Analysis Overview
SHA256
2510be907ec476e8375ac7b5431536ae9a32bf99fe77ab695a5100852b111b96
Threat Level: Likely malicious
The file SolaraB.zip was found to be: Likely malicious.
Malicious Activity Summary
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Checks computer location settings
Checks BIOS information in registry
Loads dropped DLL
Themida packer
Executes dropped EXE
Checks whether UAC is enabled
Legitimate hosting services abused for malware hosting/C2
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-15 00:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 00:08
Reported
2024-06-15 00:11
Platform
win7-20240611-en
Max time kernel
40s
Max time network
147s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7359758,0x7fef7359768,0x7fef7359778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1156,i,3990825374652690291,7128711066468865847,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1156,i,3990825374652690291,7128711066468865847,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1156,i,3990825374652690291,7128711066468865847,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2332 --field-trial-handle=1156,i,3990825374652690291,7128711066468865847,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2344 --field-trial-handle=1156,i,3990825374652690291,7128711066468865847,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3220 --field-trial-handle=1156,i,3990825374652690291,7128711066468865847,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1272 --field-trial-handle=1156,i,3990825374652690291,7128711066468865847,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3408 --field-trial-handle=1156,i,3990825374652690291,7128711066468865847,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3536 --field-trial-handle=1156,i,3990825374652690291,7128711066468865847,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3844 --field-trial-handle=1156,i,3990825374652690291,7128711066468865847,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3932 --field-trial-handle=1156,i,3990825374652690291,7128711066468865847,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3852 --field-trial-handle=1156,i,3990825374652690291,7128711066468865847,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fe17688,0x13fe17698,0x13fe176a8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3796 --field-trial-handle=1156,i,3990825374652690291,7128711066468865847,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3384 --field-trial-handle=1156,i,3990825374652690291,7128711066468865847,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1748 --field-trial-handle=1156,i,3990825374652690291,7128711066468865847,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3724 --field-trial-handle=1156,i,3990825374652690291,7128711066468865847,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c16.gcp.gvt2.com | udp |
| DE | 34.89.141.94:443 | e2c16.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| NL | 128.116.21.3:80 | roblox.com | tcp |
| NL | 128.116.21.3:80 | roblox.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| DE | 18.66.112.121:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.121:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.121:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.121:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.121:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.121:443 | css.rbxcdn.com | tcp |
| DE | 108.138.7.3:443 | static.rbxcdn.com | tcp |
| BE | 2.17.107.35:443 | js.rbxcdn.com | tcp |
| BE | 2.17.107.35:443 | js.rbxcdn.com | tcp |
| BE | 2.17.107.35:443 | js.rbxcdn.com | tcp |
| BE | 2.17.107.35:443 | js.rbxcdn.com | tcp |
| BE | 2.17.107.35:443 | js.rbxcdn.com | tcp |
