hxxps://github[.]com/quivings/Solara/blob/main/Files/SolaraB[.]zip

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 08:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Executes dropped EXE 1 IoCs

pid	Process
5844	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Loads dropped DLL 5 IoCs

pid	Process
5844	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5844	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5844	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5844	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5844	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Themida packer 16 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x0007000000023617-1675.dat	themida
behavioral1/memory/5844-1682-0x0000000180000000-0x0000000180A63000-memory.dmp	themida
behavioral1/memory/5844-1685-0x0000000180000000-0x0000000180A63000-memory.dmp	themida
behavioral1/memory/5844-1683-0x0000000180000000-0x0000000180A63000-memory.dmp	themida
behavioral1/memory/5844-1684-0x0000000180000000-0x0000000180A63000-memory.dmp	themida
behavioral1/memory/5844-1884-0x0000000180000000-0x0000000180A63000-memory.dmp	themida
behavioral1/memory/5844-2124-0x0000000180000000-0x0000000180A63000-memory.dmp	themida
behavioral1/memory/5844-2135-0x0000000180000000-0x0000000180A63000-memory.dmp	themida
behavioral1/memory/5844-2158-0x0000000180000000-0x0000000180A63000-memory.dmp	themida
behavioral1/memory/5844-2689-0x0000000180000000-0x0000000180A63000-memory.dmp	themida
behavioral1/memory/5844-2708-0x0000000180000000-0x0000000180A63000-memory.dmp	themida
behavioral1/memory/5844-2832-0x0000000180000000-0x0000000180A63000-memory.dmp	themida
behavioral1/memory/5844-2892-0x0000000180000000-0x0000000180A63000-memory.dmp	themida
behavioral1/memory/5844-2982-0x0000000180000000-0x0000000180A63000-memory.dmp	themida
behavioral1/memory/5844-3393-0x0000000180000000-0x0000000180A63000-memory.dmp	themida
behavioral1/memory/5844-3655-0x0000000180000000-0x0000000180A63000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
53	raw.githubusercontent.com
81	raw.githubusercontent.com
112	raw.githubusercontent.com
113	raw.githubusercontent.com
111	raw.githubusercontent.com
52	raw.githubusercontent.com
67	raw.githubusercontent.com
68	raw.githubusercontent.com
72	raw.githubusercontent.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
5844	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Drops file in Program Files directory 43 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-es.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-und-ethi.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-bg.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-cu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-hy.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-la.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-nb.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-pa.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-pt.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-fr.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-ga.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-en-us.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-et.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-hi.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-kn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-te.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-cy.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-de-ch-1901.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-hu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-bn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-de-1996.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-eu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-mn-cyrl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-mr.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-sl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_1451826841\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-be.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-de-1901.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_1451826841\crl-set	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_1451826841\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-hr.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-ml.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-nn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-da.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-en-gb.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-or.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-ta.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-tk.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-as.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-gu.hyb	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627423819848965"	msedgewebview2.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4204450073-1267028356-951339405-1000\{BD2B0A9E-9BDE-47FE-B3F0-34BC7394D111}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 518179.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
1032	msedge.exe
1032	msedge.exe
1184	identity_helper.exe
1184	identity_helper.exe
3944	msedge.exe
3944	msedge.exe
5580	SolaraBootstrapper.exe
5580	SolaraBootstrapper.exe
5580	SolaraBootstrapper.exe
3692	msedge.exe
5972	msedge.exe
5972	msedge.exe
1640	msedge.exe
1640	msedge.exe
4556	msedge.exe
4556	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
4380	msedgewebview2.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	5580	SolaraBootstrapper.exe
Token: SeDebugPrivilege	5844	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 396	1032	msedge.exe	82
PID 1032 wrote to memory of 396	1032	msedge.exe	82
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 3576	1032	msedge.exe	83
PID 1032 wrote to memory of 4936	1032	msedge.exe	84
PID 1032 wrote to memory of 4936	1032	msedge.exe	84
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85
PID 1032 wrote to memory of 1168	1032	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbbd546f8,0x7ffcbbd54708,0x7ffcbbd54718
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6648 /prefetch:8
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6660 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4120 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7204 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2152,14513224931908308039,15069263933526781361,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7036 /prefetch:8
  2⤵
  PID:1500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2172

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Temp1_SolaraB.zip\SolaraB\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_SolaraB.zip\SolaraB\Solara\SolaraBootstrapper.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5580
- C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
  "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of AdjustPrivilegeToken
  PID:5844
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=5844.6128.2968932183990766819
    3⤵
    - Drops file in Program Files directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:4380
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=125.0.2535.92 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffc916e4ef8,0x7ffc916e4f04,0x7ffc916e4f10
      4⤵
      PID:816
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1736,i,3033381319299782279,9862129330521139705,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1720 /prefetch:2
      4⤵
      PID:5432
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2024,i,3033381319299782279,9862129330521139705,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2028 /prefetch:3
      4⤵
      PID:5424
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2020,i,3033381319299782279,9862129330521139705,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1680 /prefetch:8
      4⤵
      PID:2988
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3640,i,3033381319299782279,9862129330521139705,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3680 /prefetch:1
      4⤵
      PID:6104
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4720,i,3033381319299782279,9862129330521139705,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4688 /prefetch:8
      4⤵
      PID:4608
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=756,i,3033381319299782279,9862129330521139705,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4664 /prefetch:8
      4⤵
      PID:2000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4380_1451826841\crl-set

Filesize
21KB

MD5
d246e8dc614619ad838c649e09969503

SHA1
70b7cf937136e17d8cf325b7212f58cba5975b53

SHA256
9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1

SHA512
736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4380_1451826841\manifest.json

Filesize
113B

MD5
b6911958067e8d96526537faed1bb9ef

SHA1
a47b5be4fe5bc13948f891d8f92917e3a11ebb6e

SHA256
341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648

SHA512
62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4380_145752217\manifest.json

Filesize
179B

MD5
273755bb7d5cc315c91f47cab6d88db9

SHA1
c933c95cc07b91294c65016d76b5fa0fa25b323b

SHA256
0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902

SHA512
0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\331095a1-60d1-4a74-97f1-7b6b91cead89.tmp

Filesize
5KB

MD5
77ea66ca643369698999c0cc253999a4

SHA1
bb9a23fc0eec8a1662f38d5586f5f94a854be819

SHA256
c94872fd94f934596080f6f2c04d81ec34668941c77dad1225b29eaad9b665d7

SHA512
452f32d267977f5d57230ed28e23c54d6de666c15e74be7036c9cde18f5485d1c24c04504b438a2bb4083eb74085767f92a4dc13895809c41fd7598f4e1d0748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
43KB

