Analysis
-
max time kernel
83s -
max time network
80s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
21-05-2024 20:30
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/quivings/Solara/blob/main/Files/SolaraBootstrapper.exe
Resource
win10v2004-20240426-en
General
-
Target
https://github.com/quivings/Solara/blob/main/Files/SolaraBootstrapper.exe
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
SolaraBootstrapper.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation SolaraBootstrapper.exe -
Executes dropped EXE 2 IoCs
Processes:
SolaraBootstrapper.exeXcHvYYrNa.exepid process 5116 SolaraBootstrapper.exe 1464 XcHvYYrNa.exe -
Loads dropped DLL 6 IoCs
Processes:
XcHvYYrNa.exepid process 1464 XcHvYYrNa.exe 1464 XcHvYYrNa.exe 1464 XcHvYYrNa.exe 1464 XcHvYYrNa.exe 1464 XcHvYYrNa.exe 1464 XcHvYYrNa.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.dll themida behavioral1/memory/1464-1791-0x0000000180000000-0x0000000180C2E000-memory.dmp themida -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
Processes:
flow ioc 68 raw.githubusercontent.com 69 raw.githubusercontent.com 94 raw.githubusercontent.com 95 raw.githubusercontent.com -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 800600.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2948 msedge.exe 2948 msedge.exe 2980 msedge.exe 2980 msedge.exe 4568 identity_helper.exe 4568 identity_helper.exe 4688 msedge.exe 4688 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
SolaraBootstrapper.exedescription pid process Token: SeDebugPrivilege 5116 SolaraBootstrapper.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
Processes:
msedge.exepid process 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe 2980 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2980 wrote to memory of 3996 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 3996 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 4984 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2948 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2948 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe PID 2980 wrote to memory of 2416 2980 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/quivings/Solara/blob/main/Files/SolaraBootstrapper.exe1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1ec946f8,0x7ffa1ec94708,0x7ffa1ec947182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5864 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6352 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,8745860903591626378,13460441645741331911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\SolaraBootstrapper.exe"C:\Users\Admin\Downloads\SolaraBootstrapper.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5e655c0376981ea6fa4691136a0259660
SHA168ee3fcc7276f4261594c3b7dd69bdbee4130416
SHA2566d866310d73d5f99505495072f7efa9f62d1a0ad37d20b01c3ab72d153fae158
SHA512dda1f691673c21a0177f0773afb35326011b2ab2444c231e18452eb806a2785341ca0454ac64bfcdfc6e30cb1e0a968aa23090e2dbf0717b8c8525f44e3aeb7d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
579B
MD5454e7cd4fbb0751ffa354ec86870a258
SHA1716d6739a2a278446c3e9c16cb72d996d042bc89
SHA2569cbad050449dd86a473ca97a90c4b4f6076f3174f52ae515de52cb4793f3d5ca
SHA51283e6e36c576ef32a555d6a6e3ed9fe4ad51d7681bbfcc6421c29b15cadb0bcc918e4a9d6388ca0e1a1ca750830164ef64ca8015d07a0a2b8ec81fb17c5bc6f87
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD508aa3b784d23bf678181c23ec65e751a
SHA1ef9948a21af283a9ff516b187c6fa704ff495385
SHA256b0d7e5cf0c3ee88516ae274fb774ab3d81f185e9103c1f01e4d3caf130f7bf1a
SHA512187f7b082d470205aacff62cf6dc6d0b1e3eae0948c6b4d0c691b3fd49ba69c2431afffed9a165c8ca0db26bf71451c94964e13dd7cb21c8a68ea0da6a43914f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD56e743e4721ae3b74be555f229cdf7724
SHA195f9e895e07a6e3a706e2ba153521f46e5eb5c29
SHA256e174500f55254118900d9fc639f103fba25a821546db100684eca6dd6aaa784c
SHA5123ca8950686be79a97f535bd8b22b57656e2eb1173ca3dfe429e2cebbfe4f4f089f8683b3b3a97535d93acbab6b0813a4205397b1b48289dc92f4a24499c59228
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5468b5fa0548af7c89a7eff67b6eeccb9
SHA1b2e31b1c2c70a023e34e1bc808e251c8e180bfc0
SHA2564c88e2f34d42b76696efccd4e7b652745994f0bb67a0f9a6aaebd509e6362009
SHA512f4d0444c000ee9fc9629cc0ecc6997875318d948b7b7b7904b3c97ae08e745f4a3a3bace5af20ba539014570d730104d86b07d04584fbd3cecad4c67a1d58b69
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5cd151c6a4ece1a09886311d952a41b4e
SHA1655743533631c2d7b67239d3e7694ebd9c39a92f
SHA256a3599fac5f200024e7654e84c7edb297f7b8bd4c207099639e7597f21aca5be8
SHA5126905d1b35c3f1cdac1fc858dcbce474540f1623d67b11a057e0d3f1cfa217167d1174fa423820266045074bfa0f08dc1fab8fd1ca72b5be4e44047111f8e1759
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b815.TMPFilesize
874B
MD5364e293fb93da548073455e546ca58da
SHA137dd0ecf7ba830c13d482310c8928d42f4bee873
SHA256b0bd3869637492e2b4d36b5fb8674fc7ab7c425c06b325ad4ee9763e8252b7a9
SHA51224abf4f9ae823c883974561a98d311af9cd799896b4f139e5ee82ca5d503f6f0b30f2a1397bc8e6254d6cf599139eee33d38ea6bf18a707f848d4fda4a497e7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD52f4a718cec9a003169182dbc33752430
