Analysis
-
max time kernel
299s -
max time network
300s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
03-05-2024 05:59
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1234488074650517647/1234988318874402846/SolaraBETA_2.rar?ex=66355f00&is=66340d80&hm=1639245bbf3eeee882131fa6522c0f9d317116e8cf139a8d8279a2c057ef6cab&
Resource
win11-20240419-en
General
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3792 Solara.exe -
Loads dropped DLL 2 IoCs
pid Process 3792 Solara.exe 3792 Solara.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 64 raw.githubusercontent.com 20 raw.githubusercontent.com -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedgewebview2.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedgewebview2.exe -
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1856190483-1022094809-400023910-1000\{DF2757B8-1EC2-4BB5-A53D-091B76DEDBCD} msedge.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\SolaraBETA_2.rar:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Autoruns.zip:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4204 msedge.exe 4204 msedge.exe 3848 msedge.exe 3848 msedge.exe 2900 msedge.exe 2900 msedge.exe 1344 taskmgr.exe 1344 taskmgr.exe 4928 msedge.exe 4928 msedge.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 3500 identity_helper.exe 3500 identity_helper.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 4 IoCs
pid Process 4760 OpenWith.exe 1156 7zFM.exe 3136 Autoruns.exe 1344 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
pid Process 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3916 msedgewebview2.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
description pid Process Token: SeDebugPrivilege 1344 taskmgr.exe Token: SeSystemProfilePrivilege 1344 taskmgr.exe Token: SeCreateGlobalPrivilege 1344 taskmgr.exe Token: SeRestorePrivilege 1156 7zFM.exe Token: 35 1156 7zFM.exe Token: SeSecurityPrivilege 1156 7zFM.exe Token: SeRestorePrivilege 3136 Autoruns.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 3848 msedge.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe 1344 taskmgr.exe -
Suspicious use of SetWindowsHookEx 21 IoCs
pid Process 4760 OpenWith.exe 4760 OpenWith.exe 4760 OpenWith.exe 4760 OpenWith.exe 4760 OpenWith.exe 4760 OpenWith.exe 4760 OpenWith.exe 4760 OpenWith.exe 4760 OpenWith.exe 4760 OpenWith.exe 4760 OpenWith.exe 4760 OpenWith.exe 4760 OpenWith.exe 4760 OpenWith.exe 4760 OpenWith.exe 4760 OpenWith.exe 4760 OpenWith.exe 4760 OpenWith.exe 4760 OpenWith.exe 3136 Autoruns.exe 3136 Autoruns.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3848 wrote to memory of 248 3848 msedge.exe 80 PID 3848 wrote to memory of 248 3848 msedge.exe 80 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 2108 3848 msedge.exe 81 PID 3848 wrote to memory of 4204 3848 msedge.exe 82 PID 3848 wrote to memory of 4204 3848 msedge.exe 82 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83 PID 3848 wrote to memory of 984 3848 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1234488074650517647/1234988318874402846/SolaraBETA_2.rar?ex=66355f00&is=66340d80&hm=1639245bbf3eeee882131fa6522c0f9d317116e8cf139a8d8279a2c057ef6cab&1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3848 