MD5
5603b360361ccee22e80139155302574

SHA1
0834d5ef163e14699ae495fdf654e9a6803c60e3

SHA256
628c66400b1ccddb5db7006fb7077565411ff4f0ea65edc45a422e8680a261cb

SHA512
4c69cb561c0d31394be447c34fc4b8387d20833b9812898d00a538e1a44607aadd2d0a9c02b59fb0a1f081a758d710dad2efabc9e0ca6b67244e1cbf3e451003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
44KB

MD5
77c7ed1cb5ec7515f4c8ce137084dae6

SHA1
961394a4abc483eb13f14b3f0fcd7c6b119b6223

SHA256
5fa73b28ecce415789f72ab4dc7359e3df477def53efc465ef9675900eef92ad

SHA512
678e4c946bbbc2fd15d36c0508500e7261e0e0646e5db9c2f69aaafd5be71b78342a0f2e2b94937b8165b097b3b5149fef22628baf4c6436d35d004e0ccde4e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
20KB

MD5
475f45ffc6f05aa8c4d87186d839ffcb

SHA1
056743e68e8b1db6ea8f0172d84cb69eae58d523

SHA256
6fd8c21e404a97518afe2fed2bb6474e2c5239ba892a6d490f41adeff20a0c4d

SHA512
2b7ab34a35f5c6520a9eedcb17d5b21dfb4b2d912782e34524fe9688f43a69c82461ee2cfff5c8060e8aae0153d70ff5a4f5d4283250e414a011c224b195af62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
24KB

MD5
513b7136bd507d79b9665f53a81ad178

SHA1
280c948e22dfc09f6002987208aee6a18e280b5a

SHA256
343ee2d4f77295ec4c4434881142697c8eeba9cbe6faf119229b1bd9b7a78925

SHA512
6e8fe29b3fe4fb80c21c39f079e73121b18925f08a7b622da7ac905b06e6f4788fe1257af86675a4cd91383411c3a3342b36e2ab56d5514f49da848d9a664838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
26KB

MD5
4e16f537a06814316da05e69174d7834

SHA1
1e65e767778c9c870cb7c6f2b287f61676fec4d1

SHA256
a46f21a8415f3921c1e11c328002063a1dea9fa1a9374bcdcd15658de4f8c6b2

SHA512
64c617331f5ecbb24416acc021520264e458ec8648b386994582b8964164899f39fc78cb308e90afc9bcaacd93fce7abb00d786bf58a0a9bcf6630d80562ba54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
28KB

MD5
0bfef87ffd8aba6de7fdfa4059620bd5

SHA1
6878c8b1d77b1f69fd8bb29dd8bafd03da5de969

SHA256
2a50494e7e4af4b24cde08a750208faffc21e029f3a522b3d13628dab3f569c0

SHA512
897c2cb10987c35a30f00f99547b9a89442cbd3db261efc0cf8e1660c1cbb896fbc95a292d9fd6d39c5cf251f660d3643f156c0ff266382c3390b920680a1bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
56KB

MD5
eb1261c92ce5ef9db42ffb3acb2b5571

SHA1
7b756904e77229f11228134040b4d707eaa0f950

SHA256
e5e9cf23dde21193bcfa3af4264003f2bd7ac301fd7abb3b69eda3e7362a7bd5

SHA512
5807d9e9a16d4a2009c2ba8df4c0153ea01d5e103787ea563692ab409a19f59e3e0a35f31040878eeb31684aa459eee404d9432e9cfb77c40e66590d1f9ecd31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
59KB

MD5
734b2634d6bd90f79c11a5a66d4b0c76

SHA1
63297828a39564595668077443578dba231ca1b4

SHA256
c5fd9976795f9981f0d993158313738de59b80ae32ebb71d7e649eae4d95cd76

SHA512
f1faf57cce672d4561dfd5e388764db715611f27df6d24c5600672bfa576328ed2497f7f29ff6008b2882a85b8c18eff96a0c05070440a95a7114061f1dfc605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
101KB

MD5
e2c3fe6f6ff0dc400860d4eec7c1eb7d

SHA1
8f5cfb9137bacf247f0870c088f402f7916ccfdf

SHA256
ce1c093ceab338c0ff1369292955b7172b4b2d27655c7321c957349726f94b5d

SHA512
305cbaefb83c3c18c8a2335fc5bfd5a72bf375b8fe607bf87d1f2803ffe5bae3e26d101a2518f58ac840950964ba02426a5c2d94804e8d4e463d6c223615f920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
88KB

MD5
7eb559a01cb12dfc8570e0c01c532f9e

SHA1
f598de43f6db399cdcc2aef3e9a591694e4bf809

SHA256
610b21efc71affea978be04f80d522228cf9a2608f6c6ec7e778f6f732cfa5b8

SHA512
a0b9b16a336b135161304b025932152c3c57fc55e642a49298cbb382d2c223707da79b9890619385dae0363a8facbfa83ed8bb9711e7a30b9d32af54610806ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
67KB

MD5
42f570580bd905a3be7183f448cb4c55

SHA1
4fae49710b43c0f697965cf45136befbe131f809

SHA256
5169ee96da98ad71038274127176c54324bb928a9dca877e92993abb03864a51

SHA512
5ed7ecfdc27cff36b7c887edb4c4a97d6e40fabef8f4c7c53b63aa93b5e91211973cc1e37b6ef0639eb0eb03e92c94e3d54796be27d0dbb9a70017ab8d4ed804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
75KB

MD5
25aac7bb72292b2d04b05542c17bbd87

SHA1
49a08f5dbc6d081f5f1e83c69c8c60cb7e7810df

SHA256
715699c77fe77d0142a8104bb2e55b536c79f22d5b1a988895dbd56bd1812e6c

SHA512
b68198ed00c8df57af87b84a31d80193c18ec390e2ccb7866fe4459975ec7e256e0b8e2cdf4cd456cf3ebc8a9c3f623dda46333646bd887c697d9fe3bb5e5981

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
20KB

MD5
8144e6637f4c38fe7104aee0830e8639

SHA1
baf44459604befb30853dccba736a3929e9c5689

SHA256
d6d2c4389707b0a2e0c54a631af49952a1ea4aa268683ac235558ef784a53c56

SHA512
3fb1affb4b87e03284b19e866206da00ad0c9b6015a649342967e8aba535db9796b2787dd2dbd00c75ae362ae6b1174cb0ffb994cd86c14c8326d50d381f3c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
30KB

MD5
d96b6a74c9ceff02ae9cc41bfa91c77a

SHA1
99c666491cd95939d2b65bdab76fac42e5ea3c38

SHA256
3f545bdf886ada31f172f4a4a9dfb81d6a8268b77061f6cb8ba791f32301540e

SHA512
f0e1eb4063c707da65b23bcc362877b936e3a633e6fba30dd2271ed9418af408492074f25ea47826fa8199aecbd2089375722ae7ef2661776fcf6ce2b2544395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
21KB

