fee765827631c513a0afe7577d84b66839ecce32353c176c32b39cdf6ef3924e

Resubmissions

30/04/2024, 13:34

240430-qvjbpahg43 7

30/04/2024, 13:28

240430-qqm43shf69 7

Analysis

max time kernel
134s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 13:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SolaraBETA.rar
Size

17.2MB
MD5

f7cc114170a1efc219a54cd4832e77b3
SHA1

97fd16f8b6e2c58aadebfb24e1b7e4a52f7163db
SHA256

fee765827631c513a0afe7577d84b66839ecce32353c176c32b39cdf6ef3924e
SHA512

ef47912bf9f395cf3957eb3a69ceb62684888bc321c1b5133dc677a056cdf5490b50b3ef06d5fdc3c801314da548c5813bb16c50cb7dece828aecac906cea6cd
SSDEEP

393216:2+CaBlJkH8D58WBfiIDR9g+2mfGKhNz9npr+6tXb:vy4NlT2mbvxpK6tr

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
4448	Solara.exe
2808	Solara.exe
5868	Solara.exe

Loads dropped DLL 16 IoCs

pid	Process
4448	Solara.exe
4448	Solara.exe
2808	Solara.exe
2808	Solara.exe
2808	Solara.exe
2808	Solara.exe
2808	Solara.exe
2808	Solara.exe
2808	Solara.exe
5868	Solara.exe
5868	Solara.exe
5868	Solara.exe
5868	Solara.exe
5868	Solara.exe
5868	Solara.exe
5868	Solara.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	RobloxPlayerBeta.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 40 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\GroupView = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\0\NodeSlot = "4"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\GroupByDirection = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3 = 14001f706806ee260aa0d7449371beb064c986830000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\LogicalViewMode = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0 = 0c0001008421de39080000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\Rev = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\Mode = "4"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\FFlags = "18874433"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\GroupByKey:PID = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000020000000100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\FFlags = "18874449"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a00000040010000904f1e8459ff164d8947e81bbffab36d02000000c0000000904f1e8459ff164d8947e81bbffab36d0b0000005000000030f125b7ef471a10a5f102608c9eebac0c00000050000000537def0c64fad111a2030000f81fedee0800000080000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\0 = 1e007180000000000000000000006abe817b2bce7646a29eeb907a5126c50000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\IconSize = "16"	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5332	explorer.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1860	msedge.exe
1860	msedge.exe
1452	msedge.exe
1452	msedge.exe
5528	identity_helper.exe
5528	identity_helper.exe
2808	Solara.exe
2808	Solara.exe
5556	RobloxPlayerBeta.exe
5556	RobloxPlayerBeta.exe
5256	RobloxPlayerBeta.exe
5256	RobloxPlayerBeta.exe
4992	identity_helper.exe
4992	identity_helper.exe
5868	Solara.exe
5868	Solara.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3084	OpenWith.exe
5332	explorer.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	3088	7zG.exe
Token: 35	3088	7zG.exe
Token: SeSecurityPrivilege	3088	7zG.exe
Token: SeSecurityPrivilege	3088	7zG.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
3088	7zG.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
5332	explorer.exe
1452	msedge.exe
5256	RobloxPlayerBeta.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3084	OpenWith.exe
3160	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 716	1452	msedge.exe	108
PID 1452 wrote to memory of 716	1452	msedge.exe	108
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 984	1452	msedge.exe	109
PID 1452 wrote to memory of 1860	1452	msedge.exe	110
PID 1452 wrote to memory of 1860	1452	msedge.exe	110
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111
PID 1452 wrote to memory of 4176	1452	msedge.exe	111

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\SolaraBETA.rar
1⤵
- Modifies registry class
PID:216

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3084

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3328

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\SolaraBETA\" -spe -an -ai#7zMap14836:78:7zEvent26752
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3088

C:\Users\Admin\Desktop\SolaraBETA\Solara.exe
"C:\Users\Admin\Desktop\SolaraBETA\Solara.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4448

