rhadamanthys | hxxps://github[.]com/Gary412/Solara-Executor?tab=readme-ov-file

Analysis

max time kernel
47s
max time network
38s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
25/03/2025, 23:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Gary412/Solara-Executor?tab=readme-ov-file

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

https://135.181.4.162:2423/97e9fc994198e76/5vasbsn8.w2nxs

Signatures

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys
Rhadamanthys family
rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 4804 created 2756	4804	RegAsm.exe	52

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
38	camo.githubusercontent.com
39	camo.githubusercontent.com
46	camo.githubusercontent.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3348 set thread context of 4804	3348	Solara.exe	115

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 3 IoCs

pid	pid_target	Process	procid_target
4524	3348	WerFault.exe	112
5660	4804	WerFault.exe	115
5544	4804	WerFault.exe	115

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Solara.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openwith.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874185495947291"	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2123103809-19148277-2527443841-1000\{0634F97B-BDA5-4731-83F1-97346441B2E6}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2123103809-19148277-2527443841-1000\{C7C0BC72-A032-4693-BC39-0479310B79DE}	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4804	RegAsm.exe
4804	RegAsm.exe
4888	openwith.exe
4888	openwith.exe
4888	openwith.exe
4888	openwith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3332 wrote to memory of 2124	3332	msedge.exe	85
PID 3332 wrote to memory of 2124	3332	msedge.exe	85
PID 3332 wrote to memory of 876	3332	msedge.exe	87
PID 3332 wrote to memory of 876	3332	msedge.exe	87
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 2232	3332	msedge.exe	88
PID 3332 wrote to memory of 4940	3332	msedge.exe	89
PID 3332 wrote to memory of 4940	3332	msedge.exe	89
PID 3332 wrote to memory of 4940	3332	msedge.exe	89
PID 3332 wrote to memory of 4940	3332	msedge.exe	89
PID 3332 wrote to memory of 4940	3332	msedge.exe	89
PID 3332 wrote to memory of 4940	3332	msedge.exe	89
PID 3332 wrote to memory of 4940	3332	msedge.exe	89
PID 3332 wrote to memory of 4940	3332	msedge.exe	89
PID 3332 wrote to memory of 4940	3332	msedge.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2756
- C:\Windows\SysWOW64\openwith.exe
  "C:\Windows\system32\openwith.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Gary412/Solara-Executor?tab=readme-ov-file
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x28c,0x7ffcdda1f208,0x7ffcdda1f214,0x7ffcdda1f220
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1804,i,1344463108102789753,11318218601425649740,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2260,i,1344463108102789753,11318218601425649740,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2644,i,1344463108102789753,11318218601425649740,262144 --variations-seed-version --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3424,i,1344463108102789753,11318218601425649740,262144 --variations-seed-version --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3432,i,1344463108102789753,11318218601425649740,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4808,i,1344463108102789753,11318218601425649740,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4836,i,1344463108102789753,11318218601425649740,262144 --variations-seed-version --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5584,i,1344463108102789753,11318218601425649740,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5636,i,1344463108102789753,11318218601425649740,262144 --variations-seed-version --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5636,i,1344463108102789753,11318218601425649740,262144 --variations-seed-version --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6156,i,1344463108102789753,11318218601425649740,262144 --variations-seed-version --mojo-platform-channel-handle=6312 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6288,i,1344463108102789753,11318218601425649740,262144 --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6152,i,1344463108102789753,11318218601425649740,262144 --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=604,i,1344463108102789753,11318218601425649740,262144 --variations-seed-version --mojo-platform-channel-handle=136 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5720,i,1344463108102789753,11318218601425649740,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4804,i,1344463108102789753,11318218601425649740,262144 --variations-seed-version --mojo-platform-channel-handle=6904 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6876,i,1344463108102789753,11318218601425649740,262144 --variations-seed-version --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Windows directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:6028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x288,0x7ffcdda1f208,0x7ffcdda1f214,0x7ffcdda1f220
    3⤵
    PID:4944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1860,i,8550759514757311372,8631412447979653040,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:3
    3⤵
    PID:4336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2208,i,8550759514757311372,8631412447979653040,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:2
    3⤵
    PID:5656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2564,i,8550759514757311372,8631412447979653040,262144 --variations-seed-version --mojo-platform-channel-handle=2712 /prefetch:8
    3⤵
    PID:3652
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=3992,i,8550759514757311372,8631412447979653040,262144 --variations-seed-version --mojo-platform-channel-handle=4012 /prefetch:8
    3⤵
    PID:3016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --string-annotations --always-read-main-dll --field-trial-handle=4092,i,8550759514757311372,8631412447979653040,262144 --variations-seed-version --mojo-platform-channel-handle=3680 /prefetch:8
    3⤵
    PID:392
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=3992,i,8550759514757311372,8631412447979653040,262144 --variations-seed-version --mojo-platform-channel-handle=4012 /prefetch:8
    3⤵
    PID:5332