SHA1d3bdee002e8131d0cc9013bfa7ac9cc92ce2525f
SHA256bfbfef19c28dd0f71f5d1b363bb9e034c4db66213173e0913728d4d74b008619
SHA512a34c18d080db79fb2f8b8e14de863b87f679f6294a7280921f667d10ef72160ff991f8051e4c59581887b9b668133ecbe7edf7d5fc8cb6d4ccc09391769e3279
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5b1d5a02feff9171a90244732649e8663
SHA1ba08af20d0d68f55aa75387782c7407c6452e05b
SHA2569bd771b1ea1c5b24e2068d35e52aee587e9804666c7d64c2078c3f887000b869
SHA51279c1adfbfe814ef2932a23453742ad230823781be310564885d068859544b1210102e1ad49938ec45a4946d0c4720458918cd22972d6e52cf92686f1ef845008
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dllFilesize
488KB
MD5851fee9a41856b588847cf8272645f58
SHA1ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA2565e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dllFilesize
43KB
MD534ec990ed346ec6a4f14841b12280c20
SHA16587164274a1ae7f47bdb9d71d066b83241576f0
SHA2561e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
SHA512b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrcFilesize
139B
MD5d0104f79f0b4f03bbcd3b287fa04cf8c
SHA154f9d7adf8943cb07f821435bb269eb4ba40ccc2
SHA256997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a
SHA512daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrcFilesize
43B
MD5c28b0fe9be6e306cc2ad30fe00e3db10
SHA1af79c81bd61c9a937fca18425dd84cdf8317c8b9
SHA2560694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641
SHA512e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrcFilesize
216B
MD5c2ab942102236f987048d0d84d73d960
SHA195462172699187ac02eaec6074024b26e6d71cff
SHA256948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a
SHA512e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSEFilesize
1KB
MD513babc4f212ce635d68da544339c962b
SHA14881ad2ec8eb2470a7049421047c6d076f48f1de
SHA256bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400
SHA51240e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dllFilesize
5.2MB
MD5aead90ab96e2853f59be27c4ec1e4853
SHA143cdedde26488d3209e17efff9a51e1f944eb35f
SHA25646cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.dllFilesize
5.2MB
MD585b0dcb64053e35280477d88e1e05505
SHA170ebc4da4ac422bb47c1c49114d935d01848436b
SHA2560c11716983653fef7d0f403c31429d9730c3c182eecc2e518ab98b4de6dd6730
SHA5122f79e49f093fd0aaef79cbda75924ddec34a8172182a5cb7ddcde5227897f46e9e55dccf310779918afd1144f2af9a003d58939b5e631ecda147c81b95ad4d64
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exeFilesize
85KB
MD55e1bc1ad542dc2295d546d25142d9629
SHA1dd697d1faceee724b5b6ae746116e228fe202d98
SHA2569cc1a5b9fd49158f5cca4b28475a518cb60330e0cad98539d2a56d9930bdf9f9
SHA512dc9dbecec37e47dd756cd00517f1bfe5b27832bd43c77f365defc649922cb7967eb7e5de76d79478b6ebfd99a1cc2e7e6b5119a05a42fd51a1c091b6f00f2456
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dllFilesize
522KB
MD5e31f5136d91bad0fcbce053aac798a30
SHA1ee785d2546aec4803bcae08cdebfd5d168c42337
SHA256ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
SHA512a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\runtimes\win-x64\native\WebView2Loader.dllFilesize
133KB
MD5a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1dd109ac34beb8289030e4ec0a026297b793f64a3
SHA25679d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA5122a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dllFilesize
99KB
MD57a2b8cfcd543f6e4ebca43162b67d610
SHA1c1c45a326249bf0ccd2be2fbd412f1a62fb67024
SHA2567d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f
SHA512e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dllFilesize
113KB
MD575365924730b0b2c1a6ee9028ef07685
SHA1a10687c37deb2ce5422140b541a64ac15534250f
SHA256945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b
SHA512c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1
-
C:\Users\Admin\Downloads\SolaraBootstrapper.exeFilesize
12KB
MD506f13f50c4580846567a644eb03a11f2
SHA139ee712b6dfc5a29a9c641d92c7467a2c4445984
SHA2560636e8f9816b17d7cff26ef5d280ce1c1aae992cda8165c6f4574029258a08a9
SHA512f5166a295bb0960e59c176eefa89c341563fdf0eec23a45576e0ee5bf7e8271cc35eb9dd56b11d9c0bbe789f2eac112643108c46be3341fa332cfcf39b4a90b9
-
\??\pipe\LOCAL\crashpad_2980_UYNASOVAWGEXQRQVMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1464-1753-0x00000245C98F0000-0x00000245C990A000-memory.dmpFilesize
104KB
-
memory/1464-1760-0x00000245CB5B0000-0x00000245CB5BE000-memory.dmpFilesize
56KB
-
memory/1464-1758-0x00000245E4190000-0x00000245E420E000-memory.dmpFilesize
504KB
-
memory/1464-1756-0x00000245E40D0000-0x00000245E418A000-memory.dmpFilesize
744KB
-
memory/1464-1755-0x00000245E4460000-0x00000245E499C000-memory.dmpFilesize
5.2MB
-
memory/1464-1791-0x0000000180000000-0x0000000180C2E000-memory.dmpFilesize
12.2MB
-
memory/5116-278-0x0000000000BC0000-0x0000000000BCA000-memory.dmpFilesize
40KB
-
memory/5116-281-0x0000000005E40000-0x0000000005E52000-memory.dmpFilesize
72KB
-
memory/5116-279-0x0000000001430000-0x000000000143A000-memory.dmpFilesize
40KB