Resubmissions

10-06-2024 21:47

240610-1nn9ga1hqa 9

10-06-2024 21:44

240610-1lmb4a1gqe 9

10-06-2024 21:40

240610-1jlmsascln 9

Analysis

  • max time kernel
    141s
  • max time network
    168s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10-06-2024 21:44

General

  • Target

    Solara.Dir/Monaco/fileaccess/node_modules/call-bind/test/callBound.js

  • Size

    2KB

  • MD5

    6c09da27d70f11be33c5bc1d70fe5860

  • SHA1

    b21805be0c0db457d1364abe0103ba75a56fe66f

  • SHA256

    67da6de7ea66108ea3f035648b367cb8bf7dac8148b798a54b5b9de8f7f6ef65

  • SHA512

    8dd6654332b5660d787616252ca231283a6406dae97e8f07e88ffacc2f8a0b38c0bfe1aee5c5a734b4cb507ea51357cef2bfe226f4cab09d57c74d053f80c126

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 10 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 40 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\call-bind\test\callBound.js
    1⤵
      PID:3192
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.3.1951534795\1083395866" -childID 2 -isForBrowser -prefsHandle 1300 -prefMapHandle 1292 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4d71b2c-4d00-4db7-b8ad-533103ea304c} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 3180 17f2cb67858 tab
      1⤵
        PID:2984
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.4.1929205576\1757926441" -childID 3 -isForBrowser -prefsHandle 3772 -prefMapHandle 3768 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cad2b99-edd3-4bde-8243-7273c63f92b5} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 3748 17f3cb5b458 tab
        1⤵
          PID:3244
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.5.259881378\1439843055" -childID 4 -isForBrowser -prefsHandle 4380 -prefMapHandle 4376 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e17eeaa-3c8a-4e85-84c5-9cfca43919df} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 4392 17f3a384b58 tab
          1⤵
            PID:2464
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.6.301792139\1708896550" -childID 5 -isForBrowser -prefsHandle 4400 -prefMapHandle 4404 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09a326bc-ceb5-4227-b8e4-6de45c127a4f} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 4472 17f3c786b58 tab
            1⤵
              PID:1708
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.7.239480728\1892500372" -childID 6 -isForBrowser -prefsHandle 4780 -prefMapHandle 4708 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b6aab8b-44db-406d-885a-0864c38ee27a} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 4828 17f3c785958 tab
              1⤵
                PID:2100
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.8.1508080423\1092182627" -childID 7 -isForBrowser -prefsHandle 4276 -prefMapHandle 5164 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25d34f80-1e33-491a-8577-d2c597967de4} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 5152 17f2cb5fe58 tab
                1⤵
                  PID:812
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe"
                  1⤵
                  • Enumerates system info in registry
                  • Modifies data under HKEY_USERS
                  • Modifies registry class
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  • Suspicious use of WriteProcessMemory
                  PID:1348
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff815e59758,0x7ff815e59768,0x7ff815e59778
                    2⤵
                      PID:4716
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:2
                      2⤵
                        PID:1312
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:8
                        2⤵
                          PID:1904
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:8
                          2⤵
                            PID:4252
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:1
                            2⤵
                              PID:4496
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:1
                              2⤵
                                PID:1616
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4504 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:1
                                2⤵
                                  PID:1088
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:8
                                  2⤵
                                    PID:3132
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:8
                                    2⤵
                                      PID:4204
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4944 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:8
                                      2⤵
                                        PID:700
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4948 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:8
                                        2⤵
                                          PID:2332
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:8
                                          2⤵
                                            PID:688
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:8
                                            2⤵
                                              PID:3184
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5000 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:1
                                              2⤵
                                                PID:2752
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4728 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:1
                                                2⤵
                                                  PID:3124
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4724 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:1
                                                  2⤵
                                                    PID:4424
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5380 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:1
                                                    2⤵
                                                      PID:1528
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5584 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:8
                                                      2⤵
                                                        PID:3132
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5728 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:1
                                                        2⤵
                                                          PID:1516
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5864 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:8
                                                          2⤵
                                                            PID:2700
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5376 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:8
                                                            2⤵
                                                              PID:5072
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6164 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:8
                                                              2⤵
                                                                PID:2448
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4632 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:1
                                                                2⤵
                                                                  PID:2940
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5992 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:1
                                                                  2⤵
                                                                    PID:3296
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:8
                                                                    2⤵
                                                                      PID:3860
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:8
                                                                      2⤵
                                                                        PID:4800
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:8
                                                                        2⤵
                                                                          PID:4792
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:8
                                                                          2⤵
                                                                          • Drops file in Windows directory
                                                                          • Modifies registry class
                                                                          • Suspicious use of SetWindowsHookEx
                                                                          PID:1584
                                                                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                        1⤵
                                                                          PID:2776
                                                                        • C:\Windows\System32\rundll32.exe
                                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                          1⤵
                                                                            PID:1740
                                                                          • C:\Users\Admin\Downloads\Solara-main\Solara-main\Files\SolaraBootstrapper.exe
                                                                            "C:\Users\Admin\Downloads\Solara-main\Solara-main\Files\SolaraBootstrapper.exe"
                                                                            1⤵
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            PID:2392
                                                                            • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
                                                                              "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
                                                                              2⤵
                                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                              • Checks BIOS information in registry
                                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                              PID:2408
                                                                          • C:\Windows\system32\taskmgr.exe
                                                                            "C:\Windows\system32\taskmgr.exe" /4
                                                                            1⤵
                                                                            • Drops file in Windows directory
                                                                            • Checks SCSI registry key(s)
                                                                            • Modifies registry class
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            • Suspicious use of FindShellTrayWindow
                                                                            • Suspicious use of SendNotifyMessage
                                                                            PID:4728

