Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://solaraexecut...

windows10-1703-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24/05/2024, 01:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://solaraexecutor.org

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 5 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 5 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Windows directory 10 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 37 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://solaraexecutor.org"
    1⤵
      PID:4240
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:660
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • NTFS ADS
      PID:3644
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1408
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4984
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:2668
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:1528
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:32
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2264
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        PID:4120
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Solara\" -ad -an -ai#7zMap24041:70:7zEvent24155
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2992
      • C:\Windows\System32\NOTEPAD.EXE
        "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Solara\Launcher.bat
        1⤵
        • Opens file in notepad (likely ransom note)
        PID:2512
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Solara\Launcher.bat" "
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:4416
        • C:\Windows\system32\cacls.exe
          "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
          2⤵
            PID:2820
          • C:\Users\Admin\Desktop\Solara\luajit.exe
            luajit.exe log
            2⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in Windows directory
            • Suspicious use of WriteProcessMemory
            PID:4936
            • C:\Windows\SysWOW64\schtasks.exe
              schtasks /create /sc daily /st 14:21 /f /tn WindowsSetup /tr "C:/Windows/System32/oobe/Setup.exe" /rl highest
              3⤵
              • Creates scheduled task(s)
              PID:4840
            • C:\Windows\SysWOW64\rundll32.exe
              rundll32 "C:\Users\Admin\AppData\Roaming\Lua\bin\lua.dll", init
              3⤵
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:828
              • C:\Windows\system32\rundll32.exe
                rundll32 "C:\Users\Admin\AppData\Roaming\Lua\bin\lua.dll", init
                4⤵
                • Blocklisted process makes network request
                • Loads dropped DLL
                PID:4524
        • C:\Windows\system32\taskmgr.exe
          "C:\Windows\system32\taskmgr.exe" /4
          1⤵
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          • Checks processor information in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:64
        • C:\Users\Admin\Desktop\Solara\luajit.exe
          "C:\Users\Admin\Desktop\Solara\luajit.exe"
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2136
        • C:\Users\Admin\Desktop\Solara\luajit.exe
          "C:\Users\Admin\Desktop\Solara\luajit.exe"
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3076
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:440
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Drops file in Windows directory
          • Modifies registry class
          PID:2784
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
            PID:5088

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
            Filesize

            4KB

            MD5

            1bfe591a4fe3d91b03cdf26eaacd8f89

            SHA1

            719c37c320f518ac168c86723724891950911cea

            SHA256

            9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

            SHA512

            02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C
            Filesize

            281B

            MD5

            2db5345850c203829dc2d4c66b441ac6

            SHA1

            25e5cbaffdfe0456301188b304106baea4750535

            SHA256

            2716710828b2390a73099b978e2ca941a8bce3fdc275fa58d511be7177e150ca

            SHA512

            c36e197ca81a2d9786d822d1058e1817600e82763c2027213ea67abbc0eb1257d48893163550cb6d46205e282c101efdfee9388d1457e30e78dee34e5b1e0ac5

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
            Filesize

            1KB

            MD5

            72d4880bc5c5e75d2c69ea85932f6015

            SHA1

            ac33593f45a034fef778aa22b0b93dd29a6c7366

            SHA256

            7e576ce866607f8e6802355e09db9431853bd6568fc239ff4e3308b4edc06b6d

            SHA512

            ba0976e2b8652d3dc71558e669ab450b793c49a61aa01a1b0b4dfe9a6c8bf0ab065548a314bad955104be5d5ef6948d959569433c40c69b01dd8b3ac09fa36e9

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
            Filesize

            979B

            MD5

            bc90511177a4597118c0cd5572567295

            SHA1

            ab38408b2f638d16ee748aae07dea098071f7aed

            SHA256

            eacd1a0ba09bb02dc47fa6e150be8a7d27ac8d082f33a3549e12be8161765784

            SHA512

            126d34d1095e69c89fff418e21cb72ed71d63977cc30a1202d7c5ebd80b6c4d960db4964ef7d1972a370f561205def244e33628632c44226ad1cb30f6c0dd1f3

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
            Filesize

            471B

            MD5

            5659e00dbd7bda4411457eaa703ef4c8

            SHA1

            f3e9bd022e6a611570dcd8542b20888bb9cfa689

            SHA256

            0d3525fe7d49ebfbc82605b9263a2324d313751ffa007761b6931d2e0d9c15e3

            SHA512

            75f1cb03e382d75f1ab339c594d6aeacfa0704871ed19d055a735a5a9dff96632ba3224bb0130830eeeadce4b41f4246768adfca57a8c9f70eb7d434902f1622