MD5
0efbc7fe240e80e0e02c93f8e5dc2557

SHA1
6bfeae203650fce8de8bfdb766f0c31a8943001b

SHA256
655898a7680b38a901fc6d5ff8e3e26606854400a22aab54cc1f2aaa5393fc23

SHA512
f2b0907d766c75d563e67d751b6d20672d43902eeb730bcd4464fe50b8e706a87d4dd490c04869c40ea09a7b751ca989cab4d6800ef7780562efdf27fa0d4dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
29KB

MD5
c2fd74b0d25885a2f146b7fba0c5f77f

SHA1
1db7537b4a020a543a53157c7c113fe84cac22cb

SHA256
a57ae92c31b499517d19e85174c123cfbcdfa12f58468a5e6d11d984736e0f8b

SHA512
8afeca7a6ef29f16e09ee09c6e441c251444e021e8f7b36f7110afbe34afbdd61917b3fdf33050daf42327c25dea3873055db141f4e80e2d4196efee46ae6500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
20KB

MD5
948f4c33bfcf0af0558cb150ff6cec2d

SHA1
d405867c5bd33a17c6365d204dc67fb8b9988ab9

SHA256
f91578e8b6a04b28a1245ad70e4aa38f4dfd03939c5732e4fc28d887b937e5af

SHA512
3ec21ec07d882236e29ebb2291856eda4ef37f400692abec5da64d9466b07a20417456d5e46e51d38388d78bb7d4831a9df4e2b1e188ebef010dfd2387186913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
67KB

MD5
e70938d710a16a5a1a3e1b29032a0400

SHA1
f476869ff75f98343812391258a2d7ac6aae0b06

SHA256
e0bb16c378542cae89614c1cd3a0c40d059fd076b3740353376bd0940c958fb8

SHA512
7d81d98162c8cdb417632df789794ac32e2549883cde10344f536cfce2ca9a3edf2910c303b29fbe68d639b09fda91404906f53e51b9dccc9d057bc13ebac4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
39KB

MD5
e1f6e032096b2924e561c3928b9dc73d

SHA1
f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad

SHA256
fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8

SHA512
b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
41KB

MD5
60df02cbc9b6a531c2d3cf32025a4dc8

SHA1
71ce31d6e0f59f98855a01b3eb9a37a86352189f

SHA256
2d73eefd868f115745117f76888a9b0124453918522046796a55c3621ad2c15d

SHA512
cfc2d4bc147bc757054c07a7e347091922d4ff9b7a0f856d0a3c278f5a98fac1a539d05ea5c375868b372f006a530d14558ac7027723f83f3b22087bd12992dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
42KB

MD5
cc7ad65e0558327d8fbe8ade40ab94e8

SHA1
6c153e9bf971f196db25cb2cb3b62f77f0a1299a

SHA256
956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30

SHA512
0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
40KB

MD5
f1cad4800853bba09a023250de102801

SHA1
76e1a6ae10ac4db2a3e4e8bf6b7edd692c4537f6

SHA256
e73ceb9052ea848498daacd8a9fff37846cce47324b38df12e9dcf0bf25d2e3b

SHA512
4e869ccea434e71f03ab513b3aa6212da3326cb9625c467b782df48367cbf5c69fb8a073d68180877cfde2510dbe74670046b897125b55f013fe595bb7d3595f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
37KB

MD5
5fb8eedb2a6a9e2e90430281abd6d849

SHA1
23285beac4e29e76585e5dce01a777973b922649

SHA256
7544147782a71b8fe2126cb948a6520626a49f1011326f3bf58ef376c5e23531

SHA512
6f3183b5075ea2ace2e4fa62601372bf7df073d399e908044a08bcd47b83695624b621cc6b71e73594fb7e2aa19bc37ac1f1111afb8c5b5f3a68a7410339c4c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
40KB

MD5
4db144641dfd4b8f83c37064f465e275

SHA1
0102bfbbabcee387eb508cb8ed352d000cb56709

SHA256
87057d30c9131a5fa79fe8605a7a0306a15b985107343cf8c7a5a0856e049d1c

SHA512
3d94b01a8ecb1af630875051ae6f71a0ade7c3d07f5843d7c46c0ae7bd962c02737cd3dca4a81fc8a0f4ee077123804d4208de1077eefc74284ca93f750d3010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
17KB

MD5
b27adf6d2aa8ab6e48872a15568ee1cf

SHA1
80257d7b21a89e5b2d364a58ac881453cd440f6b

SHA256
2f6fcb63c8350958911090b62ff9950f21efc7329e075bc13401a5973418581f

SHA512
2749733701878c555962ca132f4cf693e72d105a2c9bcbce3fafee93a1cb75f9f93bebaa821626a0d146a0f03e475b0a3d02dcb30ce34583d3a275f6e14921ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
73KB

MD5
601b479a2794dc9a249a642b0db09f4d

SHA1
de1ef016dd1d085d3b03fb4a408726211648cca2

SHA256
e2b12d42ab03cf2e7614c25625a3cc995aac1d9a17c909da3fe6cbe550e78b91

SHA512
e173a6f1b4b9b4d3e5528d4c9d9f14c28fe5c829e4f05eb59781b16ef6981b1f5d31c8aa700ee0183e6d61509ab8f3b55461afe37bcb5169f12248aba14b219e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
19KB

MD5
886c885acdf5667bd41bbd074db37d10

SHA1
5707cbfc06981f8af55e84fe1940afc0906fbd41

SHA256
22a3212a8f71f3f712243b537fd7b5a21aa780bf6c6a573bee76f88e571ead24

SHA512
53a115f983afee0cad131b63e43ce5d70d25f96f7f4bec893f8e8b04479c37478a9c09348f4eee2632dc4889430c817ca40d93027c6da6aef0899b4db9cde9ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
79KB

MD5
865f1b052b535d0bac54ea8b5586cd54

SHA1
eaf89711b032eed5ee46b19db62c3e688a39ecf9

SHA256
937a4559ec79f92f7c7208dd4c231fb9e79a704fa857df0c347309a754fd973d

SHA512
828a7daaedb747b16fca073a7d69a8afc8330b3e4bf23ee1789d96251dc599ca974f2852a2b365a7e14993ab107090f9779b2699296581ea86f8ecf3c84405c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
41KB

MD5
8f74e06a15e2bfad261fbd9cc4eba2ec

SHA1
2e813424ca4af16ae4e3ab3fa658f9a4719ff865

SHA256
b32739426d6bef013deadae9cfe1a6847d78f8cfae959ccb88a973dde3471451

SHA512
bfed05495dcc6a0e063e8f0dc974062d72993057819e6407fecadb62fc925f6a88602d0917696eb605af4b9fc88281105106cb1630b9160a87bad2555e5019fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
31KB