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2428

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:736

C:\Users\Admin\AppData\Local\Temp\c7ec6a45-6903-4afd-9841-80205558dd52_Solara.zip.d52\Solara\Solara.exe
"C:\Users\Admin\AppData\Local\Temp\c7ec6a45-6903-4afd-9841-80205558dd52_Solara.zip.d52\Solara\Solara.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3348
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4804
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 608
    3⤵
    - Program crash
    PID:5660
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 604
    3⤵
    - Program crash
    PID:5544
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 892
  2⤵
  - Program crash
  PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3348 -ip 3348
1⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 232 -p 4804 -ip 4804
1⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4804 -ip 4804
1⤵
PID:3744

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7da492a02c29529dc0ca538b502e3379

SHA1
cee6a1b81936f6a20f1c9c4f35c29394338ff54b

SHA256
553164a83cb91c4905a86373c61bd899bc1007e7719791878bb95290f1f27f36

SHA512
3a1aaff3da507ce35c4e06ff9fd2516c65780849b24fab33417da2e799e20bda3594e5f2f32b1326dd1d3da560c76dbff1f626c147e99c7a990fe09ab0a2e89c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
70c0e0685f14ec9dca50780a89bd788d

SHA1
d46310011b5d450734fcadd9ad6ec07db7980ed3

SHA256
937f6269c05e96a4079e42f5911ce41bc8824323855853150cbd57497dbe81bd

SHA512
0b28f51419555ecd1e1959531059c0fc933d4988e1099ed4867045ab2e39826193e6787ed93ae89baad88c321d1931f7b728c6e8ca21c61c525fe3a1abf159a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
30d5fc67098f5cd15c7d45df9d03cc82

SHA1
ee264673238b64f21dc644e185958ea5af9b44a1

SHA256
f58efbba4ca8c6a87084561323157d991e8c8de386cec28db21b70c0ed698793

SHA512
d98bac085654add31d739674af3d5952e819ad7db9361043e397b4b084f5484b04efc4bfc3f6c75187aafd03e5dcf6d6fb46c5184679eacd16accffb7a4cf9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
5ccbfe7574572e8cfda0b0564c876509

SHA1
08179ed421c96ceeb3565cefb3b37d0897a95b0d

SHA256
02a170135cc79768e1ef81e8918b27a9796ddf429f33d8eb16cef47828cbdc2a

SHA512
684757b50e437dbc1d032e1f4a5f7f1474d0741149697a988c4622f034fcfba2b140c3c8a99c4944d9ee57135170e3e144d00977159736f947580b28e53a1dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
27eeaa6dbc7d28d8f55ae2514cb9ff63

SHA1
1f0fcc9aff1f7f2671ebe0e8be0fa0c191682b2c

SHA256
c6474f9eeea940492f8e1fa42c982848f9c06ac3d1667b030a6c05f32d5ba0ff

SHA512
c0ed8f621309c93653bf79f8e540138f82dcccb3c496bded85e9f9199dd5034f91b7dd1cf24b2ca57c33655b714e75a8f6f70649851ee52d6ffa49f361429a85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
a53c1e4f91aa79c119bee055912364db