C:\Users\Admin\Desktop\SolaraBETA\Solara.exe
"C:\Users\Admin\Desktop\SolaraBETA\Solara.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc6f6646f8,0x7ffc6f664708,0x7ffc6f664718
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10503714674829195857,15102540260110511391,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10503714674829195857,15102540260110511391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,10503714674829195857,15102540260110511391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10503714674829195857,15102540260110511391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10503714674829195857,15102540260110511391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10503714674829195857,15102540260110511391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10503714674829195857,15102540260110511391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10503714674829195857,15102540260110511391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10503714674829195857,15102540260110511391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10503714674829195857,15102540260110511391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10503714674829195857,15102540260110511391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10503714674829195857,15102540260110511391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10503714674829195857,15102540260110511391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10503714674829195857,15102540260110511391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3372

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5272

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:5332

C:\Users\Admin\Desktop\SolaraBETA\Solara.exe
"C:\Users\Admin\Desktop\SolaraBETA\Solara.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5868

C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc6f6646f8,0x7ffc6f664708,0x7ffc6f664718
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe" --type=gpu-process --field-trial-handle=2116,12440599823966136753,17481766616282890951,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,12440599823966136753,17481766616282890951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,12440599823966136753,17481766616282890951,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe" --type=renderer --field-trial-handle=2116,12440599823966136753,17481766616282890951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe" --type=renderer --field-trial-handle=2116,12440599823966136753,17481766616282890951,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe" --type=renderer --field-trial-handle=2116,12440599823966136753,17481766616282890951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe" --type=renderer --field-trial-handle=2116,12440599823966136753,17481766616282890951,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12440599823966136753,17481766616282890951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4212 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12440599823966136753,17481766616282890951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe" --type=renderer --field-trial-handle=2116,12440599823966136753,17481766616282890951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\RobloxPlayerBeta.exe" --type=renderer --field-trial-handle=2116,12440599823966136753,17481766616282890951,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:2752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:456

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:5644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
PID:1556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6508937aed7f3414c5f977244f785192

SHA1
4be3c30dadf075173c05a0f0f63aeda896e3dd6f

SHA256
ec3cbd8a728e9578da6014427d3fad97a81a58dbd6695ce7eae9ca0683f22f88

SHA512
37eb7ec6c56ffed89913e0438d07609280677b76b4c27deca8aa1fd66acc7916b18d45b5e06c5b8ee7557821c5f2d921ac4f3e86ae8a1d6963030d5aebf0000f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\060f1486-5a50-4454-863d-0fc82904b14d.tmp

Filesize
6KB

MD5
87c071cf033c289d79228800a4775d43

SHA1
a48848858398ff76d3e34540c2c295e443dacd64

SHA256
5bf122035758cb20771f1bff065dd086a881de9e1feb592ac4618c3497428ce0

SHA512
9d9c88b9062a69c62aeb18e3756accccbd6a2d9e793093b2a502dbd191a535870d05a5fbb4e85b41e868d16410619e9497c7508a63e75d8c58fcd1759e1d690e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
6c505d0aa836af3d680a698e54a71332

SHA1
a6355374e025d901535b910ad811a7f6104ba2c4

SHA256
142eb3640fd909a5e7cdb65665bb4265a717271b61f50544e739b1ec88153661

SHA512
e89e015d5d82fc9aa1382ec98d1910f9dd6403818678b40b3834fa84a10fe713bc408b6a63cdfa90212a042e00218f2ce44ee01c1ab141a85e809cdd2b50827c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
156633eaa234c183f60082f1949c6ceb

SHA1
705c8cacef8054ad39c3c2965e353c111e7fb51e

SHA256
abe509cb90e73678f02bd6842f5fe95f8b2474d79132343cbfdb005f637728b7

SHA512
61ab421525e0d4bd373168c5bb103b1f730054ba58dc47e8f6bf2418c7c308abdced655e145e97ad5442cdf89198a84f1d8923c7d298c4f4e260878c8d3b469c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
259cd6729880b31a26b69fec97b2831c

SHA1
4b02986031474943cd14a343efb81ac855118c94

SHA256
54e4cfa6971dcfa4e6fd9c28ac148bfe315c2e5291f2712fbd53fb24311b9910

SHA512
b445cccdc6af18143a796e094ae7b23707d652a7273b56da35246b4f29a47b199dff2448e164a005ababeaba913b43b76f3cd632589a8855a57a09a87dcc4e1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd32a722d6ca3269ff5f1937e45b55c4