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C
            Filesize

            480B

            MD5

            0540cb99463ed77444255381cf756055

            SHA1

            6c94246ed64ec84c7b51bfdad476973f0a1f4b6d

            SHA256

            ad4aef80d9fa0720df201b90d44ce607bf5cfd96d9e039983f2f8d034a5ce539

            SHA512

            2c559bff548e5fc9d32e13eafad6313d610d40f206daf916157da31f285eef382a69de400bf85eec429ef8148f62c03f2cc27c8971f6667334771d6f30559a8d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
            Filesize

            482B

            MD5

            f496f38dba7d7c9888ff5bef60961edc

            SHA1

            244c8b1c1a34e2b2ffafa141f4580737447862da

            SHA256

            35d603a0d352d4df9d47eb764c2c698e1ec494a056f5ed592a2814040e2f1f30

            SHA512

            c80eca49db94ee7e5d36c1a792bb77ae17c9938539b8018b2265a345ec1e2f66025b0c69fe90099b75172d686c795a018acf4cb34ecb9335c287990f830fcf1e

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
            Filesize

            480B

            MD5

            b0d6eaf3dd448b629b7802e2b4e83820

            SHA1

            5a289553e7b83fb0f1c2412ee5722d81f5ab124d

            SHA256

            7cda43dd8523bc98fe0a6c6e76f064fe0a2883f260767acddd4ea0480fc1b4d8

            SHA512

            6313cf894cc8f84e745966f2d31f3439021d8215941a358efcb5a1d964216147c6322c008da1ec5a12fa9d814cecb7be960d5404f99b10d4be0e6a22910dece0

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
            Filesize

            412B

            MD5

            98222fadd798fa2c75b3325f3f414912

            SHA1

            db57057f21c80e684a4373eabc8ee1b10747deee

            SHA256

            d233a9e58d05f3b48a714c8d46c9c4e5a4b0aafe1941e22d721962d7a55037fb

            SHA512

            b9361f306c6a2acb50ba4a66e41bfcb4603630611dd7c6925222dc7b5176ace0c7d59709281c3b6bcfa9b444512e2f8cc7b49c5f082a50d21ab55a1f0c90a6ce

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TBE3XFIK\packet[1].log
            Filesize

            4.1MB

            MD5

            0ffd3bd05a9281981db2330e5a7291c1

            SHA1

            fabbfea6c072f68692b81571d38e8eab72de1362

            SHA256

            286dca4423a65cbd5d23e9bf002e584ec16a88c0a5edf4cfdc6b639d982593ad

            SHA512

            54ff1df237207e4fe70808583b96a07d0366887ed7e3389527eaadb6c3e045c19c4ba1621a47e24fa661f52b504274b46af91acd1b562bc15b1e51518846c333

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TXNHX8GN\json[1].json
            Filesize

            297B

            MD5

            bd0c2d8e6b0fe0de4a3869c02ee43a85

            SHA1

            21d8cca90ea489f88c2953156e6c3dec6945388b

            SHA256

            3a3e433f615f99529721ee766ad453b75d73fe213cb1ab74ccbb4c0e32dcd533

            SHA512

            496b1285f1e78d50dd79b05fa2cbf4a0b655bb3e4515646be3a7c7cdf85d7db6ab35577aa1e294f3d515d707ca341652b5ae9d4b22197e4480226ef8440294b6

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XCFODRP5\edgecompatviewlist[1].xml
            Filesize

            74KB

            MD5

            d4fc49dc14f63895d997fa4940f24378

            SHA1

            3efb1437a7c5e46034147cbbc8db017c69d02c31

            SHA256

            853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

            SHA512

            cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YDAAOKAP.cookie
            Filesize

            167B

            MD5

            4290bdf1d342edef7c6050faf0a0617c

            SHA1

            0f7d7da32a8e9f7d3e6a2ed6e6db395c7fd88809

            SHA256

            5e44900ceea5d1b05adb2521feb5498fa811c816dd4d1017177d1b6fec981f90

            SHA512

            21f223f3fcc5acd665c33e9c90eed6e109a747c029c57245552aba57ab19b61ed5f5853bd8aa9f0df5f5e2d6a5e41e31bbe1bf5ba8e6953860158c5f2bcd8e07

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E3VP08M\4TQ6xhX_0XDFyLdFRS-kPhFXirA.br[1].js
            Filesize