SHA1
65238923d1b096fcc68c1c9e4c9da3ec33a4473f

SHA256
45f5729e0f2c9174993e946661c60144c8c61a68bd0f80998d7153e2b08b199a

SHA512
f29a70b8b2e453279489b2b734deaaa72357df65d3901fd1446bb8ad8c6dda0fa46677e577ddaed720450f8979beae2aa22e0cc4c43a8d75186db8174dba3f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
f6b14246dcd6f3e4cf2d95200d4a0f74

SHA1
54e0f4922bc3cfacf0284186a5fac1bde9042b5a

SHA256
f96d935b6225c68e9ae2b9a12ac5b2ca28f0b03de151b42c3d3a6f73cdb26a69

SHA512
29eb540cb34d65049eff548fe89d1e390bedc7bdf094f1f576e770578ac3279e88b21b3e4a83a19971ebe49914b655b7698c13276c0e505a1f6d705931dce15c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000063

Filesize
51KB

MD5
0aafa5aedad2c5fe8bf6921245c4e6cb

SHA1
26696c1315ff56c51e4560c33755982d2793b58e

SHA256
7ace680b99db86017167ddab8d7599387ac86ccefab856a125edda69a5213e69

SHA512
75407983d8a73accd2a5942a3badc50ba2c57e4b197f56b12b57db7b9171ba29289fc0d01bc43b4dd78216ba6cb9784fa110fc3d53b6b13f313065e042e6dfdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000064

Filesize
21KB

MD5
eb5f2f8b27b3794eb0b9d7302f3ed208

SHA1
ceb14ae185daed71ebd356c06f067ee90ca75a3a

SHA256
16a56eb5759e2174470278fec544af28e58f93a2e895141c140eef9409efeb60

SHA512
4c1441f9bc16c6c03df5c727c75e238d41aa24127904f86d18eb755564765eed86674de1d6d19406c2f9085454bbaa26c9b65f31973a364906878a9fa4688eb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065

Filesize
37KB

MD5
bfda78672fa2098a6c4266a33e799f69

SHA1
7a51f4a9980e6f9d5a484d12fa3e35baddc753e9

SHA256
bdfc29cd8b54192ada7194936da17428629bb5925e31a2846682571bebe402b6

SHA512
7d01483a7da3941afcd7b1566c868018ac80927209269e98a6dab0078c1a14c0a380402efdd5b257e0a37ca6b45f68817dc774cbb32b5e7ba5f3cdefc2bc72d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000066

Filesize
21KB

MD5
cfde5ccd531fb5af3c5dc037411ded88

SHA1
c21cfb1fe74fdee797b87bd38e39b972a6a2df5d

SHA256
aaf59bc42b50495949cbeea535b086ac971159d6c96ccd9425b9752ba4f5f225

SHA512
8e737a1eb43c6f92875d13a0d76a47a2d3e191e42713cc51b4996697aca3244fe8412a7b00c591b098ee46d3f243d377800525c3b97f332563192ea5531b79da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067

Filesize
38KB

MD5
b8103746b4757c6332fe545f11de8f70

SHA1
588965d6333eb015af39c7f44ce71dfac67fb0f7

SHA256
4177d563a186175d3a67091c399db6c57fc271e202406e244d4bc8ad95b1aebd

SHA512
c83bd52d674d90752dfffeb76971a4f9684054d6f02cfdbe8f336758ac46d8b430f306cc64be00112b8c38d191afd1b8395d58600b12cefcb6a052ab70214ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068

Filesize
27KB

MD5
482e69a70bd0db3690f0422498dbfe51

SHA1
03d8c267e5f48ccc5f4e781e82c7e443e354794e

SHA256
e24cd258636323a750f60e58600f3cfda0f90cea73d9fd79294b5748b7d2ef6f

SHA512
862300384a8d6218654f7c231e9627b3ec3744817bcf4267008cad979d17f413ff06f5e7c84c822683c4a36676e92aa85bbb9d6216ae3f8187a5e2c710938de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069

Filesize
16KB

MD5
db2656b672846f689c00438d029d58b6

SHA1
43b8d5085f31085a3a1e0c9d703861831dd507ce

SHA256
aa3f28db9caadce78e49e2aeb52fda016b254ed89b924cdb2d87c6d86c1be763

SHA512
4c57c347b10ea6b2ca1beb908afc122f304e50bd44a404f13c3082ba855796baef1a5eb69276d8744c1728578fa8b651815d7981fcec14a3c41c3ca58d2b24ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006a

