533bd78a88751196831087a379052d63e45e5e92539f67f5b86113c9e5134a79d448cf2bfa21a7562dd6e07ac923b5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f53c0f263f90c99dee5a07047311e802

SHA1
79571daa7cb87c09a6716eb90a771c62e0021265

SHA256
b74e844404e75696bb8b7e5112ef6e8e0c9ea61989f11ca40b57b364058a2b12

SHA512
3a2b1fc20b9c515ff144ddce2b49c0f5e0a8616c7102f58d6a5fde9e21d14c3efcc3fd1739c4fb1d2ee33162e0db572222714b977a744db8d8a231dc603ed712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e840c966a14b9fe9e33d7e034532d7d5

SHA1
765c67c11eff0336d09c999c3db936d36450c81c

SHA256
9950550a96e156dbfccdd15859d6d273b7863aefbf828b92cf99b669425de84d

SHA512
d7ff996a0e2cc6a2027cc2642bada9d761134b44e438d1da11a64f0563e5543814d7a1d4a52b8223345fb43db7a13135c6b1dc6ff2a77e9051f4edfe13d5bc5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f055ee49a2bfe4ecd8cbc634d6924f43

SHA1
30f6570fa9c514dcabb0ba8a3713750db3965e97

SHA256
aa63f4accac8f9cf37d020e6325d02e83a43bed089d5752122e08568f83cee73

SHA512
93a932722ce9480b8227fbd4c5f9bc622c14427fe3e21ce5ec8c92c45dc580036c3cb920bafa02e5f1459c9eadc67434863cea18b3dbc4cf5819d0c0df5c882b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
dee334b38f8842d00a2dccf236458cbf

SHA1
261a77d5d1d4e31eafe39d193f186edece8fb27b

SHA256
2291bd9cf5abba721100b25a6c1a1d3dba483db9aa7808ce1e8752e3f926df6e

SHA512
336dc6467f1cc248f5c0d8308c7b28fadc6df7603aafb66e5a220560109710e3c9cc4ad750bad04dd0e9c26351fc8ec8469b64ab6cda0ef66f7b15f3c9f69457

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
402dc870f137e31d9b60697893b25827

SHA1
91dda056df084f221903f798f2fa61e203acd05e

SHA256
c98d3ecd8fb298ddae5976d1a8a86b07eb50b1edf8f03d4e8082a0495696c6fa

SHA512
a5a5acdfc15fe72df0cd01c224f018535b3fa9db163d48792f9867d81a8bca6338f0532206ea7e09455296b45151831655401c8121c46f1236ffbab2de0df3a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
58dfb0da92cc85a19a5d18a047041e59

SHA1
3af819265b055b1ce2d8c8da1ccfe71a854b3dba

SHA256
184b57c9cfebcb41fbdfa1207fb2c489779a5d4bc07276531927b535ed998da8

SHA512
922463ec3167745153cadc014c04c50e6827376678d28e1542710f19bd0d3b31afc853cbfe0725b5b26edaf966e4aa8dd459665b1046227a630a961ece94c1d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
56a251ffb89be8f18439d32a4c179280

SHA1
2c010bb2b0d96b810a25a4f4b4d7a21576b15285

SHA256
bd9292fbcc0d88d01cfa84abe44ea05bcd5e4823814b016d7b3c20e7c1d782fe

SHA512
2e3ba3e8c34b3a58fd700eedbf2e3947800f6bc5bf1d4c60b2213fa71631ab7b3609694ccd8c427675d2e4c285bd14995fcf0023c059d747791d682cb25e0e7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d5010f30d6555aebcd272b6895bc0e53

SHA1
39e59990906b2d37657900e2b43d9b6014338f76

SHA256
8e83e94d87c669a450f4f8d57b9d693fcdd664f40f757fbc53f07dcb9163e370

SHA512
1bd7dc2b25bc576bf74efe1a08e58d221ea0d4c60d36b07a512820004742b11fdb05628623e04dd82c45af5ae1192b3cc97c9f011ea58b936db99bd88b2237f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6187898d6b2bd8684043cbb9a31a860f