                                                                          Network

                                                                          MITRE ATT&CK Enterprise v15

                                                                          Replay Monitor

                                                                          Loading Replay Monitor...

                                                                          Downloads

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            10e4bf035a6037f98da98ee342cf2bc3

                                                                            SHA1

                                                                            99829c391e0bf8301edee688d4f3c4caaee57dd2

                                                                            SHA256

                                                                            05bc81b0a812f37f74a2c5a97cc64e17db2f2687279cd6eaf7551e79c62b2f98

                                                                            SHA512

                                                                            18b7d44a966c4ec537de306a1fecc8abca806a95ffd8e2ab91df80cfc946b69df5bbb214b3304c169065c9ab3dde0f56789f7d514f44537cdc095adbd7de038e

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            890b543278cf6a67edb786753e4d7c58

                                                                            SHA1

                                                                            3ec95367e4ef73891b8cebaae51b7006c96fea33

                                                                            SHA256

                                                                            2142e4cc9db322f1e9207258df4cc502b775eb709d1f86ed0a689e479b42e627

                                                                            SHA512

                                                                            a7ea37a63a6e6f441e705f57d495c67e32e344588c23416056aec121df95a95af3e7d3d1eafe99aa85c191bd82d62b11169242053e5497d8fd9c09fff2bf06f0

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            d1652ae2a75085c2a115f1c92eea7712

                                                                            SHA1

                                                                            57707d445a8547863bc311941d0094afd799b419

                                                                            SHA256

                                                                            62c6d0d3c8c779540ee265d59ec931e3c47cbe08dd213cacf7d2d7db095d9299

                                                                            SHA512

                                                                            f955ff12d1f5e033430a1b90e9bbe0d574daf8dd5de3347ab6c67a5e48f21c021d617e90fb22b503a2e0ac6f8f6e139c81c2511cb02d1dc28ee5913035993342

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                            Filesize

                                                                            705B

                                                                            MD5

                                                                            76b38491e25a2a61bca3ed823159bef9

                                                                            SHA1

                                                                            34e0e2d84591acb7d9776cb95a52a52ceae7b405

                                                                            SHA256

                                                                            f228714396d5a0284154c4431b1037c183479aee2bdd945e7cf2b68f5396328d

                                                                            SHA512

                                                                            69ebf1fd644b1dd94a9d583a1dae0066f50f1c9b8a25a422ed10cdccdb7bcdbba41ff3873077ab5762d118c3232048981135666e80fe5916e0e09eb945449e41

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                            Filesize

                                                                            872B

                                                                            MD5

                                                                            413e60626130259223e516e024d02a7c

                                                                            SHA1

                                                                            7a425678a76e3a75d33740818251dff94aac0e67

                                                                            SHA256

                                                                            7debc1d89c284912efee7ae80c49fb935d798e9831f5367013d05a75de8745cf

                                                                            SHA512

                                                                            f768a08d94a725c27af5dd771036815af59229feddc156b9f1cedbaa81a01166fb7772b3b681c59c399b6af8a00464594f9aa820f307b3b974c8b567369196e1

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            f7f0d5393f488eaf56194cf39c83e70a

                                                                            SHA1

                                                                            37969f2897a1255ebe469ac6394cf03d91d59601

                                                                            SHA256

                                                                            2cb72fb830ae76568a732d1a746f1f4deb25b5302bcc8e180619f12f94b928fc

                                                                            SHA512

                                                                            cb3585007b9d83d32a432daad1a48956ce7d4097e3201cfed7649d9ce66aaa8678daf5012564b21c41e935dcb6906fc8f8f249c7796559e9b54fd64d742d32be

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            6d014d378a01a952e6be8a7f4bff22eb