Filesize
18KB

MD5
89ee4d8818e8a732f16be7086b4bf894

SHA1
2cc00669ddc0f4e33c95a926089cea5c1f7b9371

SHA256
f6a0dfa58a63ca96a9c7e2e1244fcff6aea5d14348596d6b42cd750030481b82

SHA512
89cc7dfae78985f32e9c82521b46e6a66c22258ebe70063d05f5eb25f941b2fd52df6e1938b20fe6c2e166faa2306526fdf74b398b35483f87b556a052b34c5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006b

Filesize
16KB

MD5
dde035d148d344c412bd7ba8016cf9c6

SHA1
fb923138d1cde1f7876d03ca9d30d1accbcf6f34

SHA256
bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9

SHA512
87843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
60KB

MD5
65f600946dba43f86ffe8feab1e002bb

SHA1
80d0cfac13edd30144748be2b75102c8b102fd06

SHA256
9a67a73ccb3869bcac620962d6864982570b9681cd7b7bc6acaea5c6dd19c0bd

SHA512
4b93895237d33ab021bd480c71a0086ed416dbe24e3c4437fee13ae92a00c34491219537d888cbe49a36b151abb84055ad98409b0a6f63ca12ad73aca11b3d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
23KB

MD5
0affde0f1789795c7af2f9f724b61335

SHA1
e36811ee5604ba8c15a2fa959e07452a54e557bd

SHA256
6f569ad90973d9009ea2cc5b4feea2b43886d5f0471208d2a161c6591f1f3abe

SHA512
a634b7e932db89d732462562080ea5bb584158297cca475027dcfb2a3196797b27662f1252aec3788d6b6d63662c27b1221e55afc8834900cd22a65cc6e5cef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
45KB

MD5
2bd497fa8f11cfd8b0600f9fa97519d3

SHA1
869cb839a20e7ca816b95cc5f25424a391d02f5e

SHA256
c1a8e51c70fcb786a6f99703d62b1fa9fe9f3c9eeeda0fe881044ba7383f5a62

SHA512
06978b2ed2bdd5e33854220ca3142cc3cda81e4003382bc25a24f62f18be3fbd9f4c281dc249910c60ddef30d1034cf74ad1f16303d09e22f9388ecffe78f142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
55KB

MD5
92e42e747b8ca4fc0482f2d337598e72

SHA1
671d883f0ea3ead2f8951dc915dacea6ec7b7feb

SHA256
18f8f1914e86317d047fd704432fa4d293c2e93aec821d54efdd9a0d8b639733

SHA512
d544fbc039213b3aa6ed40072ce7ccd6e84701dca7a5d0b74dc5a6bfb847063996dfea1915a089f2188f3f68b35b75d83d77856fa3a3b56b7fc661fc49126627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
88KB

MD5
2dfda5e914fd68531522fb7f4a9332a6

SHA1
48a850d0e9a3822a980155595e5aa548246d0776

SHA256
6abad504ab74e0a9a7a6f5b17cadc7dea2188570466793833310807fd052b09c

SHA512
d41b94218215cec61120cc474d3bc99f9473ab716aadf9cdcbcabf16e742a3e2683dc64023ba4fd8d0ff06a221147b6014f35e0be421231dffb1cc64ac1755e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

Filesize
110KB

MD5
212fb70cc1811eed57c5aaf5bc070dcf

SHA1
94ec17177f218c87d58828020705ba19a054b364

SHA256
f570fc5a000981d30666094c0820795186217dc40768d082e38b47c556fb4b4e

SHA512
69b4257439e14d4fa0ce55c70deb8f21e5ffd259f149b3a31c7feb284d7e28305cca0fd54faca0b5bea451abc6c0fb6c1a1b9471ef8cfc267605781d9745c0eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
16KB