SHA1
ecb548daea7b11859f8af858b246e854e0ecfbc4

SHA256
5aaec4938a792bec315f64da66f0db5222df797dc3e7cf8d2982018488e4fc40

SHA512
16a21d86e8a7d73864d3903389bbe2118ba628fcbee2cd8380a46bc8800dd9fe5a492a74d1348b180da0d3cfc17886e2524915dff467a81c0122e236031d915e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e4a99c09c8d5039192c8c40b02dd666

SHA1
eaef147e3b7b9f6ff1a9d231cef0085c47fb6038

SHA256
db734a6f7374c8a3b1a7a75f66d2b9a1514d69e22cacb9ae19bc87b55e7feb00

SHA512
d7c752f02290a9aff653217becbbb92e08c4489223350a0ed1a80abbb12b4a9d9141c861156fb7098dcf07639815a03d7db460932d78dfdb6c72c5f7ec6a1a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4313dc9e38307079d2acd3fd19687bc

SHA1
5b5841a161325e5df69131233a79e34470d8762c

SHA256
2cf73ba344a3e0d635dc89d949e454e03f5374c13af3754a95f48519d0493c0c

SHA512
def4f4fd7e7486231d34a010868b7c6c074675f4cceb5797b244abdea5298d7a654cf78ec0bd13dc08c06b897f802fd45ea32c521139df57b053b31d0a83e694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d818b99d56faa88bf86483ae0efc6fd6

SHA1
f98a33fec8afa49eb1c410c6d5ef29d5db4d7c55

SHA256
9725ad84d7ae16929a7a504d6d2d9c12f3081142358738546d44fafe7ed7e082

SHA512
23d36a34962b68c5011a0a06c9daae6a611510b695b30251edf38c126878e38c04ec659005cd7b220bb942c69d2e1da8dc5a47d2523b600be4dcb9fcb34b8889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dbbf7d37d8fdb167a16bfee5f2893dae

SHA1
362962e7f6473aea6ff32468c17b195ed8ca70c1

SHA256
041430b07e2d55e29db1a0c524e05337247b9a1149093da5cdc75c2006daa78d

SHA512
72c7895c8f4657bd54c9da1eafd5f91170a7ccbc149f09fca229a5a08b5c5fc05eab324f926babf7b0fc409bf051c78a50d7b5b672944164726918f4994fb6d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0c37d74ab2013b6806d623d47768516a

SHA1
c09216049bba2fe2d7ff09228522d8c30977ed4b

SHA256
b077007c50ff8b5942c66023ad8cf2ca0ea49bf12fe817c9088c4fc5efbc23ba

SHA512
6a28aab54c2d4447f55becdca32273fa48bf1596c492733f0eedc47c9d0ae346a4984f46e5027d3b51b6a604f0108c8018ca7c11aeedfc4dc0235417df106cae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
713402e80eb88665a1145a6187fc378d

SHA1
4154ca53a5285fe04df8f196393a4c7d96dc0dfe

SHA256
fcbe984a6a2b048f84b4bf78d514d469189ab21cb539f81764eaef5ac8892476

SHA512
ab406e4fd54e259d3bf25788534f43d628698c77b98b9be5e8eec691a4b90add59be9cb6c1ee7624e97aa6448e3d8fd6cfd1be20e6ad3d6dcb9c526847bb3fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2e446dee4f28cb9a8387156bb0aab76c

SHA1
8b08483074f39c67b937b591defe71e781098fe9

SHA256
9bcf34aa50534a3ddb7430bb62a8ad841949e3bdf2a648920640f9f7b4fac6ab

SHA512
7b85248eb5dfc5151a60458275848ff19245e9622f7961f16d5b7b1b605614bafe6caac5f40a6a137a3b7388796224e0e32c8e5c9a26a6fc9d2e4c8e2e7eb535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a68122fabbacec76857cae12b2b73ac7

SHA1
a4268bc799d85640972d3915b36313554c3e5fa8

SHA256
32629fefecfaae2b7e820afe71601f411db1fdfd157c01d138ff265e6b023c11

SHA512
626c4663f0c8f0906101ac22c87dd79f0ca4df641b666f47759d1d52fca70f1bc4abcf6a7cc255637267884e2b85f7abe3be954fc94be118647997d99fde461f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
378eac4d99ad9aae87c80c81c46bc727

