Analysis Overview
Threat Level: Shows suspicious behavior
The file https://github.com/notvember/Solara-Executor was found to be: Shows suspicious behavior.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 22:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 22:51
Reported
2024-11-09 22:52
Platform
win10v2004-20241007-en
Max time kernel
81s
Max time network
90s
Command Line
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Solara\lua.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/notvember/Solara-Executor
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9de8c46f8,0x7ff9de8c4708,0x7ff9de8c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3274268077712540471,1288765443264430456,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,3274268077712540471,1288765443264430456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,3274268077712540471,1288765443264430456,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3274268077712540471,1288765443264430456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3274268077712540471,1288765443264430456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3274268077712540471,1288765443264430456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3274268077712540471,1288765443264430456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3274268077712540471,1288765443264430456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3274268077712540471,1288765443264430456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3274268077712540471,1288765443264430456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3274268077712540471,1288765443264430456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3274268077712540471,1288765443264430456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3274268077712540471,1288765443264430456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3274268077712540471,1288765443264430456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,3274268077712540471,1288765443264430456,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3274268077712540471,1288765443264430456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,3274268077712540471,1288765443264430456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Solara\lua.exe
"C:\Users\Admin\Downloads\Solara\lua.exe"
C:\Users\Admin\Downloads\Solara\lua.exe
"C:\Users\Admin\Downloads\Solara\lua.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | getsolara.app | udp |
| US | 104.21.95.19:443 | getsolara.app | tcp |
| US | 104.21.95.19:443 | getsolara.app | tcp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 104.17.245.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | 19.95.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.245.17.104.in-addr.arpa | udp |
| US | 104.17.245.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7de1bbdc1f9cf1a58ae1de4951ce8cb9 |
| SHA1 | 010da169e15457c25bd80ef02d76a940c1210301 |
| SHA256 | 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e |
| SHA512 | e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c |
\??\pipe\LOCAL\crashpad_4916_CDVEKYLPAKJBFIYP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 85ba073d7015b6ce7da19235a275f6da |
| SHA1 | a23c8c2125e45a0788bac14423ae1f3eab92cf00 |
| SHA256 | 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617 |
| SHA512 | eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9cc8511373c69647b0e08609b4abf919 |
| SHA1 | a108e4317c857a3e81463315eddebe1251fd5554 |
| SHA256 | 8c54759e76656fe40fb53b2294fc4f661dc457fd7aaf9d4dfb892d60ca9a21fa |
| SHA512 | 203b78148f5cf1665dc6795c6a8b84ba2a2942995586ab73391e001d755e36b80f8f8750747f77eb57ffaa20667a207b0016a3f55e0b0ffaeef0fe4e7aef15e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f28547c4-f3cb-4a06-a87c-f60ee677eb3a.tmp
| MD5 | 50cfb439989be8e036ac4e6e81da16ee |
| SHA1 | 0237a322e8934c0c9d8dd835d2b022366e3cc363 |
| SHA256 | 81e0fc117a9c9f717a7b9788be8a9104795189b33ccf8906f8f079f8b2ca1590 |
| SHA512 | 63101fd23180d92d9c21f4d272f2311a3b2371f0ca14039db1fba54fcd2b74434c1a7126abe6d04df1c150569b98fc8633ba67d2e9a09fecfd05c91cf71c641c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\107146dd-7005-4621-8ef7-6b1e89052cbf.tmp
| MD5 | a9bfe93031c4eedd39a4aa320533fe99 |