MD5
dc491f2e34e1eb5974c0781d49b8cbaf

SHA1
b73ca9b5f9c627d49da4ecbc3455192e4b305a3f

SHA256
f956049f0d96d455a71003eba400cb94f7067bc52620cd05b81006ecfdd438d8

SHA512
5c9bd0d5c93a05ca76eb727328a0fde40f2be7fe53b6b6c9eb260e8f20f92cfc831fd4b46f954d85baf151ae8aba1cdd6f76b0faf96217922cad844c905f3645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
5.9MB

MD5
105e4b54f5a516739e81c9814694b43b

SHA1
88ea591beca7560ea8cc1b445948550ad1d4c734

SHA256
06b2c49ca2ea716b92abfa3a2a908d5fdb3b5e9b1ef1a9d8a23aa17fe3911f59

SHA512
b59674b2a4dd1224087cf3f7baf93329d641537bda108a469ca310b24463806142e15ed8fc2a3cfe3062c44a8bec6fb30af1b2c77b6bb976cc2f6bf5d3e1cea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
aa2a56b3e8187a8ec7004d7873f32eac

SHA1
619d2a746e78a0e44bab0381397b8b25f59072ad

SHA256
45ce1396b94e8a74d53ea76c7c63a8262b7c0e907b7539be2bfde6737fe1777d

SHA512
69b7514fccf35f4c257632a621045e57700934ca6dfbd7ef535ca2759a3f83b0fea29c76057b452007b0bc7f0d377c429a23a2f94df91b3de4c2eef38c525f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe580700.TMP

Filesize
3KB

MD5
9569d1aa0b48ec29a0cdd395e24d33dd

SHA1
764069dcbe099a64e22d45cdf1bc6ff8250ac690

SHA256
4a59149f6de7efe87b864570b5eef6864e53f701cd4ed14fa92bc138b558aeb5

SHA512
85a1dcdb5f6a2ba8faeef0f91685bc39cb84b00e57c398b1c9851912e3f4dc4a94dd78210baa861f6908786fb5deac2851a56f12f53907ae7daec603e0d0bdb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
883b07aed6f8683bd0be43e415d00c0f

SHA1
92a18cdba8187c808ece2596e58e8e47b0962a62

SHA256
e791a84def72302c862db0566bf777f969f22d17a322eaa9b60e04236bb47eb1

SHA512
479145e40f12032e1559eda123262028521be52c3c877442271aa2258914ed5270c0cecab92f3d4d2a15637db9ae34314683e78c080a1c30da0555e86b15597e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
a8dde817422aecc88714b49188e7d3b0

SHA1
3e658fc1c76147ebebd0e6c64bef5ece8988194b

SHA256
0f1fe2abb3c423e80902c52e53d57722f2a0a0a22117bf9b6c47d76c1e08ef3b

SHA512
5be1f9293c8e927112136d9a411a3190dd3d57cbec6c4ed332ec508a133efd33bee89f08790c9720cc583af86355383db60dc51e4c2f7a79620530840e0278f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
a2607119e890c3b2758c5c85bdafca56

SHA1
440bf1e6da966182990dc7c49e67578701e65aaa

SHA256
7a7b793d086933de8c5af29496fe782f9a94b1b0e777f918af8eea6437548b26

SHA512
5c3f20e111a26115dd71dba1916dfecba5eebf78fc859ef309b5d5f1759525cdc11a43cba8dcdbacc631f9b1ecad2b14f202c4e7799e7cf56fbd305f54eee333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
a3e610d76514036a5f2f482128ccfbdf

SHA1
49ab5d82c0adaee3387b59bedf0e993aa2fd9a93

SHA256
6f57d3a8bbcedaf627b4145bc48623a5212989be8c30ecf2ecd49ddf89497145

SHA512
8bfbfb990b365a261ee9452d473346a7fc68aa583851ed9065f9c1853a0284413986315a52d5d5fe77fc19c4bff9a330e30b0119ab50446bd1cb6fef3e823095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
20KB

MD5
15f9543ce69fb4bddf60c248c80d91b5

SHA1
c0177dd651e9621f79b10b7bc35b2c11f1935a56

SHA256
42f70fe424b6a67cb6d9838c9758091d13cec0fbc758f0360ca95efd03e2a29a

SHA512
f74d07c4ed0af18bf89570a4bcb2c7d5de8bb43dbfdfebfcac821db28990d7988b88ffefb33bdfaeb3eece76b45961fcd60d8c4bb840aa0112f9910a9e7b0eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b4b78269eedc845616d67e939aae93e9

