3e4f692506d372bebc12d344c5f1543b67fa1dbe095c910aab78456510d7fe66

Analysis

max time kernel
148s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SolaraBootstrapper.exe
Size

12KB
MD5

74494703e5f44eeb9aa037f0f50bf682
SHA1

fcfd8813e63cd61c5bfd2db605827fb9070fe8e9
SHA256

3e4f692506d372bebc12d344c5f1543b67fa1dbe095c910aab78456510d7fe66
SHA512

dbd2a8d928c797c70c4286d8ebabe202902445ed60e94eeccf33c7e3d794c7e362139187dcd1a57a4919503c1c791cfbe38f6f6eff454248382b3c4e023791fe
SSDEEP

192:WrnDHbLupIapaLPr/XKnxxTc1l6VXtrNjA:WrnzHUIapazzKxm1cVdZj

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

XcHvYYrNa.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ XcHvYYrNa.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	XcHvYYrNa.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

XcHvYYrNa.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	XcHvYYrNa.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	XcHvYYrNa.exe

Executes dropped EXE 1 IoCs

Processes:

XcHvYYrNa.exe

pid process

2656 XcHvYYrNa.exe
Loads dropped DLL 5 IoCs

Processes:

XcHvYYrNa.exe

pid process

2656 XcHvYYrNa.exe
2656 XcHvYYrNa.exe
2656 XcHvYYrNa.exe
2656 XcHvYYrNa.exe
2656 XcHvYYrNa.exe

pid	process
2656	XcHvYYrNa.exe

pid	process
2656	XcHvYYrNa.exe
2656	XcHvYYrNa.exe
2656	XcHvYYrNa.exe
2656	XcHvYYrNa.exe
2656	XcHvYYrNa.exe

Themida packer 9 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.dll	themida
behavioral1/memory/2656-1908-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/2656-1909-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/2656-1910-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/2656-1911-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/2656-2046-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/2656-2107-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/2656-2233-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/2656-2235-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

XcHvYYrNa.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA XcHvYYrNa.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service
T1102

Processes:

flow ioc

1 raw.githubusercontent.com
3 raw.githubusercontent.com
4 raw.githubusercontent.com
5 raw.githubusercontent.com
33 raw.githubusercontent.com
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

XcHvYYrNa.exe

pid process

2656 XcHvYYrNa.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	XcHvYYrNa.exe

flow	ioc
1	raw.githubusercontent.com
3	raw.githubusercontent.com
4	raw.githubusercontent.com
5	raw.githubusercontent.com
33	raw.githubusercontent.com

pid	process
2656	XcHvYYrNa.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedgewebview2.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedgewebview2.exemsedgewebview2.exemsedgewebview2.exe

pid	process
3504	msedgewebview2.exe
3504	msedgewebview2.exe
1488	msedgewebview2.exe
1488	msedgewebview2.exe
3020	msedgewebview2.exe
3020	msedgewebview2.exe
3020	msedgewebview2.exe
3020	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

Processes:

msedgewebview2.exe

pid process

224 msedgewebview2.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

SolaraBootstrapper.exe

description pid process

Token: SeDebugPrivilege 696 SolaraBootstrapper.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

msedgewebview2.exe

pid process

224 msedgewebview2.exe

pid	process
224	msedgewebview2.exe

description	pid	process
Token: SeDebugPrivilege	696	SolaraBootstrapper.exe

pid	process
224	msedgewebview2.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SolaraBootstrapper.exeXcHvYYrNa.exemsedgewebview2.exe

description	pid	process	target process
PID 696 wrote to memory of 2656	696	SolaraBootstrapper.exe	XcHvYYrNa.exe
PID 696 wrote to memory of 2656	696	SolaraBootstrapper.exe	XcHvYYrNa.exe
PID 2656 wrote to memory of 224	2656	XcHvYYrNa.exe	msedgewebview2.exe
PID 2656 wrote to memory of 224	2656	XcHvYYrNa.exe	msedgewebview2.exe
PID 224 wrote to memory of 3800	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3800	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 2236	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3504	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3504	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3064	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3064	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3064	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3064	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3064	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3064	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3064	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3064	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3064	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3064	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3064	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3064	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3064	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3064	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3064	224	msedgewebview2.exe	msedgewebview2.exe
PID 224 wrote to memory of 3064	224	msedgewebview2.exe	msedgewebview2.exe