MD5
5be09c7c686dbba1984fc1a2bacb772c

SHA1
b0626f753ce1f18bd01b5c29d86af92a7152e07f

SHA256
c85491a931fe791cd1b23d54b42bd7abec503842ed5cb76420ab365c4ff45b4a

SHA512
2fb59449fa9a0334e85c0342352037a60378e484ad0e0cc417b9559fa8ef7ac81c972a50dff01d177db0875bf244b3ba90bda0565e269be8e745aa7470e223b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
42KB

MD5
b715a5dd019d1b8771a3031ff85c972b

SHA1
5768744eb85d3137d094458e4b7842c1c5c526cd

SHA256
e9ca7a8587bb3674824a28a8a80836e3483dc3bbe97c658bf7c984c5b424920a

SHA512
22e09e48a13ced3a3cd95a5f40b5e9ccbbad8abbd0d6af7dd4e411d63c662b09f1ad2453909a6c7a0d0ce34f250f2fbf0d7f076dced281f133ab7f21d2008d1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
22KB

MD5
d96bc8cfcc751bb4d7c1c4fc79fa7ae8

SHA1
ab1728612b94c8c8910a863fd7017b42e9ec2501

SHA256
bc13472aed9cdf363e21fa5110934b068abf640f9dbb38287a75bc73fec6f561

SHA512
e3f1720eaa3d53d28edf1baa34099c22a6cd8c20cb1b039cfa6e2c32926b0bc06265784f88fe5433aeb3422be1c3a57ed91cbec7ce22661b0af3ae14ed371c18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
57KB

MD5
c37a5314ba360c995451518527cf293c

SHA1
22d1c9ce7d909b3ff70f6ec0c8bcbf999015ba11

SHA256
65beb8051538d1938ec9af6e82affd097e681aca80afcc3893fc7d1081fa23b3

SHA512
51c80c33f1b1756ea187827ef20cc4ba1917a7727759adcb23daff5585ba5e2fce7d98162ce0659ff50fa556e8b0c8d58ad7143e93f74808d6c287b25b2ed3e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ce

Filesize
87KB

MD5
b6692ef1b1b1ca24ca6071b50da45ab6

SHA1
14376245a66157fa78c1c30a4a057eb12836e915

SHA256
1ecc2aa37ddca596599924b5dc4b7d53acac7857c106ed825d72c71ce1fe57b5

SHA512
234d1b1e56632015c0a0b5e92f8ea88f06407cfcb353a6b138222013a1c082b0817075717f1d0bd8a31dac44e69dfd8e842f472cc6438f985cbe24661ca49c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000109

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
70ffc4a31553e0a0bb0c72df57c7d143

SHA1
282a2c717be6bacd9f6d261ca378ee811ddeb721

SHA256
adb6e74ede2ee7f5a7b5913f8a76a0c777eeb262933591457208835f7dc321ed

SHA512
70a4064b68a547ee4739f7e3067d40fa88e5e54faf3ced70b13147d9051be9db12857822aac55801962e93e14c598fe12244e4571a2dbeb24cd2edd850fb1e80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f5c16cc7e494edefe5b1f26681bbc1cd

SHA1
b3aa45b07f3ca65f3407b6d25f03bbe8f71ac8f8

SHA256
7042194237262d95ca6491782fd9501cdca89bf8fb83562c27be9923e6c1cf2e

SHA512
04bcf07333dfe9b56d01e2687225e0508ec83ec9095fff57eca7d14918dc7683ed3e3d7e51ee9e0c85c57955372eb6d9ce27ff8c4c84dc7821fc9e3576a85121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
b14056327a15cf6533a80bc381642351

SHA1
1edc53486fe483434b8f4193f43a0fc24a61ef7d

SHA256
f0baafe31d231e3ed87eb87e3c65ee0b8952016739e361923860d8b45e5ba040

SHA512
89033c595145d2fba84a1314e5f3a963341ba69cb4524ed7e1daf689db056e34fb9ba996c23581d648e3ba6ee838bdaab11fc4d5dd940d2d0f1bce6955799292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2ff5f7f6de8e2371a09f4326d4996cb7

SHA1
71d5641c46c93122691e26fe1454b7110a3bada3

SHA256
0ffa43ed80ec95f291cd815bf8ebebc31ca5ab7cedcc7a85afcf571f43326773

SHA512
32c908ceceef6f699d6331e2b88165bf1ebc75c0b7d539245f4a4e6feac1c593e8952ecb5266a8338dcccc3bd9a9bc17dd20fa74b8cce7a16ae6504cdd7cd572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\file__0.indexeddb.leveldb\LOG.old

Filesize
359B

MD5
5bfc6eae0b7e1fb55e2a39530701ea37

SHA1
0255056b8b6257d94c5006389bde9b206a7184b0

SHA256
9f9e277c7b923872bcdf434b071f64aab559b28800ffcaa852be1d15b9fc9982

SHA512
5f594232ee7212493595d055a1900f11b09621d6f1868bc8718b36b0a9c94b9ea688794ef837d05b5fce9dbdb91a133c53f6cfccb9040d05e90edadc460d7e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\file__0.indexeddb.leveldb\LOG.old

Filesize
359B

MD5
94b5467adc34293eb91595900ae3e1dc

SHA1
aec03a9181f26f8b6c4b61908e5c7b4730e8bd6d

SHA256
ebe3560ccde12d93e4ffb5cec1130f10bc408d74ccd6836690514b6a8655dd09

SHA512
6c336f3848b192291da9019a0b1c290c3106db764ba65dab67f784f70d42a64a84ff7ffd2daa71f4fd2376eb78dfd53972fd8b7acae5d46686049a72d1443e6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\file__0.indexeddb.leveldb\LOG.old

Filesize
359B

MD5
80c9871a2c7bc91a11f869f6df9b4de9

SHA1
d6b3faeeba67df83c1c6d856a77e479d0316cd1c

SHA256
20ff236fc91654c7f875a100423ffc3f07693c501c45d19935fb6454d9bc705f

SHA512
937692b1286f15b137033b7629f58893c4d82a75eae0354729567e722c22c0b8d2ee7af069c74ef4b76a4206e3b77a7e4dbc4a6778c093450d54a70da419fd24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\file__0.indexeddb.leveldb\LOG.old

Filesize
359B

MD5
15d6780dde69bd312b81e8c28c37b194

SHA1
e8aa19f65f23b28af62c82a74f640f04ccb032db

SHA256
b96b4ae06b7432e19602b6810f45b4a7c88717d0f934a99fa456da5e52d16335

SHA512
35cb4b026a43e2f6cbdb54a54b425b305b76a633d666ef7bad1e3218fa01f5bd8094b3e24eb1a1fe82fa1697b696943b298ca75dcd952ae45170111409c0fd02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\file__0.indexeddb.leveldb\LOG.old~RFe58fe22.TMP