SHA1
19af9b424f0659f2da20d678bb971de7be145be7

SHA256
99ac54842df38cfb7e4397cbc698805cc68c40010d1476c4748e6824b0d54274

SHA512
0391742562129616fde3c054d9761c59dd6f52ee4639ec1a61cf3d2967b3abc3c5692aeeed6b6fa00ddc0b7666b60429ea7783e2f6f60c208272f021e48413a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
38f2d7136e986de16bea7a6e137d13b2

SHA1
d97411328ffa6540c6737ab49aff10ba8e7fdb2d

SHA256
55c780c5efaf5bb949f2dd7c224bbef3ecd4f8fa1773e231028b69407fb79c46

SHA512
bc672d92b409d50d62f5a0fb3f9268fd614be07b32406af444ae1b7728703d7b79cd5bd6b7b152a453dd6154796f094057c4a1531899dbe99154ec9c4fc6eb7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
bb2c2c405c307c940154ecbdb4085d40

SHA1
3fe16020773b5eb2f58bd85e5fd7106861559f5e

SHA256
c3948bb6b50b96470a6b213aa740ef491d61a2037685b30bb3fa2328384d934f

SHA512
2f12c86aa0a52083af780f2a38b0954c62c9e7adc349c2101a13e216aa7dc69b6bb1ceb6ca399457c163e707019ae8f9b0d63de6fc9a4c260ad20a553dfff514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
ca5db89f87963c28b93e577eb822d09f

SHA1
b8ad3488f108f62a655d31e8d2afc60e39d89134

SHA256
443158dcf7d85c7041c406ed2b52d821c06fe0f670479fda3278cb817030a500

SHA512
aecfcaade10da3859d8457dc39829c3fc3ed05b5b13bf50be3498e1c1a91b043dbd5f4f90ea3f48ee1cb6a128dcd3b9fe4a0eeb6971d1c27c80a16c38c91f5a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
1be4a9476e09f8b9a15910ce1c4a4c94

SHA1
e82e9b74fc11617362886c9ff4ab2a62834efe32

SHA256
b665f36ef9bd58ec2e01ae37dcaaf2699cf8b13457853444144edac398559540

SHA512
1b58493da6c8cb72c1269b39c01fd23b6f954ebf97171625d3c62bc00fb0e8d682b33b2b12c6e54c9881c6f79ae36063ef31dcc3c61f69dcf37493c972165a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
a56151cfb427e5056ed25f17c0232425

SHA1
3cad0126d6db1a320c57bcc052ad047ffe419dba

SHA256
4480e938ace27e093e30417a7ddaf550eba39117598a44e07f8ce3e7318b26ab

SHA512
4ae69cd2c2e414a4f94682423734643af20859c3ff5f111c2397eb7dedd361ccc41aab935086983d5826afb30347f115eaacbcac2730f97b8ff7e1cd499f321e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
bf5e6dee93a2cf9d0da81993667b9f2c

SHA1
b146659dd6be44e72df4d38f15ea0d9668b4d871

SHA256
1485c6e19276807c816fd0a386b18898da32fbb214209a039f00eca41e784484

SHA512
4b0ecd03a1db9a63052d389f9cc89c648fc196372d7f5c90af6be8674be33eabf72fe6c610af1339cbc9a93f8b057eb165b2fc7911c2fa41a81f9cffd08778cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
fa3d7b443c3bac2b536ecae5c27e8baf

SHA1
fa6d4d8e4c3a2a7f5e67f016f598451fe531f543

SHA256
4b94b877a9ffdfa209908e074253409525abae089469e67da98c639655f44020

SHA512
9a9d019237d5ff5cbfe0b618f1284b9ac59a00a30aa004baf3ef1102ed7dbdc38db342a907244803fd2000dca513952c43a33ee660f23e0d774175b196c58ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
f5c2512e717ff9feffb22cbb66f13fed