C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:696

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe"
2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2656

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=2656.2828.4547036297704047443
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:224

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x118,0x7ff848043cb8,0x7ff848043cc8,0x7ff848043cd8
4⤵
PID:3800

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1876,17410541301120801192,3103635388697903794,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
4⤵
PID:2236

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,17410541301120801192,3103635388697903794,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2184 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:3504

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,17410541301120801192,3103635388697903794,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2492 /prefetch:8
4⤵
PID:3064

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1876,17410541301120801192,3103635388697903794,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
4⤵
PID:2528

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,17410541301120801192,3103635388697903794,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4676 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:1488

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1876,17410541301120801192,3103635388697903794,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4812 /prefetch:8
4⤵
PID:3704

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1876,17410541301120801192,3103635388697903794,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1688 /prefetch:8
4⤵
PID:4768

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1876,17410541301120801192,3103635388697903794,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1660 /prefetch:2
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:3020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
Filesize
488KB

MD5
851fee9a41856b588847cf8272645f58

SHA1
ee185a1ff257c86eb19d30a191bf0695d5ac72a1

SHA256
5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

SHA512
cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
Filesize
43KB

MD5
34ec990ed346ec6a4f14841b12280c20

SHA1
6587164274a1ae7f47bdb9d71d066b83241576f0

SHA256
1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

SHA512
b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
Filesize
139B

MD5
d0104f79f0b4f03bbcd3b287fa04cf8c

SHA1
54f9d7adf8943cb07f821435bb269eb4ba40ccc2

SHA256
997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

SHA512
daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
Filesize
43B

MD5
c28b0fe9be6e306cc2ad30fe00e3db10

SHA1
af79c81bd61c9a937fca18425dd84cdf8317c8b9

SHA256
0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

SHA512
e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
Filesize
1KB

MD5
13babc4f212ce635d68da544339c962b

SHA1
4881ad2ec8eb2470a7049421047c6d076f48f1de

SHA256
bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

SHA512
40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\index.html
Filesize
20KB

MD5
08d9ac1e35385587b0c3c8a73ea97234

SHA1
d1db15b5e97152be999339d90630f68ed06a6b78

SHA256
016cadaa9a8494b15efea920a5ea9c02b441e90dbc7c444e73db3b307f93a741

SHA512
8061a5a92f828642ea2fcb319571efa406ed67a75b4d4da1aeb3da96391a72fcde670e3e52efef62d37ddc17f7eca5afa0d35aa02bfd1bcadd8e86240cb802a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\loader.js
Filesize
27KB

MD5
8a3086f6c6298f986bda09080dd003b1

SHA1
8c7d41c586bfa015fb5cc50a2fdc547711b57c3c

SHA256
0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9

SHA512
9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll
Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.dll
Filesize
4.2MB

MD5
114498719219c2427758b1ad9a11a991

SHA1
742896c8ec63ddbf15bab5c1011eff512b9af722

SHA256
913059869dca00dfa49bcf2691b384eb9804739d9148e3671cf1d6b89c828c42

SHA512
4f36ea0c5e8af8087ecf92fa49e157dcc94a1cc68563fc97b3fe026b92c0abdbe640bf347c24a666f59b60380367f85daab1a15e2c4902921e63e1b741c01452

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe
Filesize
85KB

MD5
5e1bc1ad542dc2295d546d25142d9629

SHA1
dd697d1faceee724b5b6ae746116e228fe202d98

SHA256
9cc1a5b9fd49158f5cca4b28475a518cb60330e0cad98539d2a56d9930bdf9f9

SHA512
dc9dbecec37e47dd756cd00517f1bfe5b27832bd43c77f365defc649922cb7967eb7e5de76d79478b6ebfd99a1cc2e7e6b5119a05a42fd51a1c091b6f00f2456