SHA1
9f61c1010fb30f28d782d262a48fc84474ebbd66

SHA256
d5b1496bc9b5f541b11ba084ef62c30ae3475aa6e4d08adfab4a2e144dc7cc98

SHA512
5ef111648f89ff803da4db7af7858d013dd45af903b02fc004e27d601bd3d1114be9c104c308c693b4cbbdc3dad870be0e7bf7ff15e2ea89cc5a0a35917c3c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6d56e40093d5546d3e854a592bb4289

SHA1
d3ac84e715348faf73afb371806c9e4e2f875ba5

SHA256
9f066c4eaa89459be347982b0fb5ef60c9585a0195e7a99603bd2ab1e2fc090f

SHA512
f0c136260ad824fc08797a89aa7e46b4b7b0b730e23a7ed3df67d447330fd3e5e75778e84018572050e52bd88d5d1cd14643799e6c4b1a71823996b3cfeb46bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ed956796ade0aa6b71b5ce296265b54

SHA1
98f5dd1061d37efdc4abd2054a042ecd385de12c

SHA256
598ea8df7aa26a0c441a93901a1a6e9e7fc8263a0bcd30aa2a4f394c2e5a6814

SHA512
88be226324eb89da32436e6f780d9b9e1df546f9e517f165ff1dd29a5b9e4ef62869fdc9bfe5e3916e2204d89fff1b4eec85ef0c195655824f6d88f91c3968ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db0e5688b4fbacabd63d55ac4e59aef1

SHA1
209d22726a1a90cef2c91465c3fcce9530c3ab6a

SHA256
0efe007dc07b9e5326578fdfff4b2178d5022badd4e5d702e94670aa7360b839

SHA512
3025b37d0a55375efd056d6b94cac5313a4c21de248ceb5eef4efe98fe8726b877f1de20f96e69ccd13fa16f1e28b5d9d09844cf6638627be7c54ddcba789f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
8f1a7df4ffa6dad84a184f7ab622dd55

SHA1
1beed4df03e66c824faa40bb4da1852df692ac55

SHA256
1506ef1b3f477d98f2ec460fdea7d89dc6a19fe535d3e6fc5ddaa401336ed29a

SHA512
650000a12946ae18ad3c7682ca1984b03ab1e2e06a09d40f4a7f94c621995f437f05ec222f0769fcadb447c12f9d054c350b70d1eddecd60d090fb554d851084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13358957368794579

Filesize
3KB

MD5
01582c928b79d5cc8ec5a5b38542884a

SHA1
83edb32df238e4c0036feb1500f50bafab4ba96c

SHA256
ee5f55be9454a35b5099512b4609312e6f934f559ed6dc6ee31f6eb781a4d18b

SHA512
7bfaba4108a5cbe701446d29a58d8ad7adfed563b3b34bf0d0bd79dd226f299b6627b04a0d9825b1ddf679288be3e55503454f3a7f6195b6eb6cddc94d93621b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
05a063304bbe757e18483a366a733e7a

SHA1
9248a8ac7e75829c8b90f83d87b9551e2f33f327

SHA256
3f23ae9d0079202357efeaa71cfceb554147a7b4f3e6f774e45f062fd0b74a67

SHA512
77bb1b8f690112ea7f29a88459ab4c458d47ce89617dfe87e418308eb2d05a1d61fae262d8e4c0794dd870598dac30fedfd7c3f25b0e337278cd29d1b513a5b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
47c80184179824c6258c76132de00a2b

SHA1
4bc67e3626e671017c9a6cd17418e7ce42fe5352

SHA256
f8495dd25adb390a006d86d09657d59dda12cdb67b4ca39a9a96ab47a21e76b6

SHA512
3ec7c649a3ee97651f42cc71e8f8870b04b815496eb4ab1c49c8e9e40930fccda89acfe5028223eef951a0dbc48f1e3a99e90ac2b15bc30e93cfa271c10424b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
d36698c629aa12fb658720973b3b5642