                                                                            SHA1

                                                                            f77d647e5c9334f8a7c3ebffa9bea20e2ca5126f

                                                                            SHA256

                                                                            7e0c49971bcc608b86dc565e14b5260a0c8715d06897b8d7714bf8419932792a

                                                                            SHA512

                                                                            feab9d116818bd7f742981a58def3e3c9aa9708d969d17d68ff6f972af37a18282b1d22f6f25710dd5c6239d1eaf12abe8196e0ad8222c90a23ae1ef048893ef

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            f8a7ca96ae09b174e74dfe14978b6fa4

                                                                            SHA1

                                                                            7c5f78d606015d7915f965035c6fe590713650b2

                                                                            SHA256

                                                                            74ef1463e2dd2e174208ca87d311c48683acd0d8b71e625e39b3c1855f23d6a2

                                                                            SHA512

                                                                            4b4fd06a3d4f2126f190ca602f0d7cc86d2475e69b67387a9e1e2e6be7766efa0d23d64b829fbd921c79b83831ae4a1f2393f7ee32e19ca7bf0cf2d303487ca1

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            8839afc6ded7de4355ed5edac9f5eea5

                                                                            SHA1

                                                                            9e0392aeb79bbad84b2fa486a6ddd60370296370

                                                                            SHA256

                                                                            6bbd35cf19e9dc9f9b39b47edcb991c3f9b4b91affc48197f94a09ff1ad59b63

                                                                            SHA512

                                                                            03914b88af060854a65d3c251285f076fa76d52be7cba8e23a75cf437004cba98c429f172fc60f7c820444476de3f2a59a7978a3654cf088001c4f764faf6dbf

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            5d0ccbcd72ae5bca651fa058d0c48405

                                                                            SHA1

                                                                            f4eb919e1569380acfbd87d16b68d1865e3d5e97

                                                                            SHA256

                                                                            f887231af48e0689b72fac2c40b92f6bb44537d09b5502a3dae2bb4a1f5ef274

                                                                            SHA512

                                                                            0b9581288e5a7facfb25a169a2d52c0ed1c874dabb85b244f39138ce9e2fd9b3f24764cdc71bb7a9ec60255cbe19246a075021c24dec2dd67e7b733a23a18f93

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                            Filesize

                                                                            7KB

                                                                            MD5

                                                                            7e39b5ff02694467584bc934174fe2a2

                                                                            SHA1

                                                                            5071bad1c7441ee3bee5ffc13551921d4fcd3a9a

                                                                            SHA256

                                                                            3051b04ecd232985881ec9c452bbc008b1d0e1cbbf61ef5b865c9f0408a47883

                                                                            SHA512

                                                                            c972e7d7f9afa398899deebd18d5dba1c3263f02968923cb54eabec647d7a65927df61fd50231fdb5ddd2a125f26d6a2ab4de90e5d9c8cb9d15e0bf5a7ab70fe

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                            Filesize

                                                                            280KB

                                                                            MD5

                                                                            4c31159602f2db4fa41d0c162c103a88

                                                                            SHA1

                                                                            c8110041f219722b5f6ce3de3b88503dc2044e1a

                                                                            SHA256

                                                                            2cbc99ae36650631374a5b69e8d4c296eaa97d1d79b9c744760536906795d89a

                                                                            SHA512

                                                                            914ac0c692679d78f10bdb5d1db13870a4c839bbcf65d33f2221d3387608ef00ad0c8e1cea66980cf58cff9e51c4a3cfd632d3ec4b7505d8b0f28e6f62dd8cf6

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                            Filesize

                                                                            280KB

                                                                            MD5

                                                                            fe84c35e06dcd97d8032f1b60602d3a5

                                                                            SHA1

                                                                            e802e7d88da53365abda1c844f1efbaaaab4e39b

                                                                            SHA256

                                                                            ee48f62335d9a7d2ce7b1511d64d7d1ee269040135eb636433e005f94a37a9b3

                                                                            SHA512

                                                                            155404a0509158fc479ba4ee71ab18e502420fddc815269e40556323307b820646ebae756bdbbb876acdd6bc63eac9c2b2e6a62b9ce155612e590b31b8bfcaa2

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                                                            Filesize

                                                                            108KB

                                                                            MD5

                                                                            48b8e976f804e0de2d041d91577ec8a9

                                                                            SHA1

                                                                            4131e8a1cd86812293f1a538a1479ef8f3093366

                                                                            SHA256

                                                                            e48a188ad1a1231c568ed650985305bca96e6a26013c2db4527b65ab635f6538

                                                                            SHA512

                                                                            4e755684322540bf50a76f25225cde7cd6c944be82caa78e8d9f711d5c9d3bbe6264b17d252048e016a1e32e2bba74e9cb79b7959c46c964e3c1286b92895699

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe591f17.TMP
                                                                            Filesize