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb06463cb8,0x7ffb06463cc8,0x7ffb06463cd82⤵PID:248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:2108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:82⤵PID:984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:2208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:3676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2320 /prefetch:12⤵PID:3048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:12⤵PID:1324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2888 /prefetch:12⤵PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:12⤵PID:1916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:12⤵PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:12⤵PID:3980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1664 /prefetch:82⤵PID:2784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3392 /prefetch:82⤵
- Modifies registry class
PID:764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2324 /prefetch:12⤵PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵PID:3628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:12⤵PID:988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6868 /prefetch:82⤵
- NTFS ADS
PID:2360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,8801382373860394487,18335777231895602011,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1308 /prefetch:22⤵PID:4876
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:428
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2024
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1344
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4760
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3408
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\SolaraBETA_2.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1156
-
C:\Windows\System32\DataExchangeHost.exeC:\Windows\System32\DataExchangeHost.exe -Embedding1⤵PID:2368
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Autoruns.zip\Autoruns.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Autoruns.zip\Autoruns.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3136
-
C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe"C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3792 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3792.2296.71911185229490226332⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3916 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Crashpad" "--metrics-dir=C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x104,0x1d0,0x7ffb06463cb8,0x7ffb06463cc8,0x7ffb06463cd83⤵PID:408
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=2008,18208603847807365759,4495727412593288375,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2032 /prefetch:23⤵PID:4456
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,18208603847807365759,4495727412593288375,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2284 /prefetch:33⤵PID:772
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,18208603847807365759,4495727412593288375,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2856 /prefetch:83⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=2008,18208603847807365759,4495727412593288375,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:13⤵PID:4788