| BE | 2.17.107.35:443 | js.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | www.roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| DE | 18.245.60.46:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| DE | 18.245.60.46:443 | roblox-api.arkoselabs.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| BE | 2.17.107.170:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| DE | 18.66.112.121:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| BE | 2.17.107.210:443 | images.rbxcdn.com | tcp |
| BE | 2.17.107.210:443 | images.rbxcdn.com | tcp |
| BE | 2.17.107.210:443 | images.rbxcdn.com | tcp |
| BE | 2.17.107.210:443 | images.rbxcdn.com | tcp |
| BE | 2.17.107.210:443 | images.rbxcdn.com | tcp |
| BE | 2.17.107.210:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2---sn-aigl6nsk.gvt1.com | udp |
| GB | 74.125.105.103:443 | r2---sn-aigl6nsk.gvt1.com | udp |
Files
memory/2500-0-0x0000000074ABE000-0x0000000074ABF000-memory.dmp
memory/2500-1-0x0000000000B50000-0x0000000000B5A000-memory.dmp
memory/2500-2-0x0000000074AB0000-0x000000007519E000-memory.dmp
memory/2500-3-0x0000000074AB0000-0x000000007519E000-memory.dmp
\??\pipe\crashpad_2844_VHBSUJLQDKLEIILJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 99916ce0720ed460e59d3fbd24d55be2 |
| SHA1 | d6bb9106eb65e3b84bfe03d872c931fb27f5a3db |
| SHA256 | 07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf |
| SHA512 | 8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8f1410529fa8c927497ac1da3a4b5489 |
| SHA1 | 99d277bff4ae85b50fb1ede0b94bee1e23428039 |
| SHA256 | 956ed80d16374891b0b96126c35b6d58647dbb91a204bb229348a82324bbdd96 |
| SHA512 | 3ceebf596593332fca3cde58ba30f4c19968fbd8b6ce3acfd446f4d60eaabdc0cb168fa4f5943340164fd16ac2ef82c44da95a20a329970827cce742b62339c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2470e5b0ace3db09e1579f72b2155326 |
| SHA1 | 5b250c52e19fdd766caa520dc3bb551a83610ae4 |
| SHA256 | 2e8ea896452a606fa07aec29a84d455042a6d99cfba2aeed4919930294c56fc2 |
| SHA512 | 48e95b60cf0766a07bf8b70641f051dd315d60573691998cb2323bb8d10ea1cf84c97ef8a17d9425a10a826b35c0c695cf047c3a32632e78d158798a629ad882 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2294aa0042a10cf7a014d76bea7f4d8a |
| SHA1 | 86ed3326007d96b508af4b3ee721f2449bf71bc7 |
| SHA256 | 7f2cafd6c5fe3d1beae00c25f193562d85da82b628555e7724870722e600936c |
| SHA512 | 6131e67e2c55e22dc8df10b7d3d2dbf78c915a3e94cd37a1da52f87d35a557b312197d881dbd2b2f4294789a5ceab1d812b64e6ce6eaa31025cf971b3f07b235 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3d6e8da9dd946ffff18c693eabf57081 |
| SHA1 | 8504e040f45bf01ea1c18d2fea5d31e1aa2460c2 |
| SHA256 | a46996bb31629fb95a7fde38510e049392b7833de24851a965a28022bd057511 |
| SHA512 | d0da7bb5a71019e91bb7654f0ccf5a5f6e583b66ed902249d18cc5ccab84446c3e32e42acd65c53121e8b56ea389af572cd21789f48e3ec3111e9c07adb1080f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 1fc15b901524b92722f9ff863f892a2b |
| SHA1 | cfd0a92d2c92614684524739630a35750c0103ec |
| SHA256 | da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4 |
| SHA512 | 5cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\85fb3223-5549-435f-bbeb-1087138d7e67.tmp
| MD5 | 45570be52c796ae17e66f8a3decf859d |
| SHA1 | f94f88687c495a3887696835177fa33a272455c0 |
| SHA256 | 2a94407f235b68825fdf5a8ea1900ba79f07001c37f984830f00479dbc27c07b |
| SHA512 | 30c264b2f4d7e9314a9f2dac43fec33e53d073d887a65ad20ffa9f37c01d870ee4c43336e458b0b0cf24761a02a1e25139d6f52919d1daa5c0ddb3cd01440ee5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c6438941cb365717df29758449948cca |
| SHA1 | 7f24972133d1dd5a298c848a2c8661ac6ee467fb |
| SHA256 | 5eeaf9c0cac6ab6d1f5eb972c1bac5091116dd72acf79c7aec4618822a26df86 |
| SHA512 | 54dc14897e1bcc4f200a2ef15904d4d3f05aace17449be51b61a89d326b190866d19734f9305c0a11cd957370f1f12d1a0e15ce2d5fbbe7eb27b5a291bd2f904 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\00e03ada3ceeabf4_0