Filesize
319B

MD5
2bdb955a5553f20a6252c19b6fda355f

SHA1
e63b037d7901f2df438e21d14d013034c89a1901

SHA256
9d22453c1099fd3067869e0752406a7c00f53fa6b7aecaba938c9a3fa4645d6a

SHA512
9c429be534dccd661f164183b44a4bccfbcf0c4554a438f25654a5da5154e92ffd4be5d5af7467fdc8a0a8d8c4ccf267e5178ae8fe6eb8fb8e8c0a8954be762f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
5c864b4ba71ededbff89f3cfb3807257

SHA1
82d92552f52926d12874268d05e3ea64e8597b0c

SHA256
be53c28b0683188ec55cd4ec0733bb33a2c5d7066b65bcfe71ca4bb847355609

SHA512
5bb70a9e84e86c013a40c7bf8c9f61addb60e11e811993c9115584738659fde1eb23982a8005e27a4f5601278b2fe1b7c12f20c9e66d69271e418792d941f67b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e0170f030b607480b9f9a9e09e69d0e

SHA1
89a54b5dc26a50063b3097aa02eaab7bb3435a1f

SHA256
c310220ce42eac41cadf1b8b50e7d638fcf159610bab3c0ac7c903fea48b5a4a

SHA512
df283071f9e6a9ee5a59bed7ba9a180aa089a41511393f5db05899ba17e80773ad296e3b9a7c32c7da139b051fdb1a0ce7029fffd43f28d1d794dae06514d641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c7ccfdea290a7ae5237d1e0ba40aad73

SHA1
b9657dd697c7b8fa36ad5debd55875199f492551

SHA256
1ec8c56570cd150b1fe75cff6973e99aa438f04f61e1d59bdcc31a288519fe1d

SHA512
8bd7b5bcd992cf055cc2bad15c67c5babe77f2e520a1a3822c50d04bef936af87a6b909148994029bcfcab48b9a5c48e19f4cb79f6758c79a4e4973bc606d2fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
67bc1aea036f1674793ce659ef74607a

SHA1
817dad3e7535175fce8a976e80a4cbbb13ace3fc

SHA256
c1544f875b36bd7d1512574d0af4ea7543acf7cbd8a5f03054e7e7e66eff4b12

SHA512
d55e4ae58fb83c5cf004d8edabf468974ae998f335a180c8d620de888239bdba17b06e42be65f2125e7ecee44a9774e2ea5f22411650b93d18abb46952e50380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ea84a02fbc9a7005ca4b48e7b0d2c57

SHA1
4724a46d98d9b35e7b45779bea0f49f36a028efe

SHA256
db5d12c1e4ac7494a929f6de48ad5c18c764acdec23661a5da0eab9fd5a2e6ea

SHA512
675ffb660e19d2a3b6c94b20b7a1159d9f848e6e8814d7554ee9d574550cb43724b4232a1b068932a257b2cc20974f035c1b0619e442e6b91d45f6b408a2020a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
542fcd7b2efa8582f8ecfcc6884056a8

SHA1
093fe73f677d7c7ed17c2a5cf271d864333657af

SHA256
ea1336b3f958cc3aaff73aaef45ead0046833f06701241f70cc915cc0d27c921

SHA512
771b6b8bfcb866cc1b2e5595fec9be3cfed831d68cb2e8cda1709fdaf72fdab620563eaec9284b19104f5b7d2f3da454d0ae03af370fb3a5bbf636d405f8fa3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0faadf9ab6ddd0ff777bfcc5c259fe02

SHA1
9acccd6746cb304bc4c33ff8175bfdaa21a311fd

SHA256
440edf60d105c4b91515f0bea9bfc5169c9a5cf742c0963649131b082121dd40

SHA512
5c4719d37768b1029713893df89600f1e24d7f07225c5d251fdcbbec710160e67825d8cd3086325885f50f50cce639aaa814e7d26f453c6ec014be4dfd35d7c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2833f0b5f6fc48337a088f1828610808

SHA1
f4c832a88c35d328b526adbb6a9f726c5c383646

SHA256
de79c9fb1d0a662fb65eeec3dd8c5e375e51e936ef5c49c7b281fbd1115afbb9

SHA512
5df23e13b48353111f8760bb2a1d857e6f7c66de3871022243bcd8788131e733ee38ffe97990caa3954ae97af8d00b6d932c178c65d43484fec3fc7fff163b87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fda97eff6c2bc52f5087b6a14b8cadf6

SHA1
6ce59df28f6a899ce1c1118c71ca582cc882af13

SHA256
529d9a56ba49312ab1768701ae286db455d88766d38ae35c0c9b338174df0272

SHA512
f592269193d875bf071319840505b153e5ee1dd8fe185bc9a69217861aafa9e13cdf4413d5f4383b7282b5d39037ca886e9b3649d7b724c18c3c772f30ada318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c6228b39c9c05f8043c167c01184ae25

SHA1
dbb3dab41e77b6cacdac2927ad389511da56ed9e

SHA256
b78848f208e07d5a6a941b1fc2d662c75b7b392a7aeae1b71de6cb4b68beffb9

SHA512
a9bf17b6079e5ef1600c6700a582dfdad6e10eb117a0c822728deac707dab654613e238afc5b24d05d759e962a57c95583f1cd4110b6e19768181a60df39eee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7002e9c4f326c5d9678422ba1d2c4266

SHA1
2ac60777d181bfa007a1eb2b08863d819cf8bfcb

SHA256
fc76b68e7146cb2f0927320cfaa0bb4a729657347cf47e9306412eacccc84216

SHA512
054361ef9acfba89ea337b98fc6a4a203bdb290c8e4427f00dc3aa9e75b4a3a01fbf66fd1293a4635aa8baa089b41d794fbd7281aecc90125477f20a3b28435b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
0377ca50a5afa4c2f910da6f9ede70d8

SHA1
8217f10684586f0ae18df42e178e60fdb90d9aeb

SHA256
4325388e93ef8b2cd4f27c83baffce2251c13c565a0d64ccd7347919489ea483

SHA512
18db3be5517795e09c246a72e1bafd922b2406d81f879b96a13f90ef447f493b9efc9adffbd1163d67aae378443533847f5baf3fb4ee3b6acefb7339461f8408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ecf0548627be93018b0e96a3f3243487

SHA1
11859e584a7e821ac1527bde2a165d9c620fe483

SHA256
ce2ddb1383e26476d53ed022bb3ef9620ba6f4f8bd97dfbae585e82081ac6796

SHA512
4993674fdb1fdd124ede96363c63c3cd00c7936812c9f20af53b0b5af7b818281dc5b5b907425bfcc933e50578df17bd6a11da164273e7681293b3f743557f61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8a57e346c5d28db74327165334fab2c1