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2008,18208603847807365759,4495727412593288375,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4860 /prefetch:83⤵PID:5052
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2008,18208603847807365759,4495727412593288375,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4540 /prefetch:83⤵PID:3956
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2008,18208603847807365759,4495727412593288375,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3504 /prefetch:83⤵PID:844
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=2008,18208603847807365759,4495727412593288375,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2520 /prefetch:23⤵PID:4388
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2104
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4920
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50354ef8afd53bc4c27ab99144970a9c9
SHA17105316ebb6a50dc71cc5402c64bba847a7c95ae
SHA256acef151efdca7eef151e0cc9e45d5945737c4ab7cd8493e3dd9acb49d8df6020
SHA512af6d8f1010ab8181c6cbe4c64a0d72c20ddfc56257cb862570c410546ddc52d2f1a67e58b93e7548573091b0e7173f230868c28bc6ed0abb8116f850f7122893
-
Filesize
152B
MD50f25425fcda7474bc74cf6b914ce2262
SHA1541620b08eedb97ada0840960b2c59391ba9a530
SHA256b170ac8e893bcbc87746d28c5068393019160b9f798db01d364812cac69f1cbe
SHA512f4c7257d8729f6d6338872ca36ed128349944c9efe8989dee267230e5ebae8675a3fba3ac3038a88d5b70977b767eee0c2423481c526ade354fb335592d80b7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4567f4dc-21de-4715-8a5a-f3b996302ed1.tmp
Filesize5KB
MD5c4e76a2eb62ffa85b44fada02a33ff46
SHA1bf6b981cd8920006b5b561d159eb56c1b0909abc
SHA25652bc4b763e385e32ca845e83f613786128fdbe8bd7107eb206aa696deb72c8a3
SHA512811d0038fe970e613560e02b01c6078f9ca1753d7dde7b1cfe059bc6fee7a0b8127b030453da892226dc68c52c363695209133ecff6d8d80788fd64784701df5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD517c5e5d62154282f03f63212579e9116
SHA18ede6dea043e4709a0a640698d40db84e2573c2a
SHA256682ff39d8fbbd9b4766133383a7544d5dea393843290c86407abd7ceb614c7c9
SHA512e8ee96adf12d0f6a5e7401d0e78a143bf8ead8734ad14703ab074ade55d2c27147929bbbaed7d597ec61ae1f1758c6ad0070be5e6eeffc455d05134c22049d7c
-
Filesize
1KB
MD59aa7ad3ae171b108f8ebbe8004b0de28
SHA1eb47126b87005438e3bd14416be83ef4ae750a45
SHA2561f82d58b91bde95fabe6393df672808aed01f9962ff1ec978bc4054ffbf7a95b
SHA512d2e3c0af7984082d86f699a847232611a9764c470c6c0e266c49fa5a25743f92c4f5c524bbafe0268dbd795e595924d1c27c1307196232f3ce3a3c6f4f623868
-
Filesize
1KB
MD5955d234046fe413414cf386bdfe7c540
SHA169afa55ce5312106f0584079ad85da29ed775601
SHA25664ca51b5a52aa4f26cbc0ff057b409b057e05550374c562382b1f622297297fc
SHA512584ff372f03be40864383ae1ca2b4904bfc65e7f6bd14e0944540d82af72482131995651462804b5a9617e8865c7c914b4522cf6e10b6f4ad4cad670cc685853
-
Filesize
5KB
MD54f77c4d45ece9f6fc1922aced46ffd45
SHA113622f0ddea9db85edc4c6192e9cde22452315af
SHA2569f4268c8b5a19567be6031978edb8e6b53c985574ddb9ddc7787ecc7761a5d6c
SHA512f304a9e208a4ed4b2deb5bde1ab1bba7a240298b249c1cbe35a72614d8d041bd26208993b9a21211cd5460f30ee7f26844b622504c7cab81afaae2998e5d8f91
-
Filesize
6KB
MD58c90e37d33db8200c9baa45172d57791
SHA175218d240d766ade5d33a4e8cada1878cd9f720b
SHA256106b58cfd18034962199bbd3bc41b0a12228c782884995a9b3fd1b96db5c991f