            7KB

            MD5

            fbf143b664d512d1fa7aeeeba787129c

            SHA1

            f827b539ae2992d7667162dc619cc967985166d9

            SHA256

            e162ccd10a34933d736008eb0bc6b880c4e783cf81f944bca7311bf5f3cd4aff

            SHA512

            109ec6433329f001c9239c3298a10e414522f21be2a3d7b8a9eb0b0767322eaad1fdf8f5b11edb1f42882b4e75ae71bef7fe786716407c8efad4feacb3dcf348

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RSZFRU2X\9MqrCXB0EVjVIRzDOArDGhu3yeM.br[1].js
            Filesize

            1KB

            MD5

            56afa9b2c4ead188d1dd95650816419b

            SHA1

            c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6

            SHA256

            e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b

            SHA512

            d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RSZFRU2X\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js
            Filesize

            289B

            MD5

            9085e17b6172d9fc7b7373762c3d6e74

            SHA1

            dab3ca26ec7a8426f034113afa2123edfaa32a76

            SHA256

            586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d

            SHA512

            b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RSZFRU2X\tlifxqsNyCzxIJnRwtQKuZToQQw[1].js
            Filesize

            1B

            MD5

            cfcd208495d565ef66e7dff9f98764da

            SHA1

            b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

            SHA256

            5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

            SHA512

            31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\FFUBHLLC\favicon[1].htm
            Filesize

            8KB

            MD5

            b29d666698fa9f8792611180ad7d60fb

            SHA1

            d3f7e7ef5863346742c64bbe61d7860b1cac6243

            SHA256

            9b6a5d5a8127c36e16fdbf09582b60ceaa6e36839a65bbe9e02d81523ccbe260

            SHA512

            8d94093be749394b3cc8a58bea65d30006369e1cece0672a966127b0f0da07101eb53de1449af8ed978dbf185dc3e2aabbd04c8852d7f94c5eacad80e3b8d1bf

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\IPHV43TX\suggestions[1].en-US
            Filesize

            17KB

            MD5

            5a34cb996293fde2cb7a4ac89587393a

            SHA1

            3c96c993500690d1a77873cd62bc639b3a10653f

            SHA256

            c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

            SHA512

            e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\NK65FBDM\favicon-trans-bg-blue-mg[1].ico
            Filesize

            4KB

            MD5

            30967b1b52cb6df18a8af8fcc04f83c9

            SHA1

            aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

            SHA256

            439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

            SHA512

            7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFD134F9473D3115FD.TMP
            Filesize

            16KB

            MD5

            cab38f33f77ad15d025f93728bf7331b

            SHA1

            6308a28258702cebcb04f7ef2e51afe0100b0be0

            SHA256

            893e3528cefc6b2b23cbf54e78bf21f17db21aca53a5ee34ccada50aabe37ef2

            SHA512

            ad689f06893618c5286890e84304670ae88e674bda5534545f2b709d60c4474f5b451d8357946acc9b2a55affc0a19e762ebdb29a5f82c6b64a2884fac898b64

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5W0ULC6J\Solara[1].zip
            Filesize

            31KB

            MD5

            f6bb1ae421fde30ed8300b064065c6e6

            SHA1

            eb0de52d3b59f61b207fd0b491d795b6ddd40f93

            SHA256

            d4960ec367a0ac10aca287495f6c8e15c62f98f53a864ee9c994dd608078a028

            SHA512

            e91ad708d6ce0edaebdba71ae93e0eab54edfa9ea5e149193ad59f92015f6475fd65a9f51ba5d8c272ad98915b3e99d8d52e15791874fda55eb75a95aeefcb5e

            Download Submit

          • C:\Users\Admin\Desktop\Solara\Launcher.bat
            Filesize

            717B

            MD5

            7276179fc4a059776470985ee2959249

            SHA1

            1b6841d675efe612159cc791a429daa39ddf59a7

            SHA256

            92a928595aac4d6ffccd6e05635fdbb0b82fdac13e0f460eafa22e570d26bf07

            SHA512

            5a833d7b50cc187363cdd1fda4c0dbf23afd30a29b3e107a33e72bb6ffc617a0fcf2b5f1098507111e2d7c55fbc726361e46e8691bf0d179fb920d1f86b4b6db

            Download Submit

          • C:\Users\Admin\Desktop\Solara\log
            Filesize

            155KB

            MD5

            ee48ea1bb05ba311a404f4ceb4dc260b

            SHA1

            de40066072c928a1850298944fb561b3122476bd

            SHA256

            6b60e51d5969097d58f1538d8af62e2c01196fb13b1cfef0413032b1c0bf799c

            SHA512

            8d0e6b9f700a198e294ae6c20e92033581c4cc1340d2a17eb0e388fe205b79217478c15abeaef00173c3de07155aa5208f64c27b9ceaa0887147ac4ac16fcbc4