| MD5 | 1ab8fddcd9f3c1b1e7f704d326bea358 |
| SHA1 | e19baa999b25c4a9b0b0f3370d033ea9e92d1980 |
| SHA256 | 2fab6269eed07fbd7d9bf738437559ae6fd23bc3b8450976c590d6c91c70838e |
| SHA512 | b817aee647df4d895c9e82e8d2ad146af99369ed32df36f4afd2d6a6b84b3a0ba18ce1750dc40ce322e183cb8ee35c15fea5395f095fde79e7050900359ebcfb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\81368c0962e37f6f_0
| MD5 | bf2c78fc272d131df437ff434312eee9 |
| SHA1 | dbd3927509f152979d6362152c54ec8a79a685e7 |
| SHA256 | c3f5347f307edad30574dc1003fa9a1cd4f1bc77cd1d66c5c8da0411325b4aca |
| SHA512 | a9467345634a65d24b8d846c9628b191a47f5c901f7173f3ebb9d225e63c52650ed87b55cd1baa7b3d99071b600327480063ad56b827871b0a4555fd0cdedf19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | da0263cd5839414d6ebcf7abe3f00780 |
| SHA1 | 6866810a27e46dccb9ad82fc69365e88a8d12b68 |
| SHA256 | b21f0d1d3e643a755252e34d54af8c406ef9014e22ecbc09c4058ca94793aeb2 |
| SHA512 | 8591893b854cc45ef1fb9be3071a84740421a9f48b4381b7c40e1dd17fe4c41b210706fc4a80dce056dbf25f181981bbcf83a768bca5f5a797f2ea1ec0173170 |
C:\Users\Admin\AppData\Local\Temp\CabB1A.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar1001.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d009eebf42d36d21e2aa0bf5c7fad87 |
| SHA1 | 224d2da586359f02485ad4de1bf3a321e51c5def |
| SHA256 | 8787e98b597913373c91ff9f7e5d0d1143489a30751ba908ce2fe5a14f3adebb |
| SHA512 | 5c74121f0d7a780a7924f14a063eb52577127cfc8eabdd862679ca51257e71808cfca85e6d66299e90ed6021725e1eaa39c970382b9171a86e8d2e4a189b8907 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d0bd0512e421349beee20cd52555989 |
| SHA1 | 40f4b34c1317d2aa71c89d735b18dc9ad72b257c |
| SHA256 | 80ca2cd37f0f4e35716cdbf70f24a5d61ac2984ac690b6eb884cf2d478cdf65f |
| SHA512 | 36fb1119b27b1a9cf0ba66121ecf5e24beb7ccf9f4cccb633d2dbefc946f6c964f3b376c09d408409715f808787147258ddd1cdbc6a858cfd5f72f8ed1c5ceae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8357db1028bb5ac79965e4e12fe4fe14 |
| SHA1 | 854b022fe48ce7a8192d683287a8664eff458f7b |
| SHA256 | d0e0a0817a0aac0f2a919fcb7d773b836cba408f2ea9564c6bb50f031701f75f |
| SHA512 | 78255e70c6bcc8431b258dfe2c96873f0226e264938e8febad343dfcea0127faae29acea13ffd37c82765f2ac6cd91d798fa1fd77c595094e690a471608cb7dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 950d379d1cbe2a7714bd79fc9b991589 |
| SHA1 | 80ddfd8ee5ae71a046a4c2529a2d056d5ff17fc3 |
| SHA256 | 8e2196aa6d18343ac19d1702388778b4b8ace0a0e91ccf5d207eb55ee7176600 |
| SHA512 | 296b2c91104bbbf7e60177ca1b36f888516908e7e1639ce93ee3fd6bc251763a199ef4e45c5284ca540e151b9dd0bbc3fdc29a3e3425ef76374d89e196ec3c68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ee8e04f6556e856bf92d9639d4b9e3de |
| SHA1 | 2f7439ca9dc8fac05f83cd3b0c013fd0ced01152 |
| SHA256 | 4e3916543b83fd9f49d9aee51776d2059b225665c25206815ae8815610ef1636 |
| SHA512 | bb4c69f3e6640b29a2b1c8ee18a767203c98671bf442a8b9b33d685e2944747b1b03631a9df50953ef48e7f1b7067aca48958eaf91c18d6a819873c15c0a69b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 35a25982ce30f9a60d41282f8cc71a8d |
| SHA1 | d176e0fe061c8c2ae64b9769fe38a5b6eb0d1136 |
| SHA256 | 569d24186a6314550e9d37a1dcc0df02d71295fe5e42a194e1baf76028851a04 |
| SHA512 | 1e969c1c1dc0eb7a09fc5e8c52e3a2fd27bad730408c99d2e18c479963037178f3fe4f5fb0ad77617c80aff6f2b4a39fe29522983c7cf9c7ea08535783e222a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 079b03f85404c53055f2b10fed7e2753 |
| SHA1 | 59fcf2e1e72fb47e4f32c689adf0aeca2959e013 |
| SHA256 | 1c804c40a27dc606bbdc48f6b8278894486a89b64c946f3b535b79f487a9f7eb |
| SHA512 | 861d7ede18e2cc96783b4e389903a2062d74b3b38bdf45c436278adfe177d1381db3aafc9644a0377b7095b818d317f9b00444ca5edf5e49a0c2090750b4c5c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6619ee3873b9f6a467cc8223aadf6e8a |