SHA5127f6ddc1abf9046c92f62b637fe256c44a6c7887eb726716056fcee7a96bac8db1e323ed1b1754fe3550e9fe55245e5b12eb3d693124b6d4cd1885e37e9096aa7
-
Filesize
6KB
MD596e7823c94dee162ef3d5be050b20ab9
SHA188dd02e744c049e3c36bdfa0e2552d341dbbbe3e
SHA2563227086ea088a043337bd9a853dc1dcdab23db54a919bf629d22c1277c3de140
SHA5124853ca7b740df976953123c9f3ba8ab69aaadaa863eb3db03e525a3fc3ceb8ef949f0cb83496495fd1bd66c438eb9fc89b66cbe820b989f684900e854a14795c
-
Filesize
5KB
MD55063db42a34eb05bca473943abe11f4f
SHA18655ed48513ef3ff9f42944b75e301b765de5253
SHA2562e4832fcb315c0bc2cd2a7d596716f1c768d66adae8a9980c214858cb7bdd7f6
SHA512d403ebb6d4c6420e75d37cec2e51b9f55d3d84c490c8dc3cb0efc1ee726a6ec3ecd4663d2efc07bd3387bc6cdc03020af5001ef3630e44aa369818b09a84bce5
-
Filesize
1KB
MD52516eeadedf64d9555e1a3bfbf34e9ea
SHA109e4e992fc27deeb1e68abd4cd57c2afaa15cc54
SHA256e2345ede4c273f24b9f7a76d2ee314e8d9e5e7195d3ab06113dcbce46499ff1f
SHA5126d2ef1d008d8657991d57672b698c015f3048ba0277d2101112fad8aee3cbad2e2e4c2b1098145ef8fbf4c1e92ce35cb600fc1c417c617d70484d5995943e46e
-
Filesize
1KB
MD5366f4fbad82bca186be77455ee5d4fa3
SHA1a5915996337dc753b888b56bfb7334e056cef842
SHA2563f41e4c446734120079c08bca9c206016d4d6121d88f39c4d79583cf900dc98f
SHA5128a18edd385a94219340e3a1b63eaab27f2b07fffc9e7450ca2f0ecd62668a0e2e266bb20953c004dafdb8b0209cd52ed39fd5b7aba3eb4afe8deeeac9279fceb
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD580490aa859961fb6d920b0edec8d7511
SHA1bea7607e37665f56b34af98a0b8d5e0a7b3983d7
SHA2567f225aa8f1ce14e1719e84be15dfc33a4983abec7232e685d3cb2336550ff02b
SHA512000b97bc0d523436f1b5e929a4d5d6f1dbb046b137b87df619c482e8e5453579b5c8508efd1b2b94223a2af71455a7c95218b8ca144d989796260b3100340c89
-
Filesize
11KB
MD5e074dba25c5657c29ad86167307fbe6f
SHA18ebef3a0f6d7cad5bd96fb6a9f2f9daa9e235d7d
SHA256075dd452f74a2c7d79f67124b1ba3d81a47cff7dad046e1d9f261f297bb8c067
SHA512cd789310ea6076c7ba7bbf75985e3ee0e107cd770aee15117092c65e1245303b411f44146f65b5fdf6273196e6baeb6cc476c8387a7cc3b8585647f6e0292deb
-
Filesize
11KB
MD549ec6623d0c6bd24093a4417e0d62519
SHA13dba78b142b0e45dfcf030a0f0ab4b4e5f2e1e82
SHA256950568198c681ed822c088c35378dc0953f4043b5fe2e8a37a5cf4a045363c7a
SHA512fb7ad3143bf5274b483346561e8edcb5f9a40d3a0f22ffa89c4fea8ac327982f0ea58d9c235dc3ba269239302faae0d4ba8b24fdc8247d92abefcb374a48a366
-
C:\Users\Admin\AppData\Local\Temp\7zE48496A38\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Extension State\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Temp\7zE48496A38\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Temp\7zE48496A38\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index
Filesize24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Temp\7zE48496A38\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\GraphiteDawnCache\data_0
Filesize8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\Temp\7zE48496A38\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\GraphiteDawnCache\data_1
Filesize264KB
MD5f879b4106e4918ffd7c7321eadfc8897
SHA11b7bf5e81e0127e4073830e8252772a146161f89
SHA256872ae3c16c371716c520601ed5aa97cbec7935206e17b70948d264bfe65d924d
SHA5128a961792e7b2a40739cbaeda680f0563d067d1c18732225a14c63633930e112a383321a3c2f827c2d0836782b5df8f8f8f74b33b698567e4569875921c04342b
-
C:\Users\Admin\AppData\Local\Temp\7zE48496A38\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\GraphiteDawnCache\data_2