            Download Submit

          • C:\Users\Admin\Desktop\Solara\luajit.exe
            Filesize

            89KB

            MD5

            dd98a43cb27efd5bcc29efb23fdd6ca5

            SHA1

            38f621f3f0df5764938015b56ecfa54948dde8f5

            SHA256

            1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a

            SHA512

            871a2079892b1eb54cb761aebd500ac8da96489c3071c32a3dab00200f74f4e12b9ab6c62623c53aea5b8be3fc031fb1b3e628ffe15d73323d917083240742b0

            Download Submit

          • C:\Users\Admin\Downloads\Solara.zip.h3ixty3.partial
            Filesize

            459KB

            MD5

            f80d19df4130f4f256dd7bb77be2bd97

            SHA1

            76405c82897359aac6759c00987a793b827af9ed

            SHA256

            f8418708394db6fca1994290189547aa62a581f0e9c2e8096a5837598b03f553

            SHA512

            67c55202e1178f075d98b0b039afe70a5d43162171d9a225b3153ce115a36fbe1359c69366e5aae241720da9d4447d78e1e22487e716df569bcc0679fe65d5f8

            Download Submit

          • C:\Users\Admin\Pictures\F9D1BF68A4A34E40856786018B80B4B2
            Filesize

            1KB

            MD5

            0685f628f7b26462640a2d8647a9db08

            SHA1

            dfd04f884ca8ef1074a28153d0d9754462693a2d

            SHA256

            4d2490dfccac8fff703222d3d3b82d3c390b4b9458c3e3e305dc4a29389b5e39

            SHA512

            7fe7549f120349ccaf39719595d1bd338882b8191f85f5f4d3f6a2e7688b1e442db2eda6db2fc8ac5b09a2e7574fbfd2bdaf72946e587fce2de610bcaaf723ec

            Download Submit

          • \Users\Admin\Desktop\Solara\lua51.dll
            Filesize

            592KB

            MD5

            3dff7448b43fcfb4dc65e0040b0ffb88

            SHA1

            583cdab08519d99f49234965ffd07688ccf52c56

            SHA256

            ff976f6e965e3793e278fa9bf5e80b9b226a0b3932b9da764bffc8e41e6cdb60

            SHA512

            cdcbe0ec9ddd6b605161e3c30ce3de721f1333fce85985e88928086b1578435dc67373c3dc3492ed8eae0d63987cac633aa4099b205989dcbb91cbbfc8f6a394

            Download Submit

          • memory/660-133-0x00000188F7610000-0x00000188F7611000-memory.dmp

            Filesize

            4KB

            Download

          • memory/660-16-0x00000188F1020000-0x00000188F1030000-memory.dmp

            Filesize

            64KB

            Download

          • memory/660-0-0x00000188F0F20000-0x00000188F0F30000-memory.dmp

            Filesize

            64KB

            Download

          • memory/660-35-0x00000188EE5D0000-0x00000188EE5D2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/660-132-0x00000188F7600000-0x00000188F7601000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2668-95-0x0000027274D70000-0x0000027274D72000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2668-97-0x0000027274D90000-0x0000027274D92000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2668-93-0x0000027274D50000-0x0000027274D52000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2668-91-0x0000027274D30000-0x0000027274D32000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2668-89-0x0000027274D10000-0x0000027274D12000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2668-99-0x0000027274DB0000-0x0000027274DB2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4936-254-0x000000007E760000-0x000000007E770000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4936-253-0x000000007E760000-0x000000007E770000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4936-264-0x000000007E760000-0x000000007E770000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4936-265-0x000000007E760000-0x000000007E770000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4936-266-0x000000007E760000-0x000000007E770000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4936-262-0x000000007E760000-0x000000007E770000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4936-261-0x000000007E760000-0x000000007E770000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4936-267-0x000000007E760000-0x000000007E770000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4936-252-0x000000007E760000-0x000000007E770000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4936-263-0x000000007E760000-0x000000007E770000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4936-260-0x000000007E760000-0x000000007E770000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4936-255-0x000000007E760000-0x000000007E770000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4936-256-0x000000007E760000-0x000000007E770000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4936-257-0x000000007E760000-0x000000007E770000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4936-259-0x000000007E760000-0x000000007E770000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4936-258-0x000000007E760000-0x000000007E770000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4984-43-0x000001D329700000-0x000001D329800000-memory.dmp

            Filesize

            1024KB

            Download