                                                                            92KB

                                                                            MD5

                                                                            a999d87533d91c4a1f02c9e9f90bbdfb

                                                                            SHA1

                                                                            425c75fa35c8a87ccd1c5494edad3419a6ffc544

                                                                            SHA256

                                                                            775ada7eef7cf78e270e519a6f485157d62f1d08417ee0af8939973ee0e37013

                                                                            SHA512

                                                                            04d6ef18de1b8087a73a83104df4d3631c8eead80e73ec8a59a79de2d7a91acfcea12c135d0233a74561a63e8a644a04d3138604e0974860c945b57b06542da8

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                                                                            Filesize

                                                                            2B

                                                                            MD5

                                                                            99914b932bd37a50b983c5e7c90ae93b

                                                                            SHA1

                                                                            bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                            SHA256

                                                                            44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                            SHA512

                                                                            27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                          • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt
                                                                            Filesize

                                                                            55B

                                                                            MD5

                                                                            207dfbf4b0c00c10469fb451fb3a4ff5

                                                                            SHA1

                                                                            a238d43038b0d157de0788ea2111c3e01ea870dc

                                                                            SHA256

                                                                            99a77b9eea94ffcdb497d1446269cb51264a1e1fa94d26875281e1142b44176f

                                                                            SHA512

                                                                            bb3042b260c30c8901ad9ec85fc1b87f0d3f37dd1e656fe8bfe477dd7b07bf31e38eb67bb6b632af39d3b13277d3795ef578dcfeaee2406dc846aefd5478cbc0

                                                                          • C:\Users\Admin\Downloads\Solara-main.zip
                                                                            Filesize

                                                                            14.6MB

                                                                            MD5

                                                                            6b1d4d347523de7994c30aafa136b758

                                                                            SHA1

                                                                            a900b7520ffabcd764293f15f0a31b5acf501368

                                                                            SHA256

                                                                            bba9ee471147935cf964828b3b3c34baa045207b4fbe1c96743943f8cf71375c

                                                                            SHA512

                                                                            e2c7d690856371c378827a986e80fc9c5cca951d1d8df7ab18956140f97b4bb7c255dac4c0da8b8f73a67c7572f15ac5cb0398054d9448febb36de61404aa5aa

                                                                          • \??\pipe\crashpad_1348_MKUUPKRTNSONXGMH
                                                                            MD5

                                                                            d41d8cd98f00b204e9800998ecf8427e

                                                                            SHA1

                                                                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                            SHA256

                                                                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                            SHA512

                                                                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                          • memory/2392-392-0x0000000000A30000-0x0000000000A3A000-memory.dmp
                                                                            Filesize

                                                                            40KB

                                                                          • memory/2408-397-0x000001BF77600000-0x000001BF776B8000-memory.dmp
                                                                            Filesize

                                                                            736KB

                                                                          • memory/2408-402-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                            Filesize

                                                                            14.3MB

                                                                          • memory/2408-405-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                            Filesize

                                                                            14.3MB

                                                                          • memory/2408-404-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                            Filesize

                                                                            14.3MB

                                                                          • memory/2408-403-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                            Filesize

                                                                            14.3MB

                                                                          • memory/2408-399-0x000001BF77540000-0x000001BF7754E000-memory.dmp
                                                                            Filesize

                                                                            56KB

                                                                          • memory/2408-407-0x000001BF77B10000-0x000001BF77B18000-memory.dmp
                                                                            Filesize

                                                                            32KB

                                                                          • memory/2408-408-0x000001BF77BE0000-0x000001BF77C18000-memory.dmp
                                                                            Filesize

                                                                            224KB

                                                                          • memory/2408-409-0x000001BF77BC0000-0x000001BF77BCE000-memory.dmp
                                                                            Filesize

                                                                            56KB

                                                                          • memory/2408-411-0x00007FF8133F0000-0x00007FF813414000-memory.dmp
                                                                            Filesize

                                                                            144KB

                                                                          • memory/2408-410-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                            Filesize

                                                                            14.3MB

                                                                          • memory/2408-398-0x000001BF77730000-0x000001BF777AE000-memory.dmp
                                                                            Filesize

                                                                            504KB

                                                                          • memory/2408-431-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                            Filesize

                                                                            14.3MB

                                                                          • memory/2408-433-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                            Filesize

                                                                            14.3MB

                                                                          • memory/2408-434-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                            Filesize

                                                                            14.3MB

                                                                          • memory/2408-436-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                            Filesize

                                                                            14.3MB

                                                                          • memory/2408-396-0x000001BF77C70000-0x000001BF781AC000-memory.dmp
                                                                            Filesize

                                                                            5.2MB

                                                                          • memory/2408-447-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                            Filesize

                                                                            14.3MB

                                                                          • memory/2408-395-0x000001BF5CF10000-0x000001BF5CF2A000-memory.dmp
                                                                            Filesize

                                                                            104KB