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\BrowserMetrics-spare.pma
Filesize
1.2MB

MD5
eddfd9a79d51f0b0eae2b8238903fb8b

SHA1
8b38c6949b221d18e9b0698e25edd015d1d990c7

SHA256
44ef0cd42224d2be4bd904b51dfcc2d2c3d128232d8857c0aabec4762931686f

SHA512
447ffb640ae156fbeef1a6138b9f46d6bfcc695372092b9668a47998649201ba8ed6b24690f7afd30cc8bcfa6ba93d25e6000534d61d61e0adcdd8507dd36418

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\CertificateRevocation\6498.2023.8.1\manifest.fingerprint
Filesize
66B

MD5
33fc4bf1927352bc1845acdde3a6ba63

SHA1
63ac2f004ac10198e729e9ccf55f6ac4f7f3c622

SHA256
4ed04e713c9d8f5d80e83645b62f1be84ec0516d37f339b3d443d8f792dea113

SHA512
7e38e264713750baf58dd9ad779885a7aae5a6fcb825eaa44b3cf814dd09cd0bf8f95b5ab5db600d19a64b02ec2155b4c9a3bc2a86e9b18eece8b3100e8c2ff1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\CertificateRevocation\6498.2023.8.1\manifest.json
Filesize
113B

MD5
b6911958067e8d96526537faed1bb9ef

SHA1
a47b5be4fe5bc13948f891d8f92917e3a11ebb6e

SHA256
341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648

SHA512
62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize
152B

MD5
b53a9cb3b2c766da7d24df2a2b90259f

SHA1
4cd6bccda82ab82a2e2542e20944bef8399e1ff2

SHA256
8fe6c8b6ec04333a0ed34f86cd6f6ebfa92f204b82cfb14646d2d2df50a3b8fa

SHA512
68d0c19e8410acda03c3d61bd19fcc3a722ec7bb3530e69b038f5ea1188a242310ada07848d4abc1643d8d13c77bb7798f2d587716defad97b2810cdae0bd361

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize
152B

MD5
dd693ea31585305739574038085ea2da

SHA1
4754d43d1308c39b0e0e19310231b1db63fdeb36

SHA256
f643bf8ecf9ff21ee11826991ed1a6423027fde6eb8708df6d9e918853a9d65d

SHA512
867b288b8ac3d012993d28cc7f82fe1f6cdca725a6cc5e1c1979eceb16c95821c6c117829bcc4e2ca8c1804c5b5d40543018cfb9875ef430b1a795508c457b3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize
152B

MD5
1fc177142289f1f4e9525a59996363b1

SHA1
f8fc2bb6f3ecf540f92cee761256aea38155f330

SHA256
927253fb1fc5e939f81447b6c5dd60610cbce5ce585903be7ce6f7bafeb1258f

SHA512
962eeea780c8892fbeb4d6a8dfce6779e3ff77e39ca440e09597585fe9c31210269a9003e777e4ce2e7c95b3791739c5fb901d13d6e359906115239ed45604b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Crashpad\throttle_store.dat
Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
b204a104d000ec8c525839510d805a54

SHA1
142ad06632aeef4e925d46506bbec47016f9d4d9

SHA256
a8d3bb73121b22fbd84ca2c12e0dd8aee7821a5ced9ee288143c0317a1e39360

SHA512
3c93013a88afd14e3ad1cea0d9ad4436306285acc3780c4949de17b49e36045aac3e747657a0225f271599bfa63fdcfb5965e3cec43743078b343d9c654dba29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Extension State\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Favicons
Filesize
20KB