SHA1
e1afb3be6099f2aa743e5bad2c866c21abf6c964

SHA256
6fb87fd321a48744b597dd3a4a641651a21b290264df06ba406e35abf7e6d95f

SHA512
3d0fb8bf9b5f6d183c68d197e05ca2f48a4fa72eb0f582a175ba342166d9446401157c36afeab2e36d7d7da0fb8987981d10e48637f164ae046d555b9895ca2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f07f27c6c6a54e9a7cf4437f462e8165

SHA1
6973065fcbfd263c1518dec5ea6e39bbb977dad2

SHA256
86c4c71d24d9e5986b79a20ec4ed094b5ae18d14fda27b8b846c6934af4f30b3

SHA512
358a9b392afb0a37388442099e8aa88e18506285778dfc6b2c2fa16a5c9d2fedb44d9a939a8f171d1180e83a752132f5599737b7476c204388188728a4778ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f450da3d39d4c55867cb0929f31a7c5e

SHA1
e783a0772ae12e6ca60e5e5b2d10c25243e075ba

SHA256
683108061833d27897248ac0a1ea94ed67cec25aa59543c9bbe2591d99ffb496

SHA512
5c96aa7b9132065bc7331f9a8b97159395c440637ea0657492fdfd0b341274bd1f7c306e215d41c16157591ca94d86bc6557a2e020bb204b7ef6c5e2fcd79796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
64a18003b8be397c887445e7bf97d735

SHA1
28feec0dfa50a624d0ae372740b7da7e2a44b83c

SHA256
c7826f18d4484496fd24c6a6f8b46c553e2db12ffc097ecccf0c4e7af64646db

SHA512
9fcdaf24b0d67a0d011300d6e16cd10c22ba2df0452155150ff92e1dd2dbda1271aff3e617f50d5620801330ca89ce273f87d1de298210397744ac283a1328d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0997ff60c4bc34f2e98d17fdc0d13d6d

SHA1
174b3aef9a59011346fc1b8909c083dffa2e417e

SHA256
fb5e9473e17300ab55374a6a7c483f187abff48505e0f004f7464e2ad9ba7b76

SHA512
ffedcf452a52bd10d3fb7b53e24e8f082abfd41d1e94f154f7438a73390470aa46235198d39872d9d8ac5c55eca0e6bec0bd5821e8a08a17a123a090f4c6d250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8526bcaf411648761858078b1fed60f2

SHA1
505eb1b68857ebb5506b5695075269dd9210243a

SHA256
e7871af595f004ff0c91193ddbf8a571e0012d64db6223021d7205945344c8b7

SHA512
aa9d9b6c6d2744bf42c678a8a4d865e279d9eee1cf453ef6f40991260d95a99895441b653c5168ca9ae41e9307fd47a1e592f92808db6d253cea153abee9a1f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a58e371a-0f4b-4859-a81e-61da981037c0.tmp

Filesize
2KB

MD5
17009282cd27bec5f51d38082cce86c0

SHA1
f6ba0c7a1add68faa25eba533b17354df5af8655

SHA256
abfbf92c84ae8d754fe6ab185a20ce29d0245d2f5e586440f59a2197975bacd6

SHA512
edd9bd1b10e133bf0071ea548de336220a8ba370320db85a3e90108addcb4dbbe325c5f6a8b69cb736638ddcda3fbe9bfc99681bcb6fee4d323cab05fc128c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d421b7edb368d19486b737ef50cb79ac

SHA1
cd41d4248a727a0743af6c65cf9d8e58de44bde5

SHA256
a6e40f6780fba21b5c722bdb8185b5c3857ecb9d0cf81603dc00687cf8d1dbfa

SHA512
50fc61371ff376c1a35255d3e715c5e8b8b4ce0c0b112435137678e215bf024e9068e5a2697a66f45edf9b88ad0d65cbfa7ec84da2726df98a519e4b29ed72a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8d35a5e678e6c73d4ec64fd38e60b43c

SHA1
0dde985213a48aa9c0798d1214057b05eb64e973

SHA256
22a1a50a104ab22d75cadc675ea443c30294ff10ec92c9762d61c7e2f3472707

SHA512
7be47887098c1aeb615e355d7a5ffd8c09445f061797528f383c8d58f6d2b4d335750436f92ac639e738583e69634b142eb4442af29bca18eb0cb7b89910e678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
8844638e6177cb32cc9be27635ebaec9

SHA1
8423722a55b54dce63ae228773dea9407b0bb742

SHA256
bcd8bae8327e087da3c489554938fc7cdafbc10a91a53a6d884d466e4b4038d4

SHA512
c91d27e480eec0d4877a7f46200751c37381e2dd15b1c2b54e65d904f93361c5efbbe7a2406a193ea82fd56300eb45878e87fb5b2822d4284b6eaa377e1a0582

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll

Filesize
488KB

MD5
851fee9a41856b588847cf8272645f58

SHA1
ee185a1ff257c86eb19d30a191bf0695d5ac72a1

SHA256
5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

SHA512
cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll

Filesize
43KB

MD5
34ec990ed346ec6a4f14841b12280c20

SHA1
6587164274a1ae7f47bdb9d71d066b83241576f0

SHA256
1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

SHA512
b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc

Filesize
139B

MD5
d0104f79f0b4f03bbcd3b287fa04cf8c

SHA1
54f9d7adf8943cb07f821435bb269eb4ba40ccc2

SHA256
997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

SHA512
daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc

Filesize
43B

MD5
c28b0fe9be6e306cc2ad30fe00e3db10

SHA1
af79c81bd61c9a937fca18425dd84cdf8317c8b9

SHA256
0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

SHA512
e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc

Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE

Filesize
1KB

MD5
13babc4f212ce635d68da544339c962b

SHA1
4881ad2ec8eb2470a7049421047c6d076f48f1de

SHA256
bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

SHA512
40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\index.html

Filesize
20KB

MD5
08d9ac1e35385587b0c3c8a73ea97234

SHA1
d1db15b5e97152be999339d90630f68ed06a6b78

SHA256
016cadaa9a8494b15efea920a5ea9c02b441e90dbc7c444e73db3b307f93a741

SHA512
8061a5a92f828642ea2fcb319571efa406ed67a75b4d4da1aeb3da96391a72fcde670e3e52efef62d37ddc17f7eca5afa0d35aa02bfd1bcadd8e86240cb802a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\basic-languages\lua\lua.js