SHA1
da74d4d28c613c32a9f83aa5340f0df004907737

SHA256
6514c2ad3099aa2b2ec2e68fb7d3da0e8b31ce60bdb3226dcb69a1d8f505b40e

SHA512
490224d07fce728985b5bf4c672ef8731357725d4d84ff71131c7399890f30f24925f5255b4b31aff22118950402d74f2fedbd355f3c99ce33117b66110688e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f19a7310345a43cada5d5e67d2c664cf

SHA1
b3338ba5fae20372381c8cad4445156b8c083416

SHA256
5eaee0fb2d989a3f1e4d7c00b57cdd6e8f952eb8cce6c4c5273d12ca2a4ac8ff

SHA512
c945e66544ad428a41b58ed3e8d5a0938fb404a5da6c2b5e6eb93c6fd94dd2bc3ffc7112fc740e251b5034462608bda0072178cd5acb374db9c7a2baea9b6beb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5cb6c64519b303add0272654d67a722c

SHA1
a5dd525676742778c5c664ccb07e0cae334ad50c

SHA256
9168cfe6625e745db1a901779f19abf9f998fb14ab8f70b037c1468fbcf4003a

SHA512
f9fbeabc8553093ab1b141dbb8140be02c7d61388904923a131b8659181205ae770fad571a54cff921f5c17a307cd6931a8fd88b2632d21cbdf44b7e68834eeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c6527364818e7984f65e5ae4a30d81a6

SHA1
ecb3f48ef6a16128a627f2acafb28eb31708ac7e

SHA256
ca91c75bad07b5b2794626cc9c95843b648f827149f305f3614828db9289502a

SHA512
b4b0a4c9eaab1ebabc26d5feeea8bb34d3c664aef8d55098618fc735c9197e29c80f6039292ab0b1277b8d2c5bcd1f46a78d05a0a48866791a29255969f16883

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
de21300d53701a21fb88d2de99ac71ff

SHA1
27f40ec765bbbffbcb5540aadc11f0eb632a5a0f

SHA256
122b4180fc134479392aca10a78fa44ebc3220661e7841c3e05a40e8821a83ce

SHA512
45e460a750f5c4b21cbbed0021faf6f67828df28002ab946cfbe50261abe64844aacae691a94a932d736ee1b21755ef485c964389d47f0a63a1d9854b94e187f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
fb0c37f102d75a9e9a16ef9bfd222200

SHA1
e4c7b3dd0b1da347960836d6cf3ed878d8b24212

SHA256
5025242e107e197bf2ed80a13042ac043a7cac560389e5165b1032dc3879c883

SHA512
70130c7ecb8a5f2fdc3997f68385aa5095e3a255d9152a5af1898aba64d22212b0ffa6d15f11c9562ad1c4a633df8089e1cd066825cf320f774f53dd499540f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
ac77289ff0c2439216bfbcdab831c19f

SHA1
56569824e5891a597eda4c7c4d67859a8188b4fd

SHA256
5f88692885b2623369a2f3329f5b9790c09182f249fd08b052b11ffce70eef01

SHA512
bf93b66c97407cbb653e86ed731a6e0df444abb53a49857ac6402f0cc9e12b323a54afc57bcc800d4855e15d1d3c683c7c55147407d8fecc5371c05343971112

Download Submit
C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.14.exe

Filesize
2.9MB

MD5
ec429587b94b0288039bf1492e3350af

SHA1
acfd0ea4f9d321a898fed79e2e8e41e04620625b

SHA256
c372c94338eaaa7ab2eb7c5b6d1c9fc5658ec62da7f5fcd04e2d4c72d900ea9f

SHA512
79090e46a9f6e2cc4728aa4cb5e48eab80d18151ae3257cbede4d685b80d40b56e2ef57a4ab37ddf90ccd67e5cd54a728f559fcf9fc32c6971bb88468c1ec88d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

Filesize
1.6MB

MD5
b49d269a231bcf719d6de10f6dcf0692

SHA1
5de6eb9c7091df08529692650224d89cae8695c3

SHA256
bde514014b95c447301d9060a221efb439c3c1f5db53415f080d4419db75b27e

SHA512
8f7c76f9c8f422e80ade13ed60f9d1fabd66fef447018a19f0398f4501c0ecc9cc2c9af3cc4f55d56df8c460a755d70699634c96093885780fc2114449784b5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\d776dca1-647c-4f05-80c2-896e1bc0dfb6.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4632_447759131\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/548-5-0x000001FBCBEA0000-0x000001FBCBEC2000-memory.dmp