| SHA1 | 7807e6c3ff2eccf954100d1eba7d5f30bb5ded48 |
| SHA256 | 9ef6243dcca3bbe84e65d28e59b317857933e41251102596138ae8003957606d |
| SHA512 | fa30072a9a28b3645739fe56b415d6149d70eb99d91c219559aafa4dd6721e07ec7dce892650bb62cc0fd038e12bd98cee5cc5bcfc56c3ed8e3b39d7766b91ed |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 00:08
Reported
2024-06-15 00:11
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Loads dropped DLL
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping4828_2052178261\manifest.fingerprint | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping4828_1891950919\Microsoft.CognitiveServices.Speech.core.dll | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping4828_1891950919\manifest.fingerprint | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping4828_1349528331\protocols.json | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping4828_1349528331\manifest.fingerprint | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping4828_2052178261\manifest.json | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping4828_1349528331\manifest.json | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping4828_2052178261\crl-set | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping4828_1891950919\manifest.json | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628837419422910" | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3908.4592.16392992652609706252
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=125.0.2535.92 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffc923e4ef8,0x7ffc923e4f04,0x7ffc923e4f10
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1748,i,14246125673556780935,4136753693993252504,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1704 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2020,i,14246125673556780935,4136753693993252504,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2028 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1712,i,14246125673556780935,4136753693993252504,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3672,i,14246125673556780935,4136753693993252504,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4740,i,14246125673556780935,4136753693993252504,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4752 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4668,i,14246125673556780935,4136753693993252504,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4744 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4840,i,14246125673556780935,4136753693993252504,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2100 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2100,i,14246125673556780935,4136753693993252504,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4788 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| BE | 2.17.107.98:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.107.17.2.in-addr.arpa | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:58230 | tcp | |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 172.64.147.188:443 | kit-pro.fontawesome.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.147.64.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:9911 | tcp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:9911 | tcp | |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 13.107.21.239:443 | tcp | |
| US | 8.8.8.8:53 | 239.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 2.20.12.95:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 95.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 204.79.197.239:443 | tcp | |
| US | 8.8.8.8:53 | 239.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
Files