MD5
f56e431b1d09b7ee9076ac27c118cd1e

SHA1
fd00bdd050f91f04e12091c5786438f7f9b0b28f

SHA256
0db6438854d1086c869c9bda01877547517cd155cc8336dc1838abe3458b4bf6

SHA512
54f7b298f2f7447fa071f58bdb1bb80acbdb1c0de4ea46760d391427649b8f255f040c650ab758700289ad5b35096ef8192eff77c4e3c47d72713148a4ad3714

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\GPUCache\index
Filesize
256KB

MD5
7a7258e041c0082961d81507159150fe

SHA1
f4b0733e693c98e19ead601547476dec87cd2209

SHA256
643179ae569b7dda04b028d57538068780e091419850b787e0f24b6281dd4f32

SHA512
2e4dd47cd06e2eeffcaa7882357062d2b319bde86186f3e02cff85af165c29851d8a189eeb7b4acbb4842b735595676557f98b8236297432dcaf75ed61daa4dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\History
Filesize
164KB

MD5
839f896db66463e5421c78159fb9d2c5

SHA1
2e95047afa9298384890bdb6a86f69057d3d8040

SHA256
14d19bd67c4d04e46f65a8411cac9c85e08f54019b1ac96c8b91eab814f723a9

SHA512
f58878ce48e6226fc5e651b404d54c9671f860dde7aac37d5a13495ba6060d7d0f8971447833e0835fd90d5c738df7d1d3348b532a14ef136f23b16f277cc77b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Local Storage\leveldb\LOG
Filesize
381B

MD5
594c971bc3d099ec65d6c5d24043e260

SHA1
c4ff92432425b86d52d964f710ed88e398a39826

SHA256
f08ce00721ebd67fa7b2e7e3b8a831c70802d52ca8f859fdcad4eee629563167

SHA512
d7ad689834fcb566482e060e5cbf3fd8154b0c6be70e1362ac7e4af50a367a139305122e7b285d020746564d3552ed2cd28535d4c545fff1f133607512555175

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Local Storage\leveldb\LOG.old
Filesize
343B

MD5
968fdec5a3c1cac6b56a8081595dee57

SHA1
2d04804a8051fae94c9eeef0a421b0c386486c9a

SHA256
1664d59c898ae0e89ca11a7486ad7d08780fe6c4e9349b017b2362d472c2f37e

SHA512
8543f97d22ac4efc225a8577dc4ba7caa279d8bb1afa2a1f3a5f35a7c58e910721cad3deb5441116b5c9266915d245e716c9e21cc1d3e523ab78ccd19b77b6c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Login Data
Filesize
42KB

MD5
5cdbe5fe7b39e0617a15efa1daca1f6b

SHA1
eace7b5e04c4d3fcb5a48baf00a9f1aa41ff7e13

SHA256
ee6731dd6cdae816e48422f6f77482460ec71446d7450e7d9c363bc4f76a0842

SHA512
8e85f436537d2a15fdbb1199af7f1df7eed3f31a9b8b1c2e299bfd6bb9c511279eace1dac6a3edb62b7be458d68e4c24e82e466dc2095bff5f6cfa8d844e6e42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Network Persistent State
Filesize
935B

MD5
b705ce32186842aa7473e7cef922af2a

SHA1
232b81c2bec4f23067d78bfb22eb384b6107fe48

SHA256
6cd52cc936f01b82ba414f7d3fb4a5865a135c1b8282d35504c3a4ed50deb272

SHA512
cddd7f02feed9da77ac20da0a5a648eb524c4fe5ca0f9564aa65f9a992a37c51c754f4d6d39273ea592f71336879f8334b5a0dfa81dd1fb428b9f025610b5eaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Network Persistent State~RFe586a2f.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Preferences
Filesize
7KB

MD5
9750eae0482546759642068a56c3d763

SHA1
6e177c1459a6083630ebc2b69cd5551c83cdb31b

SHA256
ffb352c8abadc7a2842527cabb9ae7cdb1f625fcf65988e361294b39eacd14b9

SHA512
e5791f5e99265d42ff0086c77c1641957a8a128dcfb22f9e71e0bb1578fa8a9d81d52054eca35745fe1c90db6e4d09f841032d97cefef98455c0841582b800d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Preferences
Filesize
8KB

