hxxps://github[.]com/quivings/Solara/blob/main/Files/SolaraBootstrapper[.]exe

Analysis

max time kernel
83s
max time network
80s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/quivings/Solara/blob/main/Files/SolaraBootstrapper.exe

Score

8^/10

themida

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

SolaraBootstrapper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	SolaraBootstrapper.exe

Executes dropped EXE 2 IoCs

Processes:

SolaraBootstrapper.exeXcHvYYrNa.exe

pid process

5116 SolaraBootstrapper.exe
1464 XcHvYYrNa.exe
Loads dropped DLL 6 IoCs

Processes:

XcHvYYrNa.exe

pid process

1464 XcHvYYrNa.exe
1464 XcHvYYrNa.exe
1464 XcHvYYrNa.exe
1464 XcHvYYrNa.exe
1464 XcHvYYrNa.exe
1464 XcHvYYrNa.exe

pid	process
5116	SolaraBootstrapper.exe
1464	XcHvYYrNa.exe

pid	process
1464	XcHvYYrNa.exe
1464	XcHvYYrNa.exe
1464	XcHvYYrNa.exe
1464	XcHvYYrNa.exe
1464	XcHvYYrNa.exe
1464	XcHvYYrNa.exe

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.dll	themida
behavioral1/memory/1464-1791-0x0000000180000000-0x0000000180C2E000-memory.dmp	themida

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

68 raw.githubusercontent.com
69 raw.githubusercontent.com
94 raw.githubusercontent.com
95 raw.githubusercontent.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
68	raw.githubusercontent.com
69	raw.githubusercontent.com
94	raw.githubusercontent.com
95	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 800600.crdownload:SmartScreen msedge.exe
Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

2948 msedge.exe
2948 msedge.exe
2980 msedge.exe
2980 msedge.exe
4568 identity_helper.exe
4568 identity_helper.exe
4688 msedge.exe
4688 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2980 msedge.exe
2980 msedge.exe
2980 msedge.exe
2980 msedge.exe
2980 msedge.exe
2980 msedge.exe
2980 msedge.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

SolaraBootstrapper.exe

description pid process

Token: SeDebugPrivilege 5116 SolaraBootstrapper.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 800600.crdownload:SmartScreen	msedge.exe

pid	process
2948	msedge.exe
2948	msedge.exe
2980	msedge.exe
2980	msedge.exe
4568	identity_helper.exe
4568	identity_helper.exe
4688	msedge.exe
4688	msedge.exe

description	pid	process
Token: SeDebugPrivilege	5116	SolaraBootstrapper.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

msedge.exe

pid	process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2980 wrote to memory of 3996	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 3996	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 4984	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2948	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2948	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe
PID 2980 wrote to memory of 2416	2980	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/quivings/Solara/blob/main/Files/SolaraBootstrapper.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1ec946f8,0x7ffa1ec94708,0x7ffa1ec94718
2⤵
PID:3996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
2⤵
PID:4984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
2⤵
PID:2416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:4992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
2⤵
PID:2676

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
2⤵
PID:5168

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
2⤵
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
2⤵
PID:448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
2⤵
PID:4080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
2⤵
PID:1788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5864 /prefetch:8
2⤵
PID:5772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
2⤵
PID:860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6352 /prefetch:8
2⤵
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4688

C:\Users\Admin\Downloads\SolaraBootstrapper.exe
"C:\Users\Admin\Downloads\SolaraBootstrapper.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5116

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1820

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
e655c0376981ea6fa4691136a0259660

SHA1
68ee3fcc7276f4261594c3b7dd69bdbee4130416

SHA256
6d866310d73d5f99505495072f7efa9f62d1a0ad37d20b01c3ab72d153fae158

SHA512
dda1f691673c21a0177f0773afb35326011b2ab2444c231e18452eb806a2785341ca0454ac64bfcdfc6e30cb1e0a968aa23090e2dbf0717b8c8525f44e3aeb7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
579B