memory/1756-0-0x0000000074BEE000-0x0000000074BEF000-memory.dmp
memory/1756-1-0x00000000007C0000-0x00000000007CA000-memory.dmp
memory/1756-2-0x0000000002BA0000-0x0000000002BAA000-memory.dmp
memory/1756-3-0x0000000074BE0000-0x0000000075390000-memory.dmp
memory/1756-5-0x0000000005C90000-0x0000000005CA2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
| MD5 | d0104f79f0b4f03bbcd3b287fa04cf8c |
| SHA1 | 54f9d7adf8943cb07f821435bb269eb4ba40ccc2 |
| SHA256 | 997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a |
| SHA512 | daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
| MD5 | c2ab942102236f987048d0d84d73d960 |
| SHA1 | 95462172699187ac02eaec6074024b26e6d71cff |
| SHA256 | 948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a |
| SHA512 | e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
| MD5 | c28b0fe9be6e306cc2ad30fe00e3db10 |
| SHA1 | af79c81bd61c9a937fca18425dd84cdf8317c8b9 |
| SHA256 | 0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641 |
| SHA512 | e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
| MD5 | 13babc4f212ce635d68da544339c962b |
| SHA1 | 4881ad2ec8eb2470a7049421047c6d076f48f1de |
| SHA256 | bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400 |
| SHA512 | 40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
| MD5 | d213a75b1956398e4c36bcc2f93339bf |
| SHA1 | 6a2739cc0e67f5593c744fbcbc8f00f12eef9954 |
| SHA256 | ece75d080f94df4b3699389021337b1536cfed229d1325f09b03f0b0d6d85ab4 |
| SHA512 | d32ddaf4c6f8f8df6c390d683e6c039f3b0d8f35f68f690b28bf88b17caedf0e11abd3aeb2e46238d0cd0a91b2db095cca0782b4e27f04453ea4cb6db38f4dd7 |
memory/3908-1469-0x00007FFC9C3E3000-0x00007FFC9C3E5000-memory.dmp
memory/3908-1471-0x000001BBD3230000-0x000001BBD324A000-memory.dmp
memory/1756-1470-0x0000000074BE0000-0x0000000075390000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
| MD5 | aead90ab96e2853f59be27c4ec1e4853 |
| SHA1 | 43cdedde26488d3209e17efff9a51e1f944eb35f |
| SHA256 | 46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed |
| SHA512 | f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d |
memory/3908-1473-0x000001BBEF430000-0x000001BBEF96C000-memory.dmp
memory/3908-1474-0x00007FFC9C3E0000-0x00007FFC9CEA1000-memory.dmp
memory/3908-1475-0x000001BBEF1A0000-0x000001BBEF25A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
| MD5 | 34ec990ed346ec6a4f14841b12280c20 |
| SHA1 | 6587164274a1ae7f47bdb9d71d066b83241576f0 |
| SHA256 | 1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409 |
| SHA512 | b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0 |
memory/3908-1477-0x000001BBD3660000-0x000001BBD366E000-memory.dmp
memory/3908-1478-0x00007FFC9C3E0000-0x00007FFC9CEA1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
| MD5 | 851fee9a41856b588847cf8272645f58 |
| SHA1 | ee185a1ff257c86eb19d30a191bf0695d5ac72a1 |
| SHA256 | 5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca |
| SHA512 | cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f |
memory/3908-1480-0x000001BBEF3A0000-0x000001BBEF41E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll
| MD5 | a0bd0d1a66e7c7f1d97aedecdafb933f |
| SHA1 | dd109ac34beb8289030e4ec0a026297b793f64a3 |
| SHA256 | 79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36 |
| SHA512 | 2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
| MD5 | e31f5136d91bad0fcbce053aac798a30 |
| SHA1 | ee785d2546aec4803bcae08cdebfd5d168c42337 |
| SHA256 | ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671 |
| SHA512 | a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\VCRUNTIME140.dll
| MD5 | 7a2b8cfcd543f6e4ebca43162b67d610 |
| SHA1 | c1c45a326249bf0ccd2be2fbd412f1a62fb67024 |
| SHA256 | 7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f |
| SHA512 | e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