MD5
c7f71754d93b42e912917510fe944610

SHA1
af92021d429ce8879bae299194ac8a38a7bf7f3d

SHA256
2249df8b6c9b56d667b6ee719bf85a8168714ad3c083fb1617692bc69aa2e226

SHA512
1b716347d72024d337796c7cbed0048d5e96a48c30f47d928d35b6a5b16427df0f4224d93c51ac03446b846dda283b37f3011b0cf1330fdea382367cc773a0fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Secure Preferences
Filesize
6KB

MD5
5acee47fedc491bb4ce27a9bca3a5114

SHA1
330af470fd342e369b11610455740beebdf224aa

SHA256
701ea0da2428f1b4398ae03341a1f2f84d46cb01153df3cd9dfb8a7513a0c3d9

SHA512
7d2e62f06442ad1fceba1d8c103d1006eb4b0c6061fdf03f096eba27c2d2d3e7b3473f18e55882a412fa13731609a25d741420413f0ad2958d2ad667a97fea9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Secure Preferences
Filesize
6KB

MD5
1acb345105cb0a74abb77bcaafdf8607

SHA1
0a42d4b6314f3d226153e40a7a08c107b0573925

SHA256
cd0a7c6bb7f4a21db325e26ca4e37d76f5da3f72ea9b5a0f949f1631de9573e3

SHA512
751a44a78888f0b7b584cc02ee4e81f4e5e5e8e6d83ed4cf0f821619d8fe24f412bc386ace9b65c5bfba03244ddb5551bc83f19697f948dd55c42cfc0de1b5b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Site Characteristics Database\000003.log
Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Site Characteristics Database\LOG
Filesize
400B

MD5
de97293873787743b952e2a339b41268

SHA1
edbd2d35a7cf84b24518892ba3adcbeaa427255d

SHA256
a315443b073f5bc7484ca4ba612de9a4b4243b14e20ac33058143cec3016bda5

SHA512
4add13d0ea5efa7eb4c5724656dfa81714bbd28b32bead16e74dfc2464a4a77e680a65b46f047d594d3a52cdd9c5c7ee4d3c7f9b1a83e5b05ed1bc44cbc2329f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Site Characteristics Database\LOG.old
Filesize
359B

MD5
477a0b0590dc7a632935543405533317

SHA1
7490cf78dc0733e382df61948a1a51f648e024b4

SHA256
3db6ec9362c109c7bde17c580ff20e9ebe8bb9b3da87fea88b460d88bf57f7b8

SHA512
3eef260fd3d6b1b6f8dc6691e8c8ebbe710dd463d24a399eb950307e0702fde566f59eb025d6e7cd6ca501946a036e9fba087399a9e6c91a626b934bbeb837dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\000003.log
Filesize
46B

MD5
90881c9c26f29fca29815a08ba858544

SHA1
06fee974987b91d82c2839a4bb12991fa99e1bdd

SHA256
a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a

SHA512
15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\LOG
Filesize
376B

MD5
edab9de6a31417d8e220c35f6f7d55ef

SHA1
cc481322fa8352538bfc646461dc49be03b6c7dd

SHA256
60138b9870208b6f743973b0608112a48b1f13216359d42421cbe77988c3e2c7

SHA512
a01d6fc253190d85c2392a055887d4c1f50261083d950ce33ec9b9ae77ee3e3c020633d9a09f9e4e17a4fc5e7edaecbcd9201d137730db593a2698b60e915458

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\LOG.old
Filesize
335B

MD5
e5917b68dc2900bb307ddb54d4b515c6

SHA1
63eb21e162bdbdb46d6da7bd1f5207f28dc793b7

SHA256
ff703be1250cfb7825f1df4fab4877f757cce971dec797dc870d9b7c924297dd

SHA512
5f7aec774914aedb5fdf028a98c56ff22397bc7f4b5ab7e44b69f3566a7f67c854fbfc064b9e8fd216ac41cc7951e2ef860c7a0988ae6a31c0fb5f3c4a9d09fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Top Sites
Filesize
20KB