MD5
454e7cd4fbb0751ffa354ec86870a258

SHA1
716d6739a2a278446c3e9c16cb72d996d042bc89

SHA256
9cbad050449dd86a473ca97a90c4b4f6076f3174f52ae515de52cb4793f3d5ca

SHA512
83e6e36c576ef32a555d6a6e3ed9fe4ad51d7681bbfcc6421c29b15cadb0bcc918e4a9d6388ca0e1a1ca750830164ef64ca8015d07a0a2b8ec81fb17c5bc6f87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
08aa3b784d23bf678181c23ec65e751a

SHA1
ef9948a21af283a9ff516b187c6fa704ff495385

SHA256
b0d7e5cf0c3ee88516ae274fb774ab3d81f185e9103c1f01e4d3caf130f7bf1a

SHA512
187f7b082d470205aacff62cf6dc6d0b1e3eae0948c6b4d0c691b3fd49ba69c2431afffed9a165c8ca0db26bf71451c94964e13dd7cb21c8a68ea0da6a43914f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6e743e4721ae3b74be555f229cdf7724

SHA1
95f9e895e07a6e3a706e2ba153521f46e5eb5c29

SHA256
e174500f55254118900d9fc639f103fba25a821546db100684eca6dd6aaa784c

SHA512
3ca8950686be79a97f535bd8b22b57656e2eb1173ca3dfe429e2cebbfe4f4f089f8683b3b3a97535d93acbab6b0813a4205397b1b48289dc92f4a24499c59228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
468b5fa0548af7c89a7eff67b6eeccb9

SHA1
b2e31b1c2c70a023e34e1bc808e251c8e180bfc0

SHA256
4c88e2f34d42b76696efccd4e7b652745994f0bb67a0f9a6aaebd509e6362009

SHA512
f4d0444c000ee9fc9629cc0ecc6997875318d948b7b7b7904b3c97ae08e745f4a3a3bace5af20ba539014570d730104d86b07d04584fbd3cecad4c67a1d58b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
cd151c6a4ece1a09886311d952a41b4e

SHA1
655743533631c2d7b67239d3e7694ebd9c39a92f

SHA256
a3599fac5f200024e7654e84c7edb297f7b8bd4c207099639e7597f21aca5be8

SHA512
6905d1b35c3f1cdac1fc858dcbce474540f1623d67b11a057e0d3f1cfa217167d1174fa423820266045074bfa0f08dc1fab8fd1ca72b5be4e44047111f8e1759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b815.TMP
Filesize
874B

MD5
364e293fb93da548073455e546ca58da

SHA1
37dd0ecf7ba830c13d482310c8928d42f4bee873

SHA256
b0bd3869637492e2b4d36b5fb8674fc7ab7c425c06b325ad4ee9763e8252b7a9

SHA512
24abf4f9ae823c883974561a98d311af9cd799896b4f139e5ee82ca5d503f6f0b30f2a1397bc8e6254d6cf599139eee33d38ea6bf18a707f848d4fda4a497e7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
2f4a718cec9a003169182dbc33752430

SHA1
d3bdee002e8131d0cc9013bfa7ac9cc92ce2525f

SHA256
bfbfef19c28dd0f71f5d1b363bb9e034c4db66213173e0913728d4d74b008619

SHA512
a34c18d080db79fb2f8b8e14de863b87f679f6294a7280921f667d10ef72160ff991f8051e4c59581887b9b668133ecbe7edf7d5fc8cb6d4ccc09391769e3279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
b1d5a02feff9171a90244732649e8663

SHA1
ba08af20d0d68f55aa75387782c7407c6452e05b

SHA256
9bd771b1ea1c5b24e2068d35e52aee587e9804666c7d64c2078c3f887000b869

SHA512
79c1adfbfe814ef2932a23453742ad230823781be310564885d068859544b1210102e1ad49938ec45a4946d0c4720458918cd22972d6e52cf92686f1ef845008