SHA1
ba8d2465d427e059d575c9610ddb030b7ded7385

SHA256
5aad67b4c135e353ae33a1498432ea9d09e7cde415242d902c9aa2effcbb1f37

SHA512
8d6e7f7bb9f901236d99b0f8f2c878d3a27cd9fd6e12f1a7d3c68eca662d13b839b7746917c134e643dec71ca782954b4ece32b9cff19c8308cee7aaf6e9d79a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
83acc801eef29010f592169e6f9676dc

SHA1
a5f4a56c8de19ad35e538bde2a0bdfb819189517

SHA256
2dbda801fbf2886fe685dd5dbb9c5525cab78da17532d2d3406c17c58f2fbec8

SHA512
ff5ddbea5c47a371526bca17171308db47b497ebcdfeb6f10967bd2663b3c1662b2f1f34d95db637fbc6ec60583071395c9a7fcecd4e9e53210008933350608f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
ef59030aa50bf85175d522d459ba6981

SHA1
3af809fdc507f51cb35b219256c999f8d3c12d33

SHA256
c1d5cf622ddcf689baac823b1e376ecdf48fdaed433ed4b1a539759cb3af9006

SHA512
48348ae15d640737c3f91d1f1dff220b41da8770c066ef00cde8799402767f1240db71b39801e63d2f3365c186c9b4f00925fa7cd028ffa3b4165da81b29b1ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
52bbe93949c5b12a3a1dacd915f4b34a

SHA1
6b737e57ce81c36e9d183c8b3b6f6239cb6ce7ad

SHA256
98a155aecce5d22cefb2732fb797c29def74d40d78d2f36523d3e9ec35c9b928

SHA512
22395d4c12d95dd91393ac3dfc28f72e26f22d4e988f3462507d56614f49c817f356d5a75bcf32c3512306b3224ae5b410e75f781817769a7321177ac2d28f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
ff788109468a3917e6e3d9c7fb83e710

SHA1
75a6da00b2bf6e961e6c7d95c82153b109be421c

SHA256
83baf10cb9b0a26440f5b4365ba03d321745eb7a502a7c371eaa8300ae8c59d3

SHA512
62a0e43bb5be410a77923da433d0905576f9d2271ba51255a28f03563cf6220da9b879cebc4d4a32da905464f78a2e6750a6825218c44ea95fd0f2a775426208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
8c7d0df18764332bb254d3be062f0456

SHA1
19c089c68d52f8f42881b03900ba3340d14ff694

SHA256
83da2ade0f31895032b2bf4e9a0e459976950cb296ba9098213d8e1e821b1329

SHA512
bea01095944ac9476e6022af1fa5dfbf6e6a25dfcaea68aba2dcf894922af0cdc4ba229ecd0519f23ca2cea6f97d50383d712e25e9633e6a03977c295699a6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
fe4ad66c093caf52d0b7c2a1c38f6424

SHA1
49ddc67b65b5f98e878ec5595d1ae0b585bc9406

SHA256
0d260c5a44de32df220ca972a45ac008c27829a648a48e0c33f2c8a48edf1789

SHA512
d91c489495bb33e5960686849839fb932b2bb60694f720265b8c71245bbdd9ac46c82d7fddea0fcbd6f62a410d876ec35c0c11e897f5d61cad920af081bfb53c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
aede76c7b545e939a3b6a9d02072219a

SHA1
09c205dfe80b257ede0a5fc208013c0b5a9ec0b1

SHA256
42a2ca81c026b5f0635aa515f5bb982916222466d6429409905d7f771b75c1bf

SHA512
e345d4d3896c4ce30e004f41e8c6811ff6c9e70a15bc4f1260aa2f84c527b802c71732033cf6ad79ca82bb386614e386b208b04cdf756a2e578cda5b15b06b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
b0d91ed19e5e153e63ec4d3408015477

SHA1
eca518098afbe82660caef8d1f4e836137a2340d

SHA256
1f20f414f6ba0ebe52cc0b4071a92f245da402779dfcd210dedb2003a3234248

SHA512
4a826c96afa594061690022cb2969a3fed33244ab74cd2cf2406284c2ef456d09dc12bf18d4ca555cccd57f2f6ffdf0f8e4c6c43f220bff088562a47724277ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
2bc141bfbf8b5165c9f71f0436694bee