Filesize8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Temp\7zE48496A38\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\GraphiteDawnCache\data_3
Filesize8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Temp\7zE48496A38\SolaraBETA (2)\WpfApp1.exe.WebView2\EBWebView\Default\Extension Rules\000003.log
Filesize38B
MD551a2cbb807f5085530dec18e45cb8569
SHA17ad88cd3de5844c7fc269c4500228a630016ab5b
SHA2561c43a1bda1e458863c46dfae7fb43bfb3e27802169f37320399b1dd799a819ac
SHA512b643a8fa75eda90c89ab98f79d4d022bb81f1f62f50ed4e5440f487f22d1163671ec3ae73c4742c11830214173ff2935c785018318f4a4cad413ae4eeef985df
-
C:\Users\Admin\AppData\Local\Temp\7zE48496A38\SolaraBETA (2)\WpfApp1.exe.WebView2\EBWebView\Default\PreferredApps
Filesize33B
MD52b432fef211c69c745aca86de4f8e4ab
SHA14b92da8d4c0188cf2409500adcd2200444a82fcc
SHA25642b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de
SHA512948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf
-
C:\Users\Admin\AppData\Local\Temp\7zE48496A38\SolaraBETA (2)\WpfApp1.exe.WebView2\EBWebView\Default\Safe Browsing Network\Safe Browsing Cookies
Filesize20KB
MD526fc054d6e2537d0eefc2adccd8aed48
SHA157d91cc39566739e53ee686fdf54a54db586225e
SHA256f1f4cab488693f20a1daa0d0d9bf8d5f4bd066d939fbcb78e3c1eb5b44582e4d
SHA512b674081966ad1cf5318e3e86c628c13cdc67bb53cbea5a49992551033fe9730206d7133aaf0535c95a6245a2e20522a9ea9bc7c414a72cf08be8f5c2d81611b8
-
C:\Users\Admin\AppData\Local\Temp\7zE48496A38\SolaraBETA (2)\WpfApp1.exe.WebView2\EBWebView\GrShaderCache\f_000001
Filesize16KB
MD593b26a977cf99c9d7038ce067f3f6c19
SHA1daae119d188382adec6aad4c5c34c64adba38ca8
SHA25663c283447cef315cb5165e4f0b879f2554c854f8de5b9919d2578441b4f92e80
SHA512c3ef41ba6bde3aa36479efae3f15c9dc45487615c58a240728b03b1c2b06e31c14810a1344a22f923387c33de731ab70994c3265a023c13dbaaba3f829884464
-
C:\Users\Admin\AppData\Local\Temp\7zE48496A38\SolaraBETA (2)\WpfApp1.exe.WebView2\EBWebView\Subresource Filter\Indexed Rules\36\10.34.0.52\LICENSE
Filesize24KB
MD5aad9405766b20014ab3beb08b99536de
SHA1486a379bdfeecdc99ed3f4617f35ae65babe9d47
SHA256ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d
SHA512bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852
-
C:\Users\Admin\AppData\Local\Temp\7zE48496A38\SolaraBETA (2)\WpfApp1.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-as.hyb
Filesize703B
MD58961fdd3db036dd43002659a4e4a7365
SHA17b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92
-
C:\Users\Admin\AppData\Local\Temp\7zE48496A38\SolaraBETA (2)\WpfApp1.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-hi.hyb
Filesize687B
MD50807cf29fc4c5d7d87c1689eb2e0baaa
SHA1d0914fb069469d47a36d339ca70164253fccf022
SHA256f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA5125324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3
-
C:\Users\Admin\AppData\Local\Temp\7zE48496A38\SolaraBETA (2)\WpfApp1.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-nb.hyb
Filesize141KB
MD5677edd1a17d50f0bd11783f58725d0e7
SHA198fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff
-
Filesize
488KB
MD5851fee9a41856b588847cf8272645f58
SHA1ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA2565e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f
-
Filesize
43KB
MD534ec990ed346ec6a4f14841b12280c20
