44caliber | hxxps://github[.]com/quivings/Solara/blob/main/Files/SolaraB[.]zip

Resubmissions

09-08-2024 11:45

240809-nwqfaatgkg 10

Analysis

max time kernel
157s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-08-2024 11:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip

Score

10^/10

44caliber credential_access discovery spyware stealer

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/1256365156401680444/Q4ybvTW8-P8cHM7v5CKOThKUJqTZ4f03jPUNC4To8TouPRnWl442RcsKLBOptm6uvg63

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Executes dropped EXE 2 IoCs

Processes:

SolaraBootstrapper.exeSolaraBootstrapper.exe

pid process

572 SolaraBootstrapper.exe
3196 SolaraBootstrapper.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

97 raw.githubusercontent.com
98 raw.githubusercontent.com
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

118 freegeoip.app
119 freegeoip.app
121 freegeoip.app
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

pid	process
572	SolaraBootstrapper.exe
3196	SolaraBootstrapper.exe

flow	ioc
97	raw.githubusercontent.com
98	raw.githubusercontent.com

flow	ioc
118	freegeoip.app
119	freegeoip.app
121	freegeoip.app

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{04EB43C2-719E-4EEB-A3DE-201A6BB66712}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeSolaraBootstrapper.exeSolaraBootstrapper.exe

pid	process
3812	msedge.exe
3812	msedge.exe
1608	msedge.exe
1608	msedge.exe
3116	identity_helper.exe
3116	identity_helper.exe
2416	msedge.exe
2416	msedge.exe
4280	msedge.exe
4280	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
572	SolaraBootstrapper.exe
572	SolaraBootstrapper.exe
572	SolaraBootstrapper.exe
3196	SolaraBootstrapper.exe
3196	SolaraBootstrapper.exe
3196	SolaraBootstrapper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exe

pid	process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

7zG.exeSolaraBootstrapper.exeSolaraBootstrapper.exe

description	pid	process
Token: SeRestorePrivilege	3176	7zG.exe
Token: 35	3176	7zG.exe
Token: SeSecurityPrivilege	3176	7zG.exe
Token: SeSecurityPrivilege	3176	7zG.exe
Token: SeDebugPrivilege	572	SolaraBootstrapper.exe
Token: SeDebugPrivilege	3196	SolaraBootstrapper.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

msedge.exe7zG.exe

pid	process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
3176	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1608 wrote to memory of 632	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 632	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 1180	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3812	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3812	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe
PID 1608 wrote to memory of 3600	1608	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2a9f46f8,0x7ffd2a9f4708,0x7ffd2a9f4718
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4092 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3640 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3244 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4952771496674638905,8648269830743133991,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1680

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2736

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Solara\" -ad -an -ai#7zMap25432:70:7zEvent6824
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3176

C:\Users\Admin\Desktop\Solara\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\Desktop\Solara\Solara\SolaraBootstrapper.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:572

C:\Users\Admin\Desktop\Solara\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\Desktop\Solara\Solara\SolaraBootstrapper.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\44\Browsers\Cookies_Edge(98).txt

Filesize
2KB

MD5
00dbaea57ca18279378e579e6dbc2bfb

SHA1
5c7e319c92c5fedb287400805956d16b8b53b4f3

SHA256
a762c8143e6e6b3ea88bf9ad6cd30664f550aa2619a45491197a5271e437d133

SHA512
03d7f8e67889346663f252e1d28b42c2e3fda29b0260fdb8b85b718e26f8c3321185bf7b38d951e77f8572cb85539c864f7c22689b593413157c86f3d02466bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
37KB

MD5
da4c2d9295fbab7844d4f29079dbb8d5

SHA1
2e214261c9f3394badf103af57a2b9bd6f89a68c

SHA256
b2f523dc352a436652fdfa66e899f589653015929b1add2da64eeb9650a7febd

SHA512
83a66de2c3593c960f5e7567f8c315f983245334f63bda67c7490570753bce7e865a1f752d15a5b6f795fb4cc4aa2a122ce6bcfb86bf3e116f00df7a558a92c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
37KB