Filesize
5KB

MD5
8706d861294e09a1f2f7e63d19e5fcb7

SHA1
fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23

SHA256
fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42

SHA512
1f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.css

Filesize
171KB

MD5
233217455a3ef3604bf4942024b94f98

SHA1
95cd3ce46f4ca65708ec25d59dddbfa3fc44e143

SHA256
2ec118616a1370e7c37342da85834ca1819400c28f83abfcbbb1ef50b51f7701

SHA512
6f4cb7b88673666b7dc1beab3ec2aec4d7d353e6da9f6f14ed2fee8848c7da34ee5060d9eb34ecbb5db71b5b98e3f8582c09ef3efe4f2d9d3135dea87d497455

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.js

Filesize
2.0MB

MD5
9399a8eaa741d04b0ae6566a5ebb8106

SHA1
5646a9d35b773d784ad914417ed861c5cba45e31

SHA256
93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18

SHA512
d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.nls.js

Filesize
31KB

MD5
74dd2381ddbb5af80ce28aefed3068fc

SHA1
0996dc91842ab20387e08a46f3807a3f77958902

SHA256
fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48

SHA512
8841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\loader.js

Filesize
27KB

MD5
8a3086f6c6298f986bda09080dd003b1

SHA1
8c7d41c586bfa015fb5cc50a2fdc547711b57c3c

SHA256
0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9

SHA512
9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\VCRUNTIME140.dll

Filesize
99KB

MD5
7a2b8cfcd543f6e4ebca43162b67d610

SHA1
c1c45a326249bf0ccd2be2fbd412f1a62fb67024

SHA256
7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

SHA512
e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll

Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt

Filesize
67B

MD5
20a69e281196e5f46806ae6972c3393c

SHA1
ec2994f495f6d4564cb13f4d9e605d3305392fa0

SHA256
75aa1057a08c3a687993a97a2ba50418c2e82281dafa7b2d4279e9d334c66e9d

SHA512
a9723a24f3a22f4771e449d5c67d2177552389cfaeff9b62d22baa5b8eae70633b0286216d398f521728f61c055e11a1dc42079fa6e861bcbdb89f405faa403e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll

Filesize
3.9MB

MD5
0df8e80fd47cee0af8a6fb8ae2fd2237

SHA1
3780465816d176d162dc32895284aeb631efefd0

SHA256
2bf8ee57bc984b47d8662dc580c4aa97aa48807b5f7d5953d72c14e7277da045

SHA512
1864cc3cdea3ff3262bac5f1e308f9c937f329516b9f48c1a69eda9246d3ed0c8cdc51b4129c73bd766166327060eb4002d96a28f9e7ed361210b4a869aa1194

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Filesize
86KB

MD5
d213a75b1956398e4c36bcc2f93339bf

SHA1
6a2739cc0e67f5593c744fbcbc8f00f12eef9954

SHA256
ece75d080f94df4b3699389021337b1536cfed229d1325f09b03f0b0d6d85ab4

SHA512
d32ddaf4c6f8f8df6c390d683e6c039f3b0d8f35f68f690b28bf88b17caedf0e11abd3aeb2e46238d0cd0a91b2db095cca0782b4e27f04453ea4cb6db38f4dd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
61fd1bc9fc0d132e5df97b516146e16c

SHA1
b70277cf25be77c5b71bb258ceb0e1bb337130e8

SHA256
1b3276464350acbf0c9ffbaa6e259a1d155c743730f2bd2dc07c2b42192eb078

SHA512
5731090b74f666ee95a0ebbd6f5c841fad29b4d8bb7da41f4f438760223e5cded4e1c58342b73f7be974842fa4f77e41ca56e8a600a6d8b6060642ede9217749

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
21c47e4d6f7786015d1604bb295bd012

SHA1
735d7361029035ef62ea03ab12b1b4de05e35874

SHA256
ee48fd376531d84c7c15f21af265337c51732d695e742a2a62322b6df3b7bd8f

SHA512
e537e0caa093aa67502c20188bb409b430b009b3968f9d9936e0338467418e898cca02fb394d9f15bde1002c9c96821c3df7f401c5342905dddcadaaf5bd11f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\9dc6c3e7-a84e-48da-8596-59f636a8c099.tmp

Filesize
6KB

MD5
13a7a1b4f17b3e1693a60a88639f38ef

SHA1
a97899e9129be5c0d88d8ab67c70f011bf11753f

SHA256
1e7d4be6c23675a1eb45e570ec6b89235af333774574e56e898f6f7df169e316

SHA512
b2ed46e3ca438f21fe3d5e78aad6bc015bfb4e9f6c272f4a89e75b8e27c2eb38e156bc4b1f01dc2844d540cbc871482c6429d4e7eb51ce17790600d56693112e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
1KB

MD5
12c620ba7d7f45ec67aec1340d6ac3b4

SHA1
ed16b43ce61bac2cc96f2b3ed36085ffdf1a2664

SHA256
757bc274804f9226754ba58c0e415d6c81d5e48fc6388b01ed70987dc64076e7

SHA512
5f0667d05ab3a16925c4a5cfb15cb6a246ea58126cb7842a11ebf28e4b58d7342a27365b0667b23d3a24ca6038ac2bcf58dc979a202cd67187a8d582958fdb78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe58d174.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
b9a90b3722c810deb833f62a0738c8a7

SHA1
f6bda20137afc6547181f4bb71d146d7aa14dd2b

SHA256
048d25a033144f2ed284536492cdfc3235b8384c811b20ebb02d6b2da52e1484

SHA512
5a324bceaa9b67a7338c85b404f514348370373bea4e6cbad242e27c148c224f33bf5bcbd70eb7e9bf11a107683badba38a3c920a351529eaa7949c2f908a24b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

Filesize
2KB

MD5
044c039a91a1e036403eee93b9eb411b

SHA1
e8da9d681db66b1c0385b4092ad6733f9e2113dc

SHA256
6c446b916e7ef9bb0309b5605893c6ea512edf85eda82f25eec09345f1ca5e07

SHA512
036c028e65ccc7e136bc78b743dbe82c0b1c0a41789dde9c9fa3cb7229c9373d3897f534c1592b811d43a95c29d51b0d6fe350bdbfc8bf75a9eb6f42618346e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
bf34b280525968fd424d86a65605ca44

SHA1
9b82daaf2218c7c72ecdaf7d1775f16255466064

SHA256
da3bf4938771cf77d4b724b31281742c5aacf0867379a97748d049ce43b96529

SHA512
eea61ad3b6de6c2954538ed57bc3cecd85c99c4409a5c42924d11a44e75ae44a02300bdb64cfb2341f3ff70078d0abe925534aeb8acbab488f5cb82671ae4d27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
9b6e7f56469ca828dc3cc259f8c7ab8f

