Analysis
-
max time kernel
62s -
max time network
62s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
15-06-2024 18:21
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip
Resource
win10v2004-20240508-en
General
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Executes dropped EXE 1 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exepid process 3120 cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Loads dropped DLL 5 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exepid process 3120 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3120 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3120 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3120 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3120 cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll themida behavioral1/memory/3120-1698-0x0000000180000000-0x0000000180AC0000-memory.dmp themida behavioral1/memory/3120-1707-0x0000000180000000-0x0000000180AC0000-memory.dmp themida -
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
Processes:
flow ioc 35 raw.githubusercontent.com 36 raw.githubusercontent.com 41 raw.githubusercontent.com 42 raw.githubusercontent.com 44 raw.githubusercontent.com 46 raw.githubusercontent.com -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exepid process 3120 cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629493735714900" chrome.exe -
Modifies registry class 1 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings chrome.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
chrome.exeSolaraBootstrapper.execd57e4c171d6e8f5ea8b8f824a6a7316.exepid process 3800 chrome.exe 3800 chrome.exe 2144 SolaraBootstrapper.exe 2144 SolaraBootstrapper.exe 3120 cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
Processes:
chrome.exepid process 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe Token: SeShutdownPrivilege 3800 chrome.exe Token: SeCreatePagefilePrivilege 3800 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
Processes:
chrome.execd57e4c171d6e8f5ea8b8f824a6a7316.exepid process 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3120 cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe 3800 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 3800 wrote to memory of 3820 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 3820 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1036 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1280 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 1280 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe PID 3800 wrote to memory of 2008 3800 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3800 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8d2ae9758,0x7ff8d2ae9768,0x7ff8d2ae97782⤵PID:3820
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:22⤵PID:1036
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:82⤵PID:1280
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:82⤵PID:2008
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2812 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:12⤵PID:4548
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2820 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:12⤵PID:3752
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:82⤵PID:4156
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:82⤵PID:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:82⤵PID:2888
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:82⤵PID:2900
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5600 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:12⤵PID:3388
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:82⤵PID:2336
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:68
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4452
-
C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe"C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2144 -
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:3120
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5d34f7cc2f21dde46563ca17e88ec3f5d