MD5
a2ade5db01e80467e87b512193e46838

SHA1
40b35ee60d5d0388a097f53a1d39261e4e94616d

SHA256
154a7cfc19fb8827601d1f8eda3788b74e2018c96779884b13da73f6b1853a15

SHA512
1c728558e68ed5c0a7d19d8f264ad3e3c83b173b3e3cd5f53f5f3b216ed243a16944dbe6b2159cfe40ee4a3813ca95a834f162073a296b72bbdedc15546be8f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
21KB

MD5
a6d2a865e9f16ea305950181afef4fcf

SHA1
082145d33593f3a47d29c552276c88cf51beae8e

SHA256
2e5d94863281987de0afa1cfd58c86fde38fd3677c695268585161bc2d0448a2

SHA512
6aa871d6b2b0d1af0bda0297d164e2d685bc53f09983e5a4e1205f4eb972a2017323c99c3cc627c3fb01381b66816e570f61d013d3775cddad285ac1b604cdc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
c4b8e9bc1769a58f5265bbe40f7785ef

SHA1
07ff14df16d4b882361e1a0be6c2f10711ddce50

SHA256
2786986a3139e9722e667f81b4902609a4cf458e1c16206cd11feceee0254192

SHA512
a39157460b523ee2b9e1eacccf7aed99ff002767a8f87287c1c4662b6711b97f7d4955df64a86a882417fe71e598719e3934e14f787c1e6b3348c8a4c813e3ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
57KB

MD5
919d13ecf08e3da7e9f337e7b60d6dec

SHA1
3d9bd4aa100f69cf46ad175259edd6ce9864830c

SHA256
9d4575044d2efd5e90503beda65571b5158a3f32d999191ac1f82d1a5ee62ad0

SHA512
98d8236ed1c44826b4489b9fb7b76c62502a032547374446c53dcf2eee2f5fe3548c6587fce66df9d075294bc2ab6be97c3cb21457bc899451ebd3b476715985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
137KB

MD5
a336ad7a2818eb9c1d9b7d0f4cc7d456

SHA1
d5280cb38af2010e0860b7884a23de0484d18f62

SHA256
83bdfb7d266fd8436312f6145c1707ddf0fb060825527acfe364c5db859887a3

SHA512
fa69455b3bfc162ab86a12332fe13322dfd8749be456779c93a6ab93e1d628e246a31a0a55cdba0c45adb3085acd62ba0a094b2115529d70cb9f693f3b1da327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
bd96190c3723c6828cc6601ee39d46d4

SHA1
8ec0068e12d9f113b01d6077cf634f19079cbf53

SHA256
ed8fd1c5a4f0e11544b694ca505105c2a8fb4b643b41bae87b2b4f1ba14f8d1f

SHA512
7c649fdad52f9fe2bf76af6249b3d7de40ccdde73618c5b929fb16fe32e51873f7a73734e64b54e918a31d42d6430128c8801787e4ff5ee89fd9265ba9875dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
297cbcb74c884fb2917a3d8c3a9ec636

SHA1
95b7f7050fdac151ae32f11eccadb9736331dcfc

SHA256
5a4a6be152bf79cf40fd57ca81bb57005a8dac2518b2cc699b6bafadd2e7ebea

SHA512
d2f7ed3f152e520cfb4e007c7ec5db65b33e2978699fdc15329d01482dc7c1f8caa094c454543eccfdd7267cdba04e205dcf9d58210e32199ea57932e3dc6a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
259f03c51ff2563276965de9073bca74

SHA1
10776f5219b3f7602ad0cc910c31a04ebd8c470b

SHA256
d438ceb75bf16e647abef46c35e01a34134e59241d7a42a9cb4100735900e05e

SHA512
05504fea407f067ce0047c57623b559ee433bd22d85135ed77f7a5babf8c828b219ae47bf54c6756bb5951b1fc12d88e426452a0c4197d470a0fe30ff503dd8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
38828da04ea0b6abd1291200263feed1