SHA1
00480b52211826b4b58040ed55b38e559409e28b

SHA256
62c343b770c258bd45a3b8f33e7c760b3f768a6afe30450b8625152b78b90572

SHA512
c9faafe71c2c7391d777eb4edf9d4eb55e9ddafde111d24000ff8f858c64871ee9fefd27d5cb1c50ab9b7815f4cd3d5a97cf84a3d10246c4d2332a60023c18a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe57bbfd.TMP

Filesize
1KB

MD5
438b66674b824a767bc2ca0cb3bab769

SHA1
4cc312e5175780cbe5d38d6c81dfa35de549ad8b

SHA256
836f879959004c842eef4dc6879231e03a91c266505a40409f7eaffc40c50b11

SHA512
d5825c304eabf778f8c809df82f469cd9714b94a5bc2bc8e20ef724694f463e6f3a1656f65d4a8b09db31e71f01958e53411d71798357547010987d4504192f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll

Filesize
522KB

MD5
e31f5136d91bad0fcbce053aac798a30

SHA1
ee785d2546aec4803bcae08cdebfd5d168c42337

SHA256
ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

SHA512
a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll

Filesize
113KB

MD5
75365924730b0b2c1a6ee9028ef07685

SHA1
a10687c37deb2ce5422140b541a64ac15534250f

SHA256
945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

SHA512
c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

Download Submit
C:\Users\Admin\Downloads\Natural-Disaster-Survival (1).htm

Filesize
126KB

MD5
85be38c2e0aaef4df64b5d97b0ac555e

SHA1
893b83376a5759ceae151cb5a7c880e6f8d708df

SHA256
d123e5cf254f1d745568b4bdb4fd118ebb77c11bcbfe9cb67b13d973b1563b71

SHA512
7c070a08d2d49517a0c0d0f21cc010afc07fa246a9a49d132be48375b2d76b557aa5dcdacf8504d2e1867d6e403220ae8c59b98bd2c9a1ef32406460816bd4b8

Download Submit
C:\Users\Admin\Downloads\SolaraB.zip

Filesize
5KB

MD5
4ec8143b6dbe27870cf8333711ff5096

SHA1
693d467ebec348469011ffef1bd370b113653147

SHA256
2510be907ec476e8375ac7b5431536ae9a32bf99fe77ab695a5100852b111b96

SHA512
b513d2b9c63d999ccf459cea625bfdc481e44f0f3222996182a0d0d89fdb97ed754b927c7a429e43b96f13d2fc73e2860edca78b162a41101ae97e1a0f4e054e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 518179.crdownload

Filesize
5.4MB

MD5
a0396f9bb5e0144808cc7c7fda47e682

SHA1
76bef1c55c6f288ca5988d344c4e92ee8f3a6329

SHA256
b5d35eaf2ca4befb5ac6de8680609c9a86fdc257b49d21ce4c8d17eddaa1b51a

SHA512
dd49140d4661d813501d67c44d5fedd6bdc7ce731242fb33973b0b7a5b603344682fe1bc393fcf9fe3f5ad10ed9f1de7dbc42c66ec16b84063fe535f288ab7e0

Download Submit
memory/2988-1755-0x00007FFCC9410000-0x00007FFCC9411000-memory.dmp

Filesize
4KB

Download
memory/2988-1756-0x00007FFCC9590000-0x00007FFCC9591000-memory.dmp

Filesize
4KB

Download
memory/5432-1716-0x00007FFCCA510000-0x00007FFCCA511000-memory.dmp

Filesize
4KB

Download
memory/5580-200-0x0000000005DE0000-0x0000000005DF2000-memory.dmp

Filesize
72KB

Download
memory/5580-198-0x00000000052F0000-0x00000000052FA000-memory.dmp

Filesize
40KB

Download
memory/5580-197-0x0000000000920000-0x000000000092A000-memory.dmp

Filesize
40KB

Download
memory/5844-1683-0x0000000180000000-0x0000000180A63000-memory.dmp

Filesize
10.4MB

Download
memory/5844-1685-0x0000000180000000-0x0000000180A63000-memory.dmp

Filesize
10.4MB

Download
memory/5844-2892-0x0000000180000000-0x0000000180A63000-memory.dmp

Filesize
10.4MB

Download
memory/5844-2832-0x0000000180000000-0x0000000180A63000-memory.dmp

Filesize
10.4MB

Download
memory/5844-2708-0x0000000180000000-0x0000000180A63000-memory.dmp

Filesize
10.4MB

Download
memory/5844-2689-0x0000000180000000-0x0000000180A63000-memory.dmp

Filesize
10.4MB

Download
memory/5844-2158-0x0000000180000000-0x0000000180A63000-memory.dmp

Filesize
10.4MB

Download
memory/5844-2135-0x0000000180000000-0x0000000180A63000-memory.dmp

Filesize
10.4MB

Download
memory/5844-2124-0x0000000180000000-0x0000000180A63000-memory.dmp

Filesize
10.4MB

Download
memory/5844-3393-0x0000000180000000-0x0000000180A63000-memory.dmp

Filesize
10.4MB

Download
memory/5844-1884-0x0000000180000000-0x0000000180A63000-memory.dmp

Filesize
10.4MB

Download
memory/5844-1664-0x000001C8E7600000-0x000001C8E761A000-memory.dmp

Filesize
104KB

Download
memory/5844-1689-0x000001C8EDB60000-0x000001C8EDB6E000-memory.dmp

Filesize
56KB

Download
memory/5844-1688-0x000001C8EDB90000-0x000001C8EDBC8000-memory.dmp

Filesize
224KB

Download
memory/5844-1687-0x000001C8EA0E0000-0x000001C8EA0E8000-memory.dmp

Filesize
32KB

Download
memory/5844-1684-0x0000000180000000-0x0000000180A63000-memory.dmp

Filesize
10.4MB

Download
memory/5844-2982-0x0000000180000000-0x0000000180A63000-memory.dmp

Filesize
10.4MB

Download
memory/5844-1682-0x0000000180000000-0x0000000180A63000-memory.dmp

Filesize
10.4MB

Download
memory/5844-1671-0x000001C8EA830000-0x000001C8EA8AE000-memory.dmp

Filesize
504KB

Download
memory/5844-3655-0x0000000180000000-0x0000000180A63000-memory.dmp

Filesize
10.4MB

Download
memory/5844-1669-0x000001C8E9B90000-0x000001C8E9B9E000-memory.dmp

Filesize
56KB

Download
memory/5844-1667-0x000001C8E9D70000-0x000001C8E9E2A000-memory.dmp

Filesize
744KB

Download
memory/5844-1666-0x000001C8EA0F0000-0x000001C8EA62C000-memory.dmp

Filesize
5.2MB

Download
memory/6104-1832-0x00007FFCCA510000-0x00007FFCCA511000-memory.dmp

Filesize
4KB

Download