| MD5 | 75365924730b0b2c1a6ee9028ef07685 |
| SHA1 | a10687c37deb2ce5422140b541a64ac15534250f |
| SHA256 | 945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b |
| SHA512 | c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1 |
memory/3908-1491-0x00007FFC9C3E0000-0x00007FFC9CEA1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll
| MD5 | 0df8e80fd47cee0af8a6fb8ae2fd2237 |
| SHA1 | 3780465816d176d162dc32895284aeb631efefd0 |
| SHA256 | 2bf8ee57bc984b47d8662dc580c4aa97aa48807b5f7d5953d72c14e7277da045 |
| SHA512 | 1864cc3cdea3ff3262bac5f1e308f9c937f329516b9f48c1a69eda9246d3ed0c8cdc51b4129c73bd766166327060eb4002d96a28f9e7ed361210b4a869aa1194 |
memory/3908-1492-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3908-1494-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3908-1493-0x0000000180000000-0x0000000180A63000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt
| MD5 | 6b09afc61af8884f2fc6204922e970be |
| SHA1 | fe3da40f27e8dc2b8e2392c9590666982fff3398 |
| SHA256 | f99a87a0c9006940f0d9efa1331d253dcf56016c82f4e266b507c303bb8493a6 |
| SHA512 | 69ac27dbd690d1919a5da98e5f427328147c18a338596a0cf7ccb2cd09594da388fc4bb5df660bb4ca5a630f3ffc3ee3783b24c262683d2c5992db2f1abca8ea |
memory/3908-1495-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3908-1497-0x000001BBEF0E0000-0x000001BBEF0E8000-memory.dmp
memory/3908-1499-0x000001BBF2EA0000-0x000001BBF2EAE000-memory.dmp
memory/3908-1498-0x000001BBF2EE0000-0x000001BBF2F18000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | 85336bba86b95c0d725d8798da82713d |
| SHA1 | b25a63d665c589d169d229baa0743336587211ab |
| SHA256 | 0161a63565085f1463f95636be1797b66baa96492a641639f6ca8479369b5517 |
| SHA512 | d056fa1660e8c3430e34cf145936daa836b81b121bc835ce01de6fd6dab0fd1c48813cba21b76aeaed9a8f4f397d96e0bb572cb90fd9542db174476636efcc4e |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe576b3d.TMP
| MD5 | f2ac165e6a8d53d35bdadebc5a9819b1 |
| SHA1 | 90725fdce0dabbd75d7bcdb41745d1ddd80a2517 |
| SHA256 | 749ba1f12b52664b41ed3fa4edc873d040e21bd66e770fa9a997d1485259b176 |
| SHA512 | 2b09861fec75c5c3af45c6fc83551d6a1c968601afeb28fafdc00329a2ee52d9c435d4ba232750630e708253fb598d32f337ada4a6ba7da50082129790b1e4da |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | 62b2f245e2ddd80eebc7f66eb00152d6 |
| SHA1 | 2696160f34e1f22970a050d16d8adadf7e2510bb |
| SHA256 | 550c554bb3af77fcf8deb004fddaddb7959d59b261ba4ca2f72769f059a03162 |
| SHA512 | 65d5b9f8bc998907f50bd4f88be554a8dbbd9c4fc83b97cead9d50cdf266decb300b892345fde88045ac338cef0df7090fed660f69075bc19ec1a7b0de206b27 |
memory/2840-1526-0x00007FFCBAAB0000-0x00007FFCBAAB1000-memory.dmp
\??\pipe\crashpad_4828_QUDTXXJZINZGHGCX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
memory/3000-1579-0x00007FFCB8F60000-0x00007FFCB8F61000-memory.dmp
memory/3000-1580-0x00007FFCBA690000-0x00007FFCBA691000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | f2a2a0dc285a73dc13c7148cc2690246 |
| SHA1 | c2f45b5dbd823cb4f02b704e72544b0b131aedbd |
| SHA256 | 3c746914e5f52a3c77bd23ade23e39a7862f93030d4581a09a697ed00c125317 |
| SHA512 | 4abc77ff4121da1623610639c4d4baeec3d5e3db224be94d93b6be98840a3d00d1a7aa5898c41a081f17a485ac17b032b0dfe144e7c29fc918004ddf38914ff6 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | 0a0bc2e9ad20a6a5ae92a7a5b5dc60c6 |
| SHA1 | 29adab97f53532c71860ac4a08542d4f5a00247d |
| SHA256 | a42d6381cf9c78b65c92dd05f115931e5844c408acce43da119cd079375d09f9 |
| SHA512 | 866c3cfc64eea01ddc2c4de63ac16aa4828076fc6c8a3ce6808d0bafc19587a3aa0e50b2d4cb9037d834ef25d65547b4a569be2640597837e443bfc32a29e8fd |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | f1dc4ddd305b8e2293150089442115cd |
| SHA1 | 5711a5955a8b62c9f8d2aa022d535e5ec956e394 |
| SHA256 | 1aad0871722970ffcfc34d7cae4e4b2cd2344718959a376b53ed59e8e7d3e096 |