SHA1
9477c8e7ec54899d40912c3254cc69636b4b4e1c

SHA256
9c0cb26b65985c9d7f3275d198755f066d409a1dc69299189c24184457ea7cdd

SHA512
f2e544f6d984e7c4fb643bbe5685f4fe097ef39258afc0fa589036de0dc9f8ca1721054b408a614b4600a59d8aed3d2cb88f1012b386d3065d449b8917c40c01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
046f5626e7808322329a205d33082ed9

SHA1
1128524f409958b1d2b29544fd10ced448810040

SHA256
e69ac0ccaf14ebfb1106b8fc04105379187a7e244963af70709916ed7d4b9681

SHA512
28aad8cdfa8c24413e3e621465e4d139774ecffa076a3185dd4ab59b94c2fc4b09f8acef7cd062fe5ded028ec6c5448b760944a4a8e70f3f4d5a06f06873ca51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9afbb2cd62a7438f0fa42348404b17c2

SHA1
a12cefa502a7dffbe3c1ed3d5b933b847dc10e03

SHA256
fa86a36040d2ce0634b3bf36d5a686ff6178836014111bfef18aa9ccc0614094

SHA512
dfdd39e6d86686108c75441da42f40c5b9f2e839130bd4ae1eb8092d9c228cbf74b97cf3520aa5c953f4b72b40708b50f9ecd87b185ec3ffd0faf1c706cbcc55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f5cbed72117e9f4fe441b57b30f5fd2

SHA1
5b1b5ef7d2087eb2ac3236f98c5ce967c7991575

SHA256
4996fda3ce46513cc4d1991fbfdaa0c491e3cc34ef9e20b0197d01031cfa0550

SHA512
ddf2be31014af000329584c879f17fb8c34fed80de888caec10574810f20fbf70b591ccfec3d17afee3c380a5887905deafbd3bbc388aa1b0d04d1c071c1d34c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c1c173e8d5c706b49e06562b8e9c989

SHA1
b453729a8b06f96270b36ade24ed3087bf3908b7

SHA256
e58a2d55364f972ecf25ba3fa254ed35b6dbfb47e86fb379e8f304a728fadad2

SHA512
2e7f8bc1f686d3b7baa1c7c21f0b7b431fc513f13c3d3a6a32488124aaa4762d8c9b947b2d8b593bd897d4eeeb51a9b1b03d9db75c1da22dea7b1e10855edba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ac6eeb39ba97d9e344c0e31b11a3d248

SHA1
9d06597f0502d7928ae269b3f102ef7435ec649b

SHA256
024a06b21b3cbd3a256895e463ff5fe0f0f426da40f9dd2c7bd9e3467d681059

SHA512
d661b724dd89d36788aa8642c382ea1670e9b9fe67602463239eddb46091a848ea6009a25ec948a43cd97e016e5b12192adb5bce4b9834d537990760513ba20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ffbbf0d885805524555659eabfea82d4

SHA1
db289433d84a1917c39a0c51fb881150e0d3769a

SHA256
2d1cbc31c42fb31c4ef19d8108eb2a40b708aa7d905ce9487c0260983874b795

SHA512
31ffaf37d895ab92786db2dc810f5b63e0204f6fb6cdba09fc3bb108d48ce9bcc0da22014829e6213ffdc3a5e4ad4fd24aea4d3df1b6ac22b0605c5e2fb91d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4d9b13c1836b6a756f4f6a4b8c8a986f

SHA1
e994f0feb4231dfbca64facb54552f6b4b01c117

SHA256
a51443dd0e76edf8762006e406b30435f610f5c9e4e89600f4b77b072bef667a

SHA512
1c5605ab02c182d706c47ce0ad40ae6a9cd717e150107cffe9b19a289158d2c08360954dd20888b61f67939b106757d7e7fbda8358f59585d589e0ad56300efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
344c5a79681c93030ca9b9c7a805fcf8