Filesize
136KB

Download
memory/548-4-0x00007FFCD91D3000-0x00007FFCD91D5000-memory.dmp

Filesize
8KB

Download
memory/548-0-0x00007FFCD91D3000-0x00007FFCD91D5000-memory.dmp

Filesize
8KB

Download
memory/548-6-0x000001FBCBC20000-0x000001FBCBD22000-memory.dmp

Filesize
1.0MB

Download
memory/548-18-0x000001FBCBC20000-0x000001FBCBD22000-memory.dmp

Filesize
1.0MB

Download
memory/548-20-0x00007FFCD91D0000-0x00007FFCD9C91000-memory.dmp

Filesize
10.8MB

Download
memory/548-2-0x00007FFCD91D0000-0x00007FFCD9C91000-memory.dmp

Filesize
10.8MB

Download
memory/548-1-0x000001FBAF520000-0x000001FBAF5EE000-memory.dmp

Filesize
824KB

Download
memory/2084-1102-0x0000000180000000-0x0000000181096000-memory.dmp

Filesize
16.6MB

Download
memory/2084-348-0x000001FFDA450000-0x000001FFDA50A000-memory.dmp

Filesize
744KB

Download
memory/2084-1130-0x0000000180000000-0x0000000181096000-memory.dmp

Filesize
16.6MB

Download
memory/2084-1067-0x0000000180000000-0x0000000181096000-memory.dmp

Filesize
16.6MB

Download
memory/2084-346-0x000001FFBE460000-0x000001FFBE4FC000-memory.dmp

Filesize
624KB

Download
memory/2084-1031-0x0000000180000000-0x0000000181096000-memory.dmp

Filesize
16.6MB

Download
memory/2084-1406-0x0000000180000000-0x0000000181096000-memory.dmp

Filesize
16.6MB

Download
memory/2084-347-0x000001FFDA8A0000-0x000001FFDADDC000-memory.dmp

Filesize
5.2MB

Download
memory/2084-1938-0x0000000180000000-0x0000000181096000-memory.dmp

Filesize
16.6MB

Download
memory/2084-563-0x0000000180000000-0x0000000181096000-memory.dmp

Filesize
16.6MB

Download
memory/2084-529-0x000001FFDEB00000-0x000001FFDEB1E000-memory.dmp

Filesize
120KB

Download
memory/2084-528-0x000001FFDF7F0000-0x000001FFDF866000-memory.dmp

Filesize
472KB

Download
memory/2084-1583-0x0000000180000000-0x0000000181096000-memory.dmp

Filesize
16.6MB

Download
memory/2084-523-0x0000000180000000-0x0000000181096000-memory.dmp

Filesize
16.6MB

Download
memory/2084-1360-0x0000000180000000-0x0000000181096000-memory.dmp

Filesize
16.6MB

Download
memory/2084-349-0x000001FFDA510000-0x000001FFDA5C2000-memory.dmp

Filesize
712KB

Download
memory/2084-350-0x000001FFC01B0000-0x000001FFC01C0000-memory.dmp

Filesize
64KB

Download
memory/2084-1641-0x0000000180000000-0x0000000181096000-memory.dmp

Filesize
16.6MB

Download
memory/2084-1879-0x0000000180000000-0x0000000181096000-memory.dmp

Filesize
16.6MB

Download
memory/2084-352-0x000001FFDA6D0000-0x000001FFDA760000-memory.dmp

Filesize
576KB

Download
memory/2084-354-0x0000000180000000-0x0000000181096000-memory.dmp

Filesize
16.6MB

Download
memory/2084-355-0x0000000180000000-0x0000000181096000-memory.dmp

Filesize
16.6MB

Download
memory/2084-1828-0x0000000180000000-0x0000000181096000-memory.dmp

Filesize
16.6MB

Download
memory/2084-356-0x0000000180000000-0x0000000181096000-memory.dmp

Filesize
16.6MB

Download
memory/2084-353-0x0000000180000000-0x0000000181096000-memory.dmp

Filesize
16.6MB

Download
memory/2524-426-0x00007FFCF6DE0000-0x00007FFCF6DE1000-memory.dmp

Filesize
4KB

Download