SHA1
d8020d0da438bd3fdd339c10e09a8f46d7e687be

SHA256
32dc6d6ea967308faf9f9e5615a0c79ab1d986d615cda3c38b26dbd334a224ee

SHA512
b8bfdf77d2a0a99e608ab5e68cda8e8ade8245d72bd5e7193cf456d8dfad639dbd30d1cb45f4eae5a77f8a34d99f282286de71535bc37db143d8b96153c23c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
fc9f5e732eaf439757c6d43c449c2e56

SHA1
80629b2012e10d6bbcb698c4672815606ce6e336

SHA256
cd8a332cc98736857eabc5f2c109b9b0cd1d5888e2ccaa6745fa6c68a8e32c00

SHA512
c09f27c8955d54aa7d3063d6c01c59b56ce623b81e5db12630b985d474fe6531bcf6d15147128ab59794a1d5c36b6721f9ed6d0aa7cd6c7a0b3189338764888f

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Microsoft.Web.WebView2.Core.dll

Filesize
488KB

MD5
851fee9a41856b588847cf8272645f58

SHA1
ee185a1ff257c86eb19d30a191bf0695d5ac72a1

SHA256
5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

SHA512
cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Microsoft.Web.WebView2.Wpf.dll

Filesize
43KB

MD5
34ec990ed346ec6a4f14841b12280c20

SHA1
6587164274a1ae7f47bdb9d71d066b83241576f0

SHA256
1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

SHA512
b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.dll

Filesize
985KB

MD5
8bc9404bba7520eca7b7251be6756291

SHA1
93dd99a2b072c2be32cb8bedeefac279e0846daf

SHA256
5f862734433875f2fc628f8d1e3eddd05cda785e7b08f6bcc0d06d73d1d1ce0a

SHA512
09efec78dadd45c791ee85a92c3ff06a543813f7337de2a9f43975a8b22b533b662bc2ab7383215c09dc908c42d6b008d1593402d3f13231c956778de2d1b7e6

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe

Filesize
56KB

MD5
c3256c5f0046841c566b77f0c86eedd8

SHA1
48ab4b19274e8bb4859236e73e8e2ce3b6957c59

SHA256
d51b22a5d11d05453349ef55d319f950f6b1d05ecb3c6d4f34f3f2d2dc55c63c

SHA512
cb5a224f26aade0499ca0fbc6cabe2f348eaed86812e8f5b1b271019744830dbba46544ba7d974af404fcd556f487f790affa814aae6cbd6946bb935d3de37f2

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d9d7577120ca65ce86e5b88cb08ebd4b

SHA1
89564eb3ba29fed2fda88db5931ba02e154fd5fc

SHA256
4acba60bc53a48d063d6f657858592f865e6470064f5e5555b8d1d049c677b1e

SHA512
7ce164f3c8623936b8bf605cf4208f095c9e74fc9701d7b5eb4e8956d736d6d497b012653a99819ab569929e5cda618c8ff167ad354573c9aeb7bec3936f3ae0

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Solara.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\WebView2Loader.dll

Filesize
134KB

MD5
7bf24896b80f336c1d16b488f89fef34

SHA1
50db3c6002a85894f7b960aee1d01b5537a7057b

SHA256
28cee166d574b246aa076eb59e24567026c7782f9a70a05b48a61508589e6840

SHA512
07a660ab26343cb45602710a2935c6b948c80976de612ac403a6e354f7bedbe56e1e92f95cfb0ffa746625a3da5108c9a796941a0db462621ecb653a752766f0

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\WpfApp1.exe.WebView2\EBWebView\Default\Extension Rules\000003.log

Filesize
38B

MD5
51a2cbb807f5085530dec18e45cb8569

SHA1
7ad88cd3de5844c7fc269c4500228a630016ab5b

SHA256
1c43a1bda1e458863c46dfae7fb43bfb3e27802169f37320399b1dd799a819ac

SHA512
b643a8fa75eda90c89ab98f79d4d022bb81f1f62f50ed4e5440f487f22d1163671ec3ae73c4742c11830214173ff2935c785018318f4a4cad413ae4eeef985df

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\WpfApp1.exe.WebView2\EBWebView\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
26fc054d6e2537d0eefc2adccd8aed48