SHA1
836c4003c7b0961e2fee6c50cf284f01806ce9c6

SHA256
ff6357064ab4c615dde385c0822e32212cbeeab7fb48ec6a61cfaa05ddf55a53

SHA512
03c338141e1b844e2d92add81a6b4d4ec25ccd484a3cc8fe4ddc96c26e8ec27e16efa76144bd1d120b78bfddb571bd3bade44a1c0bcd3cf2eec500885ef74bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b5757b66eb4c02aaa2d3b2fff003b06a

SHA1
97f1f7812ed9aa6689917a91c3c0dbba80b45a8d

SHA256
e900b4e78bb811e7c6f6ecd44746e84679fa87c3e46975e44b2e7a20446f9486

SHA512
5b17597ee2a7a60c0a6e5c97f55fa0956236e8964cafcfb845dda318a30fcec69d56129e2d824fcd7803a9a45706b27db86b9c85aa9153aaf39d29097112a88e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
325a82cbd59919a63cd6cd96b58ad4d8

SHA1
7d4f8ae36040030f9bac199153d2b1a2dccc8759

SHA256
d8d0fe5afc04eeb14f312804535937718ed54251a30ab3d750ba3d2e34471c8e

SHA512
6d6a8153ec52206b207ce3b598df1a22eb2110cd9fd400e5e5a9e04e48289fb426730ed667f089a9398f603d2312b32f6cd7c09427333245adddb4da990714d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
23b11b16005bd45bab1911b0b6099b5e

SHA1
6a747fff0b015e72e1047b04d57e450b74a27f00

SHA256
eda3b208d1a6acd34be04b3a30f5c3391b3747e90a4af679961281e7edd8d8b2

SHA512
f349448d7f30f5df5267cc3d8b521024aca6edf1eef400d71d22344ebf30012491579a1f70a3acccf89891566da595b73fe2d4388cdd9149c941a7738e0e53b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8384afa2ebd7bad1e4b318a946720b55

SHA1
435afbc808d6bca99b5e52b9797062773acf63a0

SHA256
7d8b80f039a59fe4261b378f9f0ebc964be3cc734b9473bc4166eb771e5aba88

SHA512
d869660aff27b3032892d107b356bc89bb2284d65fc36959239cb437c53547b048a7a1e904d9c35edf5f068f84c203d29172f870c94c4b8da6602da4dee12b96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
da0bf086a2bfd4b3f2a68c9d0e83b369

SHA1
6a819487af0c7c8242d7f28ad68855589a1d673b

SHA256
61d64900130db1908e63c68f9a0233b9ec1080378bd6e6baa362e80363093c73

SHA512
570dc949f151f78675a9215ffbdf22d7284456c74183e6791c8785fa983aba22b0c5296cdf67334463d1327c9c71290c1ab5f325de8d0bf7f9d43a3867377cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
574e4052601543fe5a497e21d1dae480

SHA1
f4883c06818f342bf28776cffe9d168754a0a7b1

SHA256
de477ed312f0df05fbbfb6ca4d03a8d354d7a652b90b93da3288b5e945901091

SHA512
c7040c56ec6856fd4b5019b6bab96d616bb8f6da87af500ba1dfeeb33a3ce8d1a3c5d3505902eba9827020714495f5d2b244a3e5166dce0cb0a140f1ea466976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cad2.TMP

Filesize
539B

MD5
e8d7ba99393e4640ef3684e9d0e922df

SHA1
56400d0472e0e6225a60be3afec8ebe6ed255aa4

SHA256
078190b020238dccf67a26c934a4409bc75b029558e16c7d8bd7dcc76265c78c

SHA512
f7a38e468c91441ffcf4ffbc0dd4684b195f11c40a026a7881725503a6863cdb88dc1a2f26fddc61d49e78ebe8379c68be120305f9419ebfc04464feae422c67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c19a7314b0b33b0b79c0186765984481