SHA16587164274a1ae7f47bdb9d71d066b83241576f0
SHA2561e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
SHA512b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0
-
Filesize
56KB
MD5c3256c5f0046841c566b77f0c86eedd8
SHA148ab4b19274e8bb4859236e73e8e2ce3b6957c59
SHA256d51b22a5d11d05453349ef55d319f950f6b1d05ecb3c6d4f34f3f2d2dc55c63c
SHA512cb5a224f26aade0499ca0fbc6cabe2f348eaed86812e8f5b1b271019744830dbba46544ba7d974af404fcd556f487f790affa814aae6cbd6946bb935d3de37f2
-
Filesize
1.2MB
MD51045bfd216ae1ae480dd0ef626f5ff39
SHA1377e869bc123602e9b568816b76be600ed03dbd0
SHA256439292e489a0a35e4a3a0fe304ea1a680337243fa53b135aa9310881e1d7e078
SHA512f9f8fcc23fc084af69d7c9abb0ef72c4684ac8ddf7fa6b2028e2f19fd67435f28534c0cf5b17453dfe352437c777d6f71cfe1d6ad3542ad9d636263400908fd2
-
Filesize
152B
MD5453ddca701ea944b47bc3a9b6b44aebd
SHA1323fdd3957818e4fafb3befe6d06f0fca255fe51
SHA256a6c25ad18b275f8d9d48f10e5bd5d8879e79b5dabfab8ac63f1dd74328500303
SHA5123a4c317fd615080b763c4765206fc99c900c98310178f815337b0d63ec458f46abedd3e53f77608064c67b7c0b8fa554d85d1bf186d85461b1bbd0f93d4c2dc0
-
Filesize
152B
MD5e0f52a2b38df9c591400f14986ffefb0
SHA191fcf3318c6e55d2ee4735829abc6fcae4f8e464
SHA256172fc004763469f2fe690bda54e6b354a4c6b3d5a62f1f37663af851096564bb
SHA512784e2d502fd3e066039116f101d652b01442842dfe0d2cbc2268217d05094012d5bf0b0c83de01233005a8d35909590a396716ad9bafbc1b4b925fdec4ab29f5
-
Filesize
20B
MD59e4e94633b73f4a7680240a0ffd6cd2c
SHA1e68e02453ce22736169a56fdb59043d33668368f
SHA25641c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337
-
C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
Filesize48B
MD5ba773c8842db276a48f01c19ab39456f
SHA1ed613a87271a007206ab43e6384d45245bdf6ead
SHA25617b84a64ca830979764fa834a198f51c23370f097a8880683845cf9eed48b605
SHA512359ce3d1a59107b87e1dba2ef044c2d3df09d924aa444affaff38870b399402134f018e46188b4ee877c9612d9a6458aa4c1f2cda55bb6471c72516be5b075e7
-
Filesize
20KB
MD5f56e431b1d09b7ee9076ac27c118cd1e
SHA1fd00bdd050f91f04e12091c5786438f7f9b0b28f
SHA2560db6438854d1086c869c9bda01877547517cd155cc8336dc1838abe3458b4bf6
SHA51254f7b298f2f7447fa071f58bdb1bb80acbdb1c0de4ea46760d391427649b8f255f040c650ab758700289ad5b35096ef8192eff77c4e3c47d72713148a4ad3714
-
Filesize
164KB
MD54f9a22d63decfbf2dc70fa0e9177fc9c
SHA11d8b46f93deeca7e56d1a278ed01411a918c0912
SHA25668d47b997aee358042a7a160bfd585c7439e686bca535f440b8eede35a39ff1f
SHA5120df4ccdd2808df8e30c23fe8a7115a625ad468bc28e4e062b260a17b3f0671bd5ed1a104ae7cc8a9bfb7218c6381f95fed03d1c9e22eac2fdc0a4cbbd8fe92b7
-
Filesize
42KB
MD55cdbe5fe7b39e0617a15efa1daca1f6b
SHA1eace7b5e04c4d3fcb5a48baf00a9f1aa41ff7e13
SHA256ee6731dd6cdae816e48422f6f77482460ec71446d7450e7d9c363bc4f76a0842
SHA5128e85f436537d2a15fdbb1199af7f1df7eed3f31a9b8b1c2e299bfd6bb9c511279eace1dac6a3edb62b7be458d68e4c24e82e466dc2095bff5f6cfa8d844e6e42
-
C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Network Persistent State
Filesize382B
MD54bf6797b7932b8b49220b64d6409c684
SHA116504d6c1150b75199145497a20281c9764dc84f
SHA2563681f54328d132485f27bca867a6dc783d924defb4f368034dc5131731a9c436
SHA512cc13c676f7f581ba937efa3ca664e237be85457d3aaeae5d193e2a9792ca39d54539f81bb7f60e716ec4ea9722aca0bf3562e733ec4e7b9a36681c46ac444f25
-
C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Network Persistent State~RFe5a56ad.TMP