SHA1
57d91cc39566739e53ee686fdf54a54db586225e

SHA256
f1f4cab488693f20a1daa0d0d9bf8d5f4bd066d939fbcb78e3c1eb5b44582e4d

SHA512
b674081966ad1cf5318e3e86c628c13cdc67bb53cbea5a49992551033fe9730206d7133aaf0535c95a6245a2e20522a9ea9bc7c414a72cf08be8f5c2d81611b8

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\WpfApp1.exe.WebView2\EBWebView\GrShaderCache\f_000001

Filesize
16KB

MD5
93b26a977cf99c9d7038ce067f3f6c19

SHA1
daae119d188382adec6aad4c5c34c64adba38ca8

SHA256
63c283447cef315cb5165e4f0b879f2554c854f8de5b9919d2578441b4f92e80

SHA512
c3ef41ba6bde3aa36479efae3f15c9dc45487615c58a240728b03b1c2b06e31c14810a1344a22f923387c33de731ab70994c3265a023c13dbaaba3f829884464

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\WpfApp1.exe.WebView2\EBWebView\Subresource Filter\Indexed Rules\36\10.34.0.52\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\libcurl.dll

Filesize
522KB

MD5
e31f5136d91bad0fcbce053aac798a30

SHA1
ee785d2546aec4803bcae08cdebfd5d168c42337

SHA256
ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

SHA512
a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\msvcp140.dll

Filesize
576KB

MD5
7b92a6cb5d2cad407c457ab12d2b211d

SHA1
e04020b3448fc6084fa31b7f791f22ff15e31328

SHA256
3c6a772319fff3ee56d4cedbe332bb5c0c2f394714cf473c6cdf933754114784

SHA512
b28740c1aca4f0f60a9e4a9ab5a0561af774d977ab6d42a7eea70c9e560c77c50be5d9d869f05d0435e2923f4f600219335d22425807ab23cbbcda75442c4b42

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\runtimes\win-x64\native\WebView2Loader.dll

Filesize
158KB

MD5
aee20ef43cf692c9080c5973b1b79855

SHA1
b3885791b0e122f8360d6fb7c0e0ac7fe4fa14fb

SHA256
31423e905e29c8a40a483e81dae1491990805fa066634d218b35bb96692bef0d

SHA512
eab6684095c0a7555d921fb1a2e136fa1d761c5766c48571000a97403e6d437a3a4833c571f86c039aa8307fb2fc3fae1acffd63085ae9d2ea0d9e7f9ec1ace6

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\vcruntime140.dll

Filesize
99KB

MD5
7a2b8cfcd543f6e4ebca43162b67d610

SHA1
c1c45a326249bf0ccd2be2fbd412f1a62fb67024

SHA256
7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

SHA512
e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

Download Submit
C:\Users\Admin\Desktop\SolaraBETA\zlib1.dll

Filesize
113KB

MD5
75365924730b0b2c1a6ee9028ef07685

SHA1
a10687c37deb2ce5422140b541a64ac15534250f

SHA256
945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

SHA512
c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/4448-1358-0x000001A47AE10000-0x000001A47B34C000-memory.dmp

Filesize
5.2MB

Download
memory/4448-1361-0x000001A460670000-0x000001A46067E000-memory.dmp

Filesize
56KB

Download
memory/4448-1359-0x000001A47A9C0000-0x000001A47AA7A000-memory.dmp

Filesize
744KB

Download
memory/4448-1372-0x000001A47FC30000-0x000001A47FCE2000-memory.dmp

Filesize
712KB

Download
memory/4448-1369-0x000001A47ADB0000-0x000001A47ADE8000-memory.dmp

Filesize
224KB

Download
memory/4448-1370-0x000001A47AD70000-0x000001A47AD7E000-memory.dmp

Filesize
56KB

Download
memory/4448-1368-0x000001A462080000-0x000001A462088000-memory.dmp

Filesize
32KB

Download
memory/4448-1356-0x000001A460200000-0x000001A460212000-memory.dmp

Filesize
72KB

Download
memory/4448-1363-0x000001A47AB80000-0x000001A47ABFE000-memory.dmp

Filesize
504KB

Download
memory/6104-1619-0x00007FFC92E00000-0x00007FFC92E01000-memory.dmp

Filesize
4KB

Download