SHA1
29a6e22e26fb7eafce5707e888546c77e8426ca8

SHA256
c0d74dfc9660356e1f57395b5f39f1f05b475da1390d6443691ea863ffcbf08f

SHA512
5e69a3d9e43acedb39a599a31fbc0520179784ef900e31a224fb2ee51e365851ada76f59756f0841f85004057f70d722445acb543d31277ed3b90afa9a82685f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
991e157b046c6663991a23ea881b9ea9

SHA1
86f65fc41ecf57d8307e6257a96cdbccbcc94c17

SHA256
1a68a1a33a9131383418543deaf1ee4df715fae320e70a4bf510497f9ee05598

SHA512
c7f8039f4fc9e259b85a22bfd1f8eb14314c4440935725551a0e000e7e2bddc846bd3b5ee6fe91c77905612b5b0961e9710019efd5b73733777bab29b4daef09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
01ff1de112b3acfeb46c46cd0d4c24c7

SHA1
c37a62574ae207edae2d4757d3226b0ca033c74e

SHA256
eff6da7c1e169dc1f447b2cc538a794d1c211395060155e0c14a540b674939c4

SHA512
0aa19b4959cd1986f2a6d33cbcc4b462a07238016a1498a021ae50fe7d465b170a2d215791993f65d053b987771e40d857d661681956aa485a961aa4b14fdede

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp9A29.tmp.dat

Filesize
116KB

MD5
d043c3b1dd97ab7bd50595da14179f63

SHA1
babc8e16e8135d3522d5429d537a72ef06949937

SHA256
c40239ec5709d58a8788bea0025cb224fdf425c9b95bf1c4e45a176f80d7b8cb

SHA512
bc6addacb7d7f7a446732eebc5074e03114ee54cfc3347d04a943d829968483099424e08c709cda1a4b26a7d2484ff7e54356147d6ac7681e674216bff7198de

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA7CF.tmp.dat

Filesize
114KB

MD5
e228c51c082ab10d054c3ddc12f0d34c

SHA1
79b5574c9ce43d2195dcbfaf32015f473dfa4d2e

SHA256
02f65483e90802c728726ce1d16f2b405158f666c36e2c63090e27877ae4e309

SHA512
233ca5e06591e1646edfadb84a31bdfc12632fb73c47240a2109020accfbd1e337371bcc3340eae7a1f04140bbdeb0b416ce2de00fa85671671bb5f6c04aa822

Download Submit
C:\Users\Admin\Desktop\Solara\Solara\SolaraBootstrapper.exe

Filesize
303KB

MD5
7553c649cdd15e01bc47cfa2dc88fdae

SHA1
1ad33f546146e52d05e667f0907262c1e55cb958

SHA256
12a8d265fe2c0fb139d2dc9994ebdfaf7aea93a2ecc18dc4e132f1a04d36eda6

SHA512
b40c066725b3f9ece6f75dd11598ad73f702b608253a4fa990774d2a61433b7a8218e19c3f5b348b62d18f533069f0cb228bcd5904497e98cd8f77d94a9d1849

Download Submit
C:\Users\Admin\Downloads\Solara.zip

Filesize
122KB

MD5
113afd4831b0045f71fbce54640c7239

SHA1
f80f9f9efa86fe1d4f3da65d24dcb261b09905cd

SHA256
513448a67fb15ee1589b05a326adea54e2851f589467a8f52326757aafc97742

SHA512
63882646ad6326a30db54d6212a1fe5159d53ae8b4568311f84ac91a3ac1eadfc30badba6676b6758b4d6fb1df198cd3b6aa171c9de5fb8c36cd4d776a38b293

Download Submit
\??\pipe\LOCAL\crashpad_1608_AYFGZWHIXMCLYTOI

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/572-984-0x0000024DEA360000-0x0000024DEA3B2000-memory.dmp

Filesize
328KB

Download