MD5
3e18f6a36b53ca0b2567e692a305fd71

SHA1
c745c041f98e49bf3b738cbe55bfb461811ae1a6

SHA256
9484455a6af32c6b038c17221666c00e3dd0ddce4ba3bdcd93d3b8618af0e9f0

SHA512
6006fc6d36c50be687970165b5c3967a5682ca140f76db8d12c87e6c624b1ab294cfb42cc0238f17670ae70d50bc83212828b23d75d722465760d801c957bb9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Visited Links
Filesize
128KB

MD5
7cde308e5674cf63befb362fa3c259c7

SHA1
eba8e24b26f2c79ddc661bbfe8d76f03e35a55cf

SHA256
f37346293637f0637d4974d7dbfc746c648073f92ec185b65bd5c429bdb2b34e

SHA512
6fbb089ce8145276beebf86258066dfa02ce0d52a1c87303d05fddd6683f72133fd0285ddd6d40a519d4659aa76bc4677a713783dbfd0f244fd3052985be6b05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Web Data
Filesize
218KB

MD5
b25e478bf9c16b2aeff527cdc5a8118b

SHA1
71cfca2372d51273795f8a15251caf1091731b80

SHA256
49e7938adf25e8a6c1d0f5050744baa58597bdb895bd7d3d8eefa52e5eab4a72

SHA512
0c96c4189002e841d11acd42e998c70d9229df0aa4897f9bc1f62f42e67762b100fdfc3f8c29df318248bfa35a48d8a9b394bd6ae9da1479876098d55601b09d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\old_Cache_000\Cache_Data\data_0
Filesize
44KB

MD5
c345b1c9e2619dc5ee069e69a143173a

SHA1
517728010d8419b3975022920abb1c92c7d56b7b

SHA256
2aeb13567d7f0394cfdafa966f4b9cc04a71486f9d88baea03b4d6963a68fd12

SHA512
c616289353988cdb07687c5e6d9bd3b5abf64231f31e2f51419c8acf34fdb1a59a63df0aa2de90a96b7021911e44d55d1f6ce05f2f727dd97a44540cb68e5f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\old_Cache_000\Cache_Data\data_1
Filesize
264KB

MD5
a8bb6777e1df5599a2b0235d5f942bce

SHA1
652a90e969e5b574b8a6ef6cfdf8104c703e6bf4

SHA256
8f63caeeaa8cf99fdcf9065d24408bdf4cecc1d5a018da5e772f2aae5e5b3ccf

SHA512
387dd3c02ba985ebf580c07d53fd104f933e2fbe9e07188e92136b9f4d6295311037a06bec5ebeef25f2dc15028a0f41467a97fe28d599625624a09063bc1be5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_1
Filesize
264KB

MD5
17bd7672040db656308d76d6e66a3095

SHA1
8ed1945d141244a8807a94d78f9150f4a311a31f

SHA256
73c89191d5808f65ddf660bff7827dd0aaa68747418749c5f2835bb824a0e665

SHA512
c3c8fdb9212f7187715454a64f4888f8cbe4805b8d0f754875fc11d623df27976c62eb58c64f35399d6e63d3094262ab9169c0255653d177feced62d8d6aa0b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Last Version
Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Local State
Filesize
19KB

MD5
b14435a06a3006f7ff0f4065288b8daa

SHA1
f69dc497da1da8fab25c90401b45b8732380bd7e

SHA256
107744a3f703dbe52b177ff03437d6b5a8f19b876e1a4c6e70a22d270be217c1

SHA512
a712063c930972fd7612749e714a321c5add4af1d41e2385eb2d5dbc95fcb9d1d04cdb9ffd79200cb4b946f414371a2c7f5c4f12e7d843bce65f411aadc1a75a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Local State
Filesize
22KB