SHA1
36113782a55d7f74de8551e4ef87f91d1a9b81a5

SHA256
9a360deb089fe58b66954f29bbe5eb57a39f3e3597f7874d70700c5a3396217e

SHA512
9a8cb2503c8c1b58c5411513dd6da6be7706202583aa89c9639f321b20c0554a58a026938a33d85048ca65f701bfdc74ef55cfdd779aed4d363e986746de23ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
932b4e9195311ba6ddf09655877bcb93

SHA1
a25a215090da280f6cd9726b29111890472d7033

SHA256
dfda473556155ffa51eb22ea87c8a93e27b17a9e47a7fc6a4806580a17050abe

SHA512
613f91fc5285a5c3aeab2df7aae35b079f69130d9e9ffb52a66c2620a509d5868d91a38036c3d8b99407e324439acd9531f8831ebddedb6c409c4e5647b2fe12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
989ab826df5f5e02b7f0f0e4bb3d243d

SHA1
ff02ddd468aa2d33729440b01295bde778e77fea

SHA256
0570f92da1eada5f3950986f59d1902b0267602201544243cd51d79d26698a35

SHA512
16f91981041bdcfd269791cb83fd264ad8c9283cb20c1b6e7ace1d8c540352333b0f491e3d3b68785154c655c6f469c3276a68fb6669faa759fcd7c03d8fb2ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
14KB

MD5
d05d19efa9d618b2f79c0cfc1bdbc523

SHA1
f1ec0e4772a49252a3c6d187200f017b60a21678

SHA256
2b0848bda7363ff0254595a7bbe1fe2a3103d28fbffac31fa939d36cfd9ce3bf

SHA512
b8384df85ca690616f68999f8d4667c6219603bd91c3796ddeb7e17bd4b1fca73195cf9fac5a51ae9c535624a189c2005bb3371018dd4db3ad7b109209562acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
9fb63329f6aaed0e54313a5d636dcdec

SHA1
b817169254738237af16a51b5c1414873effde39

SHA256
9d24df077b228f6771bcabe0404659d5b5a733ba547618bfb8b780b6a3a87df5

SHA512
f5c8b92f3d72e9781397f50fbb53185101f2a33d58b566aa55d204368e491a97b8400f83768cfbbe3c2051c8db443df57bba07aa4433b98e02fd01c845a6491a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
9eb360d1a281e0ecf7bd9a76ca4105e3

SHA1
e52aa1b145a074717845ec33c11bacad9ac53b5d

SHA256
420a7f48412ee7763e470405c4a40d6185ca014c2e334fb701698547c85869d6

SHA512
d4e6b2825f3e66b2186e017fe354526234f9e4755e0b12be155119c031720df092c1c454987115b2ef1748e0987646bb95d27c083c3ef2d175679660cbe7c65e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
a667bf689c55ba516f6f871a90123758

SHA1
c314be157f70b4bb250a6a2a55fdc74410244097

SHA256
6fe9e985b7dc12b19804ef95b69164f89ccb7f65ac97a8854f3a58fa44d7ebff

SHA512
28f79ad519f71a0a1cc76ca1284c2b069970b715f271c0885694610b8468a5c11a511dd0edaf8ed3b0b1e0c54b04c00388b2fd24b7d94b5b15c4c34d38f3ae45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
e6bbf693e32a37429023aeca4f1ba228

SHA1
124b8421aedec56f706e87a8c3b430fbe1c2090b

SHA256
1e334b2a3bad45686839e2f687630709f41a39475ef498c70fd4f74ec8236af8

SHA512
5b378294381f21831ba67a508c1f572878e14c43183f12e612f04e78a50b957a1455d6e8505bdde2ff0416b7a3efea226f529536f347c1d2f0dd35bbd179c9b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
f79117a69b1f403f30eebfd51bf0a3d0

SHA1
110b4ad48c7d4bdbcaf39ec7c515162f40efe165

SHA256
43f23ec7267ad5d5d2ade7f36f91b2a02df5e02d4cecb98d01acbadef4825a37

SHA512
49024d194eb573a2a80341d64ebff87cb2d3d397f1b5381e4d6067203836b783118daf49ba417fb644d058a1bcdc7050459ee172b80d8527609ef605639484d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
9af4d59cf9ad564b83946c170ed6a34e