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
Filesize
488KB

MD5
851fee9a41856b588847cf8272645f58

SHA1
ee185a1ff257c86eb19d30a191bf0695d5ac72a1

SHA256
5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

SHA512
cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
Filesize
43KB

MD5
34ec990ed346ec6a4f14841b12280c20

SHA1
6587164274a1ae7f47bdb9d71d066b83241576f0

SHA256
1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

SHA512
b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
Filesize
139B

MD5
d0104f79f0b4f03bbcd3b287fa04cf8c

SHA1
54f9d7adf8943cb07f821435bb269eb4ba40ccc2

SHA256
997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

SHA512
daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
Filesize
43B

MD5
c28b0fe9be6e306cc2ad30fe00e3db10

SHA1
af79c81bd61c9a937fca18425dd84cdf8317c8b9

SHA256
0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

SHA512
e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
Filesize
1KB

MD5
13babc4f212ce635d68da544339c962b

SHA1
4881ad2ec8eb2470a7049421047c6d076f48f1de

SHA256
bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

SHA512
40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.dll
Filesize
5.2MB

MD5
85b0dcb64053e35280477d88e1e05505

SHA1
70ebc4da4ac422bb47c1c49114d935d01848436b

SHA256
0c11716983653fef7d0f403c31429d9730c3c182eecc2e518ab98b4de6dd6730

SHA512
2f79e49f093fd0aaef79cbda75924ddec34a8172182a5cb7ddcde5227897f46e9e55dccf310779918afd1144f2af9a003d58939b5e631ecda147c81b95ad4d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe
Filesize
85KB

MD5
5e1bc1ad542dc2295d546d25142d9629

SHA1
dd697d1faceee724b5b6ae746116e228fe202d98

SHA256
9cc1a5b9fd49158f5cca4b28475a518cb60330e0cad98539d2a56d9930bdf9f9

SHA512
dc9dbecec37e47dd756cd00517f1bfe5b27832bd43c77f365defc649922cb7967eb7e5de76d79478b6ebfd99a1cc2e7e6b5119a05a42fd51a1c091b6f00f2456

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
Filesize
522KB

MD5
e31f5136d91bad0fcbce053aac798a30

SHA1
ee785d2546aec4803bcae08cdebfd5d168c42337

SHA256
ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

SHA512
a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\runtimes\win-x64\native\WebView2Loader.dll
Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dll
Filesize
99KB

MD5
7a2b8cfcd543f6e4ebca43162b67d610

SHA1
c1c45a326249bf0ccd2be2fbd412f1a62fb67024

SHA256
7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

SHA512
e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
Filesize
113KB

MD5
75365924730b0b2c1a6ee9028ef07685

SHA1
a10687c37deb2ce5422140b541a64ac15534250f

SHA256
945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

SHA512
c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

Download Submit
C:\Users\Admin\Downloads\SolaraBootstrapper.exe
Filesize
12KB

MD5
06f13f50c4580846567a644eb03a11f2

SHA1
39ee712b6dfc5a29a9c641d92c7467a2c4445984

SHA256
0636e8f9816b17d7cff26ef5d280ce1c1aae992cda8165c6f4574029258a08a9

SHA512
f5166a295bb0960e59c176eefa89c341563fdf0eec23a45576e0ee5bf7e8271cc35eb9dd56b11d9c0bbe789f2eac112643108c46be3341fa332cfcf39b4a90b9

Download Submit
\??\pipe\LOCAL\crashpad_2980_UYNASOVAWGEXQRQV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1464-1753-0x00000245C98F0000-0x00000245C990A000-memory.dmp

Filesize
104KB

Download
memory/1464-1760-0x00000245CB5B0000-0x00000245CB5BE000-memory.dmp

Filesize
56KB

Download
memory/1464-1758-0x00000245E4190000-0x00000245E420E000-memory.dmp

Filesize
504KB

Download
memory/1464-1756-0x00000245E40D0000-0x00000245E418A000-memory.dmp

Filesize
744KB

Download
memory/1464-1755-0x00000245E4460000-0x00000245E499C000-memory.dmp

Filesize
5.2MB

Download
memory/1464-1791-0x0000000180000000-0x0000000180C2E000-memory.dmp

Filesize
12.2MB

Download
memory/5116-278-0x0000000000BC0000-0x0000000000BCA000-memory.dmp

Filesize
40KB

Download
memory/5116-281-0x0000000005E40000-0x0000000005E52000-memory.dmp

Filesize
72KB

Download
memory/5116-279-0x0000000001430000-0x000000000143A000-memory.dmp

Filesize
40KB

Download