MD5
c1a288320da044b6318ba6faab581bf3

SHA1
9976f9de143dc21e56a20dcdbfdc1aa45bd5d4f5

SHA256
4aba83c107bdcd64e0801c8aa08c4ddd70a330ef76806402f23b39412f97bcd8

SHA512
ee5a01f73799118b6bd3a191c17c0c6a2ffeaec2363bed6bcc569b3b003c1d29188b8db411944668a664662edb5504daa439c0598e0ea8b884cd822a1be227ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Local State
Filesize
23KB

MD5
1d3b1ffc820f709eba43ae2158238ae9

SHA1
e83935dc4a58663b3f2e45f5529e4e25d57ba4a4

SHA256
2c36025c63addf0821c1818963addf377e04ff8f1bb1b138c9238ce8eb72cc7a

SHA512
88b8e86a4eac74094e84f275cc14eff81bfbc3d68f0190056b3d389fe4bf1d9014cd33d75dabddb17537ba46fe345934e6ca294397c32c9bfa66e83a592cff0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\OriginTrials\0.0.1.4\manifest.fingerprint
Filesize
66B

MD5
7ce55ac0d7683657fd051e573ad06e30

SHA1
3bc51fbc6155c4e9d1439587e1c739995054cc52

SHA256
138e2b36e4c8bec8b00180558843355037d7de99c389f46e6183c4fc5a34c790

SHA512
f269c5c2ee53ed836bfd1b928b40e1ddb2aaea00e5585c85fecfcb1add71130d4ecfe91d2f2527934ac472c8b432d3475ca02b8f808e7e6014cd49155529d9a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\OriginTrials\0.0.1.4\manifest.json
Filesize
43B

MD5
55cf847309615667a4165f3796268958

SHA1
097d7d123cb0658c6de187e42c653ad7d5bbf527

SHA256
54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877

SHA512
53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Speech Recognition\1.15.0.1\Microsoft.CognitiveServices.Speech.core.dll
Filesize
2.6MB

MD5
0ee2b50c85a110689352fccfa77b5b18

SHA1
d9ecc4b12d2d50e3cbce40e75edad804c9988b25

SHA256
62a13d8459e0992c311dc3551bf3c2d1ce167ea7fa40f0ec62193f3bd760b36e

SHA512
a4f94a05a69b5ae3a0ecf8bdb7592f698d0df81e2f1fae679f38890ad04a2384883837bc792c73848955ff4af7afed49d38839f7ab174454e61919ed78655bff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Speech Recognition\1.15.0.1\manifest.fingerprint
Filesize
66B

MD5
5bbd09242392aacbb5fac763f9e3bd4e

SHA1
14bb7b23b459ce30193742ed1901a17b4dcf9645

SHA256
22b55f5d9b1bafb80e00c1304cf5e0d6057a304a2e8757b4f021b416f4397297

SHA512
541e4c7998e91a5113f627c2c44e32b54878fe225b3b9476572f025f51f2b4ec4a44b102498adcc22b8fe388970645bacfafb6e7fc8a216df4d7bbfc8b0ff670

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Speech Recognition\1.15.0.1\manifest.json
Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Subresource Filter\Indexed Rules\28\scoped_dir224_1658951697\LICENSE
Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\manifest.fingerprint
Filesize
66B

MD5
88ee70021dc7963e80800e95e2d84685

SHA1
faf1a82055b22ff87579413bf88ae61ff908f815

SHA256
4fddeb8ba4bd8533e08121c1fe7c6c976332f2d0d3b9347cdd636e4cf6520580

SHA512
83c9079f58b46fa0806ea1d26988adf410f76853609109ce936a6a4f734a808e42186da8e909c04928899f5b75ff1e5d0fb477ebf1aa5c06b191ff8589047efb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\manifest.json
Filesize
116B