| SHA1 | 6000368d34405ea45e459a564955b3d114aa8dca |
| SHA256 | de45da6f828f17fa4b7807e7793838e847218c7a0a120e13c531b8a55f804469 |
| SHA512 | b148df0d5ea7c171ada69e103bd5cff5be4cd0c85e1165993849b30548f29e18119653deb0009a0120a138e2791c1d06e37a74f9e1b4d231e6f8bde773b10efa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4f5b6b790465ff4b3621e2ae6c284864 |
| SHA1 | 5e925b9bdaabc03cb9479e11fb9c3c7848d97528 |
| SHA256 | 4090abe97b977060085b552f352cb30b10692a57db8ff0c640b361088cc8363e |
| SHA512 | 871cfd0b269f037d104ffd53557596767899d4ad7a278c8a43f0e6464dba14e49384df7391d5258afa36bd82bcb6a0d9c9afe5bccede8dcb7bdb77d136c73edc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 81a27c3adca4b66b543a769c9f617a69 |
| SHA1 | bde9618e13ec17295dc9d4f945b02a49906be626 |
| SHA256 | efe0710f98cc57f240b99c1cceb365a1def9d8a9f55dfdb6ef9d86887b7cf366 |
| SHA512 | 5095067095a460e80411a7b3418fa60b489472637f2ebd9355ff4062f3e2f90eb7b22751f8033fff69fd99db5512a36b01ac1569f87d159e220c0f322f4cbc65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef42.TMP
| MD5 | d1a21bf32d5b7d56716c8f5fff333e3e |
| SHA1 | 8259221cc02f845df8d101d2e92415be38c09852 |
| SHA256 | 3daf73f1d60ce926cb3d9923d989deb2acf33cc8440e6f3955d282db39359642 |
| SHA512 | 3eb8036fbf8426b986d1e8a429f6635b27108aa65c5acc24243b57428d027be198c77ec03073458c2ed5977b9d70f44632a135961fb909c218533c8c6ca7274f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9d2e004dbe479ac46824edb801713bf0 |
| SHA1 | 462c459e80a470b265fe29b1a91b1e7d754ce42b |
| SHA256 | 404eba2e7b00d0efc5883a91aba1b4bb187c7e752cac7e312e53975d5c4754dc |
| SHA512 | f6a2298d10aee58214e061382510edcb49b730f26fed9d30991e8f552d5ae8eba4a03772fd9c27e5ec6a0808d67d23b39ce0e3763d50baae1db47573da0bcc10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e32fc172f5ca9b696ea3d19391a48cf1 |
| SHA1 | 256634884c754ac1598650a800cf9b406db5dea9 |
| SHA256 | 0987db2f8b7493c38262d517ac1f6c604b789d3325747b204815056ae8be2c1e |
| SHA512 | 9271206edcaa73c9021eeb9bb9802956dcdc6bb89f55929bebb45f7f6dffce2232ff8088fe6fb03fdcdbd265e1da2f85ca27ec0808e2f3c8c9fcdd14e1123c31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 267dd257bc9afa11e058af793b4eda61 |
| SHA1 | 0b3eb7f70977cbe89a9e68cf651c7793af5a905c |
| SHA256 | ba02d52e60b704bd383d6a4209700b95ea970256ea41f3f5d7745a32b833f4c0 |
| SHA512 | 9f4a6177621ee15c60afc7bf1bcab08eb67db8df5893af9b42005a5e5bd4512cf665d457359281cb399ec209d6d02c88573f83ee21f528e012a58f3fce4287c3 |
C:\Users\Admin\Downloads\Solara.zip
| MD5 | 2eb41b95f55cedda9d33f429c4b4d293 |
| SHA1 | 7faeb44c4c501a7cb801b0939058af4a4539705a |
| SHA256 | 85852663982c4048086d26e264b9ffc9fc73abea026cfb4c1be5721747f5e259 |
| SHA512 | 309b4d741086783ea4c2bf33e1586589faef97b584a674bda748acee347f604736ec078a9ec674ff6956516fb9ad18fa64bb8810aef450a22ac2aa79962c7ea7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 38b4dcbf56c7c895150a0519bc7454ed |
| SHA1 | 2fea11c866bfddf6758d75ca22819acac4670005 |
| SHA256 | 629795d41e5189f326049db414de935b06262b5fc63efae2a16037217d0bf2c8 |
| SHA512 | accc20fea215ea5529f0451b166df6496a6096b95e4ffc428117aa553de698aa64cff55844477e248195656ea6938b786be9b0a2ea65048f273814da21f17dd0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3ccfb6b4abe534f2e0313680618aeb6c |
| SHA1 | 24706ea087b3e8747ff54782b12b4931d1017c2b |
| SHA256 | 0c141cfb660371561e9aee45f5e145c12b958d63add230d31697823a83f4848d |
| SHA512 | b33faba9c1352e42955918ec40bef0f44cf30baaa57d3b8e288cf2e355606ed54e061634ab4636bb2bef6828028018b9b2700da3f5c1ebe037044540929e0bb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1468a8fcf0c609d1690239a4cabe9dfc |
| SHA1 | a4f0621b323d0e43d70a56dcc8e91bd8343744af |
| SHA256 | 5bfd0a63e4c0ff9ac1174383474d7edec1ee6d49256a40d50c27d5bdae5ecb3b |
| SHA512 | 08cb1eedd3e512db63c7c96cf2622f708ee5bb657b71098f4aa96b8198f0a359bbf2d14922118bacded142c4e460a18a7c82a3e91e7eae034441b5b022c07e77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 68568cb137fbcdea5e5c67663006f89c |
| SHA1 | b16d655258ecf89c9e00a75d9d1586260881ee02 |
| SHA256 | 953406a13b783deb2e463924f0d4f2383b5fc69882008ff7e91056dec0469519 |
| SHA512 | c638806a00aa801b0b7499f5ea84eeac61c515bc3da624038c06cabd13f46bb13f0f152b3d9404d65b1a5f6f3cd4a695d7d5f8386dc733fa40c215407b96871e |