| SHA512 | 4f5dfb835a99ac3fd6e97f7b682641641156af3297ddccfa32e65f53fec7710a37cd87d46c5b651760938a973344eafcbfa468a2d15e8a6bcf605fb918170138 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
memory/4168-1644-0x00007FFCBAAB0000-0x00007FFCBAAB1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\index.html
| MD5 | 08d9ac1e35385587b0c3c8a73ea97234 |
| SHA1 | d1db15b5e97152be999339d90630f68ed06a6b78 |
| SHA256 | 016cadaa9a8494b15efea920a5ea9c02b441e90dbc7c444e73db3b307f93a741 |
| SHA512 | 8061a5a92f828642ea2fcb319571efa406ed67a75b4d4da1aeb3da96391a72fcde670e3e52efef62d37ddc17f7eca5afa0d35aa02bfd1bcadd8e86240cb802a6 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\loader.js
| MD5 | 8a3086f6c6298f986bda09080dd003b1 |
| SHA1 | 8c7d41c586bfa015fb5cc50a2fdc547711b57c3c |
| SHA256 | 0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9 |
| SHA512 | 9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.js
| MD5 | 9399a8eaa741d04b0ae6566a5ebb8106 |
| SHA1 | 5646a9d35b773d784ad914417ed861c5cba45e31 |
| SHA256 | 93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18 |
| SHA512 | d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.css
| MD5 | 233217455a3ef3604bf4942024b94f98 |
| SHA1 | 95cd3ce46f4ca65708ec25d59dddbfa3fc44e143 |
| SHA256 | 2ec118616a1370e7c37342da85834ca1819400c28f83abfcbbb1ef50b51f7701 |
| SHA512 | 6f4cb7b88673666b7dc1beab3ec2aec4d7d353e6da9f6f14ed2fee8848c7da34ee5060d9eb34ecbb5db71b5b98e3f8582c09ef3efe4f2d9d3135dea87d497455 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.nls.js
| MD5 | 74dd2381ddbb5af80ce28aefed3068fc |
| SHA1 | 0996dc91842ab20387e08a46f3807a3f77958902 |
| SHA256 | fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48 |
| SHA512 | 8841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\basic-languages\lua\lua.js
| MD5 | 8706d861294e09a1f2f7e63d19e5fcb7 |
| SHA1 | fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23 |
| SHA256 | fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42 |
| SHA512 | 1f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f |
memory/3908-1686-0x0000000180000000-0x0000000180A63000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | 4c9a1107992b705326dbce396fbc01b4 |
| SHA1 | b1a3191fdb4669f2ad964052723ee92ad4ccb9b9 |
| SHA256 | 630cba92ee4b00530783614c92b23c53940203a15bfc9ef5909d7554dec58da6 |
| SHA512 | fae031e8368367c5208735058e0e90bed3c9ed219d4a57e73d52fe9cfefff4fbf21079e94d67ff06cfcb018faf5aed0d3d678dc06f58af486d7d8a9f44a251ee |
memory/2840-1704-0x0000024B9B350000-0x0000024B9B3FD000-memory.dmp
memory/3908-1708-0x00007FFC9C3E3000-0x00007FFC9C3E5000-memory.dmp
memory/3908-1707-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3908-1709-0x00007FFC9C3E0000-0x00007FFC9CEA1000-memory.dmp
memory/3908-1711-0x00007FFC9C3E0000-0x00007FFC9CEA1000-memory.dmp
memory/3908-1712-0x00007FFC9C3E0000-0x00007FFC9CEA1000-memory.dmp
memory/3908-1713-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3908-1714-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3908-1716-0x0000000180000000-0x0000000180A63000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\c7284167-7348-42db-8d98-43ea2314a1b0.tmp
| MD5 | 96bd3e14d792303b2ec9e09e2e5d00e0 |
| SHA1 | 57c14747b49d41ed860cc6863d49c17bac783c24 |
| SHA256 | d7ccf16767112f46e446109210c055ace7c0176e94371b410d542cfc7a105e69 |
| SHA512 | c443314fd94a74b23fb61fb4b74f1b1185f245750666691e485b363915503a347f80b3dd7167b8edbaa02077042190322d07875fcc7c89b6d5902f50c8c0c8ee |
memory/3908-1736-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3908-1738-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3908-1740-0x0000000180000000-0x0000000180A63000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\Network Persistent State
| MD5 | e53b6784280978d2d37a8a92f0134402 |