Filesize59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
8KB
MD5174b1517d3c0bff4932b912221b0db7e
SHA17cae026de512f76a2580c8f9e6f75597efb56deb
SHA256b545d93665bc44d36e1c1580a7792b8ca3a3be496c96017339b7e5b06d0bb90e
SHA5122ccae0b40a9bf7072b27b53cdb3fdbad1b1029c1e48ab04686f3da8e60030b8e645cf368191e64cf7e8dc408f5dd1fcb4b477164aa3e278043c02b972b45ae51
-
Filesize
9KB
MD50891357c6d65efc1aa77862c0b3253f3
SHA1f65f74bc15848f2c1b8f7989203935dd085e9665
SHA2561733aa8c1b941b7668167f5f782d56a299b1e1af6d8bd53a27f7fbcbad572f45
SHA5123a4c46e4fb3800d11b4a8c51de4af2da8ed5bcf03cc8354233b4e33f845a0f6d821bdac3a5ec6b50bc0465a14789ff41ac5d97baba571b9e5dc988a7abb0a44e
-
Filesize
6KB
MD591f50a4603ebc352f44ad90cc0fa1fc6
SHA1bce527c69251c495e29c9bd8045cbcf2800c2392
SHA256d01d65aa648118742db4c773c427e6cea1d7a266a4c15f215ca6e443333274d6
SHA51266b3dd012e7d2c67590ffedad4d5899a017a63019e09c305aeb589655ff9289d077ea0523043ae9327aee2de421a61e8666fffbffabde759cdd459b5eab70c40
-
Filesize
6KB
MD586d560366106eb22e5bdd666ee23bc7a
SHA118ec11b62ee5a06facdcb855725bff5794ed36fd
SHA256bda209a0900692c4ad04bfd1ed8144dbcbdaa3cc04e707b5e8c2e1874bcaff6b
SHA512655938532c21f1c2c363d20a8bd89025ff50da3545932eab013d0a7954ae0b1d17ccf641a08e4794eda8f90facb81316e5310b4c30951b8cc35aec762d500dda
-
C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Site Characteristics Database\000003.log
Filesize40B
MD5148079685e25097536785f4536af014b
SHA1c5ff5b1b69487a9dd4d244d11bbafa91708c1a41
SHA256f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8
SHA512c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f
-
C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Site Characteristics Database\LOG
Filesize380B
MD52c2a5edab4fb46c1d032ecee369a7038
SHA1cb1592a784234ad37279bce427ec2b0504423ae1
SHA256d0f2b5c441dff4a42e392dd8fe262232b66ac47725723adf64d1059e5d5e67c1
SHA5124718cad8308160afa1577c0684ea8e9149b6df55e8f8d9a45ad767eb4b8db8e89c1663faa6c0b8ca7c6e4ca56c0b875b9bc241e33a3399dfa162c2738c3b63a7
-
C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Site Characteristics Database\LOG.old
Filesize380B
MD5bf7b17db1b5809b817f9b046612663f4
SHA102e67a8b9bbbabad9bc8109008e4c156a7a93401
SHA256d6c70f2aa03ba49d0e344f677476d74c69c08a17909b52a41d1f17c5be3b53f4
SHA5121a5322ab2c61668dded351515356445d3b80efbfadd6583a3f8f2e72a46b0f36f9be7e860fd59b663f72f43483cc29d7a7ee8118780a54dc95e20a8c2a7d0755
-
C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\000003.log
Filesize46B
MD590881c9c26f29fca29815a08ba858544
SHA106fee974987b91d82c2839a4bb12991fa99e1bdd
SHA256a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a
SHA51215f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625
-
Filesize
356B
MD59662643c1f0fc87374d7f9741e14a17b
SHA115347884aff84e00c34797ae19e86b2035e01bf6
SHA256ac5bb21117aa5040a8a2e4ca27fe68499086d94ee749fba624d8d800ee91cd53
SHA51269a91ee5fa92332568acacb296be6c7486c32a3408b068d32ee6085e94bb519854bdd0b21c3778216b5cf3733abd607ee5e31f05c9b825a3901c54726ae9fae4
-
C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\LOG.old
Filesize356B
MD507d60c55d3af7c828f610f5e45390c88
SHA135546aa2a51450c4b88062f6d15674debbb419b7
SHA25643e4222ad78b374345d91a95fa8b6d316de0d28ab4e0005136be2c54675f3681
SHA5125991484bfb370eeb1c3c5003c82898a3024b9b0b10a814f4300f4180e4b4e8568cc9beb45e1f2b20375b3f06ad4f3081729ef1c325c842fd14b1183cd98698b9