memory/3104-286-0x0000000000A60000-0x0000000000A95000-memory.dmp

Filesize
212KB

Download
memory/3104-227-0x0000000000A60000-0x0000000000A95000-memory.dmp

Filesize
212KB

Download
memory/3104-228-0x00000000751F0000-0x0000000075416000-memory.dmp

Filesize
2.1MB

Download
memory/3104-258-0x00000000751F0000-0x0000000075416000-memory.dmp

Filesize
2.1MB

Download
memory/3420-292-0x0000019B6B900000-0x0000019B6B90A000-memory.dmp

Filesize
40KB

Download
memory/3420-22-0x0000019B0EE20000-0x0000019B0EE30000-memory.dmp

Filesize
64KB

Download
memory/3420-33-0x0000019B2D8A0000-0x0000019B2D8A8000-memory.dmp

Filesize
32KB

Download
memory/3420-32-0x0000019B2D090000-0x0000019B2D09A000-memory.dmp

Filesize
40KB

Download
memory/3420-28-0x0000019B2D0E0000-0x0000019B2D106000-memory.dmp

Filesize
152KB

Download
memory/3420-21-0x0000019B0CFA0000-0x0000019B0D282000-memory.dmp

Filesize
2.9MB

Download
memory/3420-31-0x0000019B2D110000-0x0000019B2D11A000-memory.dmp

Filesize
40KB

Download
memory/3420-30-0x0000019B2D870000-0x0000019B2D886000-memory.dmp

Filesize
88KB

Download
memory/3420-287-0x0000019B6B830000-0x0000019B6B8E2000-memory.dmp

Filesize
712KB

Download
memory/3420-291-0x0000019B6B8E0000-0x0000019B6B8FE000-memory.dmp

Filesize
120KB

Download
memory/3420-294-0x0000019B7A4C0000-0x0000019B7A4D2000-memory.dmp

Filesize
72KB

Download
memory/3420-27-0x0000019B2D080000-0x0000019B2D08A000-memory.dmp

Filesize
40KB

Download
memory/3420-26-0x0000019B2D770000-0x0000019B2D870000-memory.dmp

Filesize
1024KB

Download
memory/3420-29-0x0000019B2D120000-0x0000019B2D128000-memory.dmp

Filesize
32KB

Download
memory/3420-23-0x0000019B2D020000-0x0000019B2D028000-memory.dmp

Filesize
32KB

Download
memory/3420-24-0x0000019B2D0A0000-0x0000019B2D0D8000-memory.dmp

Filesize
224KB

Download
memory/3420-25-0x0000019B2D070000-0x0000019B2D07E000-memory.dmp

Filesize
56KB

Download
memory/3464-367-0x00007FFCF6DE0000-0x00007FFCF6DE1000-memory.dmp

Filesize
4KB

Download
memory/4500-425-0x00007FFCF5880000-0x00007FFCF5881000-memory.dmp

Filesize
4KB

Download
memory/4500-424-0x00007FFCF7190000-0x00007FFCF7191000-memory.dmp

Filesize
4KB

Download
memory/6044-1897-0x000001C6278B0000-0x000001C6278B1000-memory.dmp

Filesize
4KB

Download
memory/6044-1899-0x000001C6278B0000-0x000001C6278B1000-memory.dmp

Filesize
4KB

Download
memory/6044-1889-0x000001C6278B0000-0x000001C6278B1000-memory.dmp

Filesize
4KB

Download
memory/6044-1896-0x000001C6278B0000-0x000001C6278B1000-memory.dmp

Filesize
4KB

Download
memory/6044-1900-0x000001C6278B0000-0x000001C6278B1000-memory.dmp

Filesize
4KB

Download
memory/6044-1901-0x000001C6278B0000-0x000001C6278B1000-memory.dmp

Filesize
4KB

Download
memory/6044-1898-0x000001C6278B0000-0x000001C6278B1000-memory.dmp

Filesize
4KB

Download
memory/6044-1895-0x000001C6278B0000-0x000001C6278B1000-memory.dmp

Filesize
4KB

Download
memory/6044-1891-0x000001C6278B0000-0x000001C6278B1000-memory.dmp

Filesize
4KB

Download
memory/6044-1890-0x000001C6278B0000-0x000001C6278B1000-memory.dmp

Filesize
4KB

Download