| SHA1 | f07d6364efc6d100e745aef309d2dfbad5b51b37 |
| SHA256 | fb71d591d6296e3920a88293f2e4877762ee0d6b439d8350d69c46575d6420a3 |
| SHA512 | 77bac304f6a045df1e4062e79b2c61fd8a62cfcffcf7cd8fbb113b193340aaf82f0f579ef4e91e33aaed3ab4b836016f0564ecfd042c9c4ffd5967f057733434 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe5880d3.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Program Files\chrome_Unpacker_BeginUnzipping4828_1349528331\manifest.json
| MD5 | 58d3ca1189df439d0538a75912496bcf |
| SHA1 | 99af5b6a006a6929cc08744d1b54e3623fec2f36 |
| SHA256 | a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437 |
| SHA512 | afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2 |
C:\Program Files\chrome_Unpacker_BeginUnzipping4828_1349528331\manifest.fingerprint
| MD5 | 0c9218609241dbaa26eba66d5aaf08ab |
| SHA1 | 31f1437c07241e5f075268212c11a566ceb514ec |
| SHA256 | 52493422ac4c18918dc91ef5c4d0e50c130ea3aa99915fa542b890a79ea94f2b |
| SHA512 | 5d25a1fb8d9e902647673975f13d7ca11e1f00f3c19449973d6b466d333198768e777b8cae5becef5c66c9a0c0ef320a65116b5070c66e3b9844461bb0ffa47f |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json
| MD5 | 6bbb18bb210b0af189f5d76a65f7ad80 |
| SHA1 | 87b804075e78af64293611a637504273fadfe718 |
| SHA256 | 01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c |
| SHA512 | 4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d |
memory/3908-1791-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3908-1802-0x0000000180000000-0x0000000180A63000-memory.dmp
C:\Program Files\chrome_Unpacker_BeginUnzipping4828_2052178261\manifest.json
| MD5 | b6911958067e8d96526537faed1bb9ef |
| SHA1 | a47b5be4fe5bc13948f891d8f92917e3a11ebb6e |
| SHA256 | 341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648 |
| SHA512 | 62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\CertificateRevocation\6498.2023.8.1\crl-set
| MD5 | d246e8dc614619ad838c649e09969503 |
| SHA1 | 70b7cf937136e17d8cf325b7212f58cba5975b53 |
| SHA256 | 9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1 |
| SHA512 | 736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb |
memory/3908-1835-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3908-1837-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3908-1839-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/4804-1842-0x000001F325160000-0x000001F325161000-memory.dmp
memory/4804-1841-0x000001F325160000-0x000001F325161000-memory.dmp
memory/4804-1840-0x000001F325160000-0x000001F325161000-memory.dmp
memory/4804-1846-0x000001F325160000-0x000001F325161000-memory.dmp
memory/4804-1848-0x000001F325160000-0x000001F325161000-memory.dmp
memory/4804-1852-0x000001F325160000-0x000001F325161000-memory.dmp
memory/4804-1851-0x000001F325160000-0x000001F325161000-memory.dmp
memory/4804-1850-0x000001F325160000-0x000001F325161000-memory.dmp
memory/4804-1849-0x000001F325160000-0x000001F325161000-memory.dmp
memory/4804-1847-0x000001F325160000-0x000001F325161000-memory.dmp
C:\Program Files\chrome_Unpacker_BeginUnzipping4828_1891950919\manifest.json
| MD5 | ba25fcf816a017558d3434583e9746b8 |
| SHA1 | be05c87f7adf6b21273a4e94b3592618b6a4a624 |
| SHA256 | 0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11 |
| SHA512 | 3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f |
memory/3908-1875-0x0000000180000000-0x0000000180A63000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
| MD5 | 0f9d900671ae72de9624338bd3c69453 |
| SHA1 | 3d43c922bc17e15a030b05c41488f79f79a735e1 |
| SHA256 | 5469e149714fb70ece0bebf0859a06852afac84e7555a85c88750ea72e3ce452 |
| SHA512 | 71beceea3542c5f35022e5179347d755e0cd6aeb0d6ef04a3aca643bd372f861de7811da5321bcccf4e6ef9add98f60722e73c0bd5141194e70d12f6f1378eb3 |
memory/3908-1895-0x0000000180000000-0x0000000180A63000-memory.dmp