SHA1
93de6b944b757cd0e0fb755180ca6814fb817b64

SHA256
b22cf001f11a6b8f7c533b1b3fca48a43b81675b46108594558b92f4677499ca

SHA512
dd6330799fc199abb95d94ca874847f3eb5625e38bb51661806fe2535d390ef84c8981c0df024034c6211e21678340658ae639c35c0a9809cd3fed91722ec46f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
2548269649430a411a820d0c3e165bc9

SHA1
c05a24c70309aa3874a7d91268ef8e63d50b3a0b

SHA256
8a81a8b1c65a0d2c81265e732dd54aaf2874e459002134357ef465e41c6ca5b0

SHA512
529ce6068fd2a3f23febb6e33c89b6e92987f2e67e7d3ca69d4f220105ece42446f2590efc1c52d0629fb3ca0e3f89884270e32e1947e6dbc568d2dea3fd554a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
9598956ef20dba69bcf92aafcadc9b6f

SHA1
79b4dd3a8af391eccc90ed33135b040bd6f34c0b

SHA256
a17e97d202879d9e56c55e4bf3d77c433509c86b8877c182ab6e057a081c7848

SHA512
33bd0f123f02b05886e498b1b4887249d2e88ff5f0530998c3a05fd71ffe0407acfc1415588831cf791c53e3458caa6bf100bec8661a438c454c8aee7f2aa9d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
c37552fc0f0b89df89e5e10a38cfed7f

SHA1
85491f2c104e0f89e8dbbed646b9c3bea51777f7

SHA256
e1ff3fd3b9fd092c62d38880ec08904467e3e39ccb4f54ba4d3bbaecdd79444b

SHA512
807ae34663c589c9c2d7e51270c1b1822e19c49872088d220534c3194a5c847f8e95f5207e13edab9445fcf1e4c180df91dad84d46e64bbec56bcee060a03f13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
2ad7dd5d9107d921184d12e560dcda58

SHA1
0bc3f3eb5757e4db554c39412e623c5ea1f8c66f

SHA256
3deeba65c7d0452c4fd30821f72caa606010c9fb1366d7769055aefa7e29917f

SHA512
fa79d1ec04b0a3432bb8c2c34361b1ff4d94e18f9e915645038c2ac67902836029277793eb7da70fd728d5e3ded584120c74569e50ee33f3bd53fa0966bbc38e

Download Submit
C:\Users\Admin\Downloads\Solara.zip

Filesize
11.4MB

MD5
adff3f7c8018a552d0cf6aff800645a0

SHA1
75f1ed2a77b82e5cf7c6c2dcbdd2ba91ed53c033

SHA256
4680dd690a6eff6f60d9a8332d4586a26527368b9de1b06d6aa609639e958a67

SHA512
47da5e28aed79c670295f1092cb6fa97e46dfe771622177625b7f877346c7c87c480094187c8b02917f7853ec476d55069371fa5d23923eb5a83508bda2fd159

Download Submit
memory/3348-469-0x0000000000590000-0x0000000000602000-memory.dmp

Filesize
456KB

Download
memory/4804-479-0x0000000075C60000-0x0000000075E9A000-memory.dmp

Filesize
2.2MB

Download
memory/4804-472-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/4804-474-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/4804-471-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/4804-475-0x0000000003C80000-0x0000000004080000-memory.dmp

Filesize
4.0MB

Download
memory/4804-476-0x0000000003C80000-0x0000000004080000-memory.dmp

Filesize
4.0MB

Download
memory/4804-477-0x00007FFCFB8F0000-0x00007FFCFBAE8000-memory.dmp

Filesize
2.0MB

Download
memory/4888-480-0x00000000003D0000-0x00000000003D9000-memory.dmp

Filesize
36KB

Download
memory/4888-482-0x0000000002100000-0x0000000002500000-memory.dmp

Filesize
4.0MB

Download
memory/4888-483-0x00007FFCFB8F0000-0x00007FFCFBAE8000-memory.dmp

Filesize
2.0MB

Download
memory/4888-485-0x0000000075C60000-0x0000000075E9A000-memory.dmp

Filesize
2.2MB

Download