MD5
178174a0125d4ff3ed5211426f1ea113

SHA1
26f72c5a2f65c767c4edb04d8da62bdadc02e809

SHA256
64986dfeefa8855069e799b28e5523b35c9efcf2ea152a2b03461471c218da1f

SHA512
c0d1d9555f4cd7e9a4b0ee5fc1b069782638ba1680d18ba9c83f796746086b6afdf1400c80b7f586422c3a2a73e51bd04fb250e2db818ef723cb4f7a8b3b15a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
Filesize
522KB

MD5
e31f5136d91bad0fcbce053aac798a30

SHA1
ee785d2546aec4803bcae08cdebfd5d168c42337

SHA256
ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

SHA512
a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dll
Filesize
99KB

MD5
7a2b8cfcd543f6e4ebca43162b67d610

SHA1
c1c45a326249bf0ccd2be2fbd412f1a62fb67024

SHA256
7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

SHA512
e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
Filesize
113KB

MD5
75365924730b0b2c1a6ee9028ef07685

SHA1
a10687c37deb2ce5422140b541a64ac15534250f

SHA256
945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

SHA512
c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

Download Submit
memory/696-0-0x0000000074ADE000-0x0000000074ADF000-memory.dmp

Filesize
4KB

Download
memory/696-1888-0x0000000074AD0000-0x0000000075281000-memory.dmp

Filesize
7.7MB

Download
memory/696-1-0x0000000000570000-0x000000000057A000-memory.dmp

Filesize
40KB

Download
memory/696-2-0x00000000010A0000-0x00000000010AA000-memory.dmp

Filesize
40KB

Download
memory/696-3-0x0000000074AD0000-0x0000000075281000-memory.dmp

Filesize
7.7MB

Download
memory/696-5-0x0000000005A50000-0x0000000005A62000-memory.dmp

Filesize
72KB

Download
memory/2236-1934-0x00007FF86EB50000-0x00007FF86EB51000-memory.dmp

Filesize
4KB

Download
memory/2656-2046-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/2656-1891-0x000002A9B1D90000-0x000002A9B22CC000-memory.dmp

Filesize
5.2MB

Download
memory/2656-1896-0x000002A999160000-0x000002A99916E000-memory.dmp

Filesize
56KB

Download
memory/2656-1900-0x00007FF84E880000-0x00007FF84F342000-memory.dmp

Filesize
10.8MB

Download
memory/2656-1892-0x000002A9B1A00000-0x000002A9B1ABA000-memory.dmp

Filesize
744KB

Download
memory/2656-1913-0x000002A9B56B0000-0x000002A9B56E8000-memory.dmp

Filesize
224KB

Download
memory/2656-1914-0x000002A9B5680000-0x000002A9B568E000-memory.dmp

Filesize
56KB

Download
memory/2656-2047-0x00007FF860680000-0x00007FF8606A4000-memory.dmp

Filesize
144KB

Download
memory/2656-1886-0x00007FF84E883000-0x00007FF84E885000-memory.dmp

Filesize
8KB

Download
memory/2656-1912-0x000002A9B50C0000-0x000002A9B50C8000-memory.dmp

Filesize
32KB

Download
memory/2656-1911-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/2656-1894-0x000002A9B1AC0000-0x000002A9B1B3E000-memory.dmp

Filesize
504KB

Download
memory/2656-1910-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/2656-1909-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/2656-2091-0x00007FF84E883000-0x00007FF84E885000-memory.dmp

Filesize
8KB

Download
memory/2656-2094-0x00007FF84E880000-0x00007FF84F342000-memory.dmp

Filesize
10.8MB

Download
memory/2656-1908-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/2656-2104-0x00007FF84E880000-0x00007FF84F342000-memory.dmp

Filesize
10.8MB

Download
memory/2656-2107-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/2656-1890-0x00007FF84E880000-0x00007FF84F342000-memory.dmp

Filesize
10.8MB

Download
memory/2656-1887-0x000002A997210000-0x000002A99722A000-memory.dmp

Filesize
104KB

Download
memory/2656-2233-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/2656-2235-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download