-
Filesize
128KB
MD5d67ebbf0fc2c8d925d777252dd7d133b
SHA1103c088423764e256e36ffbef3d119776d060b5c
SHA256672b17df7755c38ba03ca13d9d7042ab0cbd3b9c0bd0ffc151530b1d2b6b76b2
SHA512724724678d569c92c454f41f228d7ab8af78a9a2cbd60c46e7cacc9bfcf141ef49927b091e124d28d3abe251456aab49f15f62ac8eff412dcba8396b1e41909b
-
Filesize
218KB
MD5cfb2e508f034dc44935da51dfa22c3ba
SHA14d60c926ce0d3b53697b2804a2394dacfe3f75de
SHA2562b057dccbf112f89920ec013aa00b7991c315635b6f9225400de43c50700957d
SHA51277ce51fa4f156766e7d419ed09d4003821ba4614bbae3b83b6f4e496ed9aea59d2b42a67c93ea6d864910c0633db974abf866bfce4f73b55c12717a5a85430e8
-
C:\Users\Admin\Desktop\SolaraBETA (2)\Solara.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT
Filesize16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11B
MD5b29bcf9cd0e55f93000b4bb265a9810b
SHA1e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011
-
Filesize
19KB
MD538c09f9a9c35e8da08d2fd6abb9d3639
SHA1a25fd030daed859ab3aa44a7366cc08e8a0806cb
SHA25656877d7716385b0861a46782bfa89152875dbf047e346b610893ef80d9ba5409
SHA51227aa0996f90ec17775cb36abfaf5a97e582509ab2b33c57d87a21663d9f01b03ce35667f50113cf4e500fbec20fe04849163a1b700f6ea207616082fe9b0df52
-
Filesize
23KB
MD58bd6a891f86e1dc1fe3b57e2bdae4d0a
SHA1f9e161094ddd8eb9db6f2dacc957fe4898bcb329
SHA256f5c711f20418bc1765309b8260c325458c2335135071e29e6f66f3ee39c73d22
SHA512606f0abae4d17686386b3487fbe2ad1e6f01845b81b98ef717a7e1d53784d873a2f2f4a855a82273554136281a57c50cc72367234f8ad47e736c22be03e247e2
-
Filesize
134KB
MD57bf24896b80f336c1d16b488f89fef34
SHA150db3c6002a85894f7b960aee1d01b5537a7057b
SHA25628cee166d574b246aa076eb59e24567026c7782f9a70a05b48a61508589e6840
SHA51207a660ab26343cb45602710a2935c6b948c80976de612ac403a6e354f7bedbe56e1e92f95cfb0ffa746625a3da5108c9a796941a0db462621ecb653a752766f0
-
Filesize
5.2MB
MD5aead90ab96e2853f59be27c4ec1e4853
SHA143cdedde26488d3209e17efff9a51e1f944eb35f
SHA25646cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d
-
Filesize
158KB
MD5aee20ef43cf692c9080c5973b1b79855
SHA1b3885791b0e122f8360d6fb7c0e0ac7fe4fa14fb
SHA25631423e905e29c8a40a483e81dae1491990805fa066634d218b35bb96692bef0d
SHA512eab6684095c0a7555d921fb1a2e136fa1d761c5766c48571000a97403e6d437a3a4833c571f86c039aa8307fb2fc3fae1acffd63085ae9d2ea0d9e7f9ec1ace6
-
Filesize
2.8MB
MD509aa3a18f9dbf8588b0a3489f5c752f4
SHA1130a744a421ca914f2809685af8262c468f4177a
SHA256b04d2ac6dcc287a4b01a9cdc5bd9580a38df8a3379e03698cf7b888cdab7ea0f
SHA512d0a18f5b71fdf9df60e604d12c9279322a6aa8ce6001cd980bd9df138718c59bf7023690de51b64e6926f154b2ebd52950fa21a89e5e30d6942c784a28edb453
-
Filesize
68B
MD595382976d1d1faa42a3d1561498e4ea6
SHA1a73de3ad4be0e5beadd5fe5ec4ef9e5bf41da233
SHA25610b5e0c965f5f3a06c919adddcb0a93458b0140de324b0ee96873d8590a98e9a
SHA51259f643930138c9f9064e469ed880eec1577086319906269ed9673f3424cc1ed6a8e606a249133ce03c48fec006aa48cac0bcdd970ac4f91849dc1baaf91653a2
-
Filesize
17.2MB
MD5f9e8217fedf29857bdbf27881dcc4f52
SHA11287993809b1643f7873573b6892e352df811cf1
SHA2563b117feed881152b4d0a4bb9856ae90521d2e9aceabf63b0126502483b4274fd
SHA512feca2ca549a330903af83498f8cd17994590240cef49e6b9d44d54813f451237f24d64689bf3115463c450b49587ec2d04c56903a728de16c1328cfc1bef0774
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98