SHA175678493bd4b40037176abe874ca508aaacfbcb2
SHA256beda3fbfc5330a009cb3cc796b3f716cb9222f91eb359507743ea650da2e7eda
SHA512e3c8486dff26e822de9dc9c5fe6263c0bb0956ce4a97a6e205c160c6b0a110550695b2dee1316bfa52a48358ac677009e82b9b40a355267ce05682bf75aa1d30
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5ae9be2f73957487c1dc4e67140cf8370
SHA127d097e5540e26ec4ed5a76c046ecb3bf38d44c4
SHA256a4b7ed4b416ed595984b0c47fa70b79827ba29f980ad09253fa9f1cadfa54e7b
SHA51264873147c5e525399a074a0e304ffc653f528ecc8d9aecb20ff1612e24f8770ee1bb47f7192336525465f9e959ffd959bbdea1c3a5090c0b7845401db55f7284
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5c20930c93e9ef61c0517f3b0f6c0a5a5
SHA15a97c67c167ffcded4fb12f943cea6f66c985933
SHA2565836ec3bc3916f3829bcadb072c63af5d15d9b0c6eff16bda762103b8e86d832
SHA512edf57f54d51faf8d545fee291e1f28ab677cc05fcad9d47621f3445e53fa7a9b2af9f1044ae1bd5fb8cd671462023ab4bf173d6f48cb8786395d0e5254f8ee20
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5760ecfc0758b9d7f9288e7523ed48288
SHA1365d8c2db24f4f5a66798824ab5dbc467afed5be
SHA256fc86a42d75b4f3ef841f7bf13e2f55c66da19348355336d0cb65d4a3821dd80b
SHA5129967381e3d2f8a90004faac8969cd36384b6008753864c67b766a06dc0724bc24365034cfb89445b5f93a4f84b856c4749f162bc26452fa0934e70366a8319d2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5e03169138591aff8cd26b031f9e2ee56
SHA1429cb50cca73e56fad49c04547aefd3b711a89e9
SHA256bea0db26105d009f55f4187aa630d3c0a091e8598e9cdd52432ee83ceac1d5cb
SHA512a6f768dcdaaa146633835a324eb81691d6a8d2d11efccce656e5510d8ad85439d4676c0c7f0f8c8eeffeb15c52e0852702e33a2c574186886d25269298a98196
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD53f98f92d727228d4b8899fb4440de1bc
SHA1534e8d3b5f9f2b53f6a374bdafa7d321bad866d6
SHA256f3f2477374f88c81ea0d037b1495c8902492633b1a0d83d60bc850741c668082
SHA512f4903cc58ee66825a78489e4e25cd307684f0a938707de0eae49a73845fdc072d047cfae1a85125e7ecf0d7a400942eefb3ef3cbf602afd9de8d52a70fa102fb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
136KB
MD5b393a7d38c8e12b8900e98c8b5a13042
SHA19ac2f9da39a31a008cb16816dbd541b90a6380ba
SHA2569d7dc819252830d3207569f06e00f0d07c3bafac57e66ecf73152914b56c02e4
SHA51207a0f2ad18cd27ed88e9ba8429eed659e0266e19c0cb9ae9690ead1f2876965b9f2f46d7b5c1088247ce0be74bf5a6d2c92e2893bba629af1e76c8f7a191c93b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
136KB
MD5f4b7d46c901f096a255381bf1ee81edd
SHA1238046ab395158b294731c53b14c9bd8c2948671
SHA2560c4cf391161abf7cd77d396e2fc763aa79113e14c79ef70c5b24159c7017273f
SHA5120dd8ac3dd5d1cb6eeb450d02386f0700bd35c161ee79f9a75516982c605f9579e30d371c03bc426a1f0ba564a23ba7fd202f50356f76d07c92e22caac348c4a7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
109KB
MD58babef4e42c465a8e7cfe24a8b606259
SHA11117dc0c5c9d0ef5547382cd06a70aa9ff9d7620
SHA256485ff94d76b15af0f99884c1aae0a5d81b0dc411ae16495a74c4c93e44f29c74
SHA512399529566bdcc1cb7955c314c2f74103a09d8bf55a5a6b78a1714b1ec08fe8bb6f3ecbe2f5022c6b971792d82841d663c8f67a54c26e4bc363475475fe069f07
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e7d0.TMPFilesize
98KB
MD525b1cb3c4d11437b0e5438c8a547e2ac
SHA11a5ba5fc1d805546f09c2e5d8de0ae3b013e448c
SHA256be5d9fe7e3e7ab3f780e5aa0c4278aa214ed20e3fb553f6bc1d809c15ca91822
SHA512e6d832d3169c9f8c9538b1486dcbee3fe4a46957e50cad88130a1f201128a7eeae64bd50bb43e38ee2e012dd8e8d351da47559f6eaf21be831ad062c95f20b25
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dllFilesize
488KB
MD5851fee9a41856b588847cf8272645f58
SHA1ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA2565e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dllFilesize
37KB
MD54cf94ffa50fd9bdc0bb93cceaede0629
SHA13e30eca720f4c2a708ec53fd7f1ba9e778b4f95f
SHA25650b2e46c99076f6fa9c33e0a98f0fe3a2809a7c647bb509066e58f4c7685d7e6
SHA512dc400518ef2f68920d90f1ce66fbb8f4dde2294e0efeecd3d9329aa7a66e1ab53487b120e13e15f227ea51784f90208c72d7fbfa9330d9b71dd9a1a727d11f98
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dllFilesize
43KB
MD534ec990ed346ec6a4f14841b12280c20
SHA16587164274a1ae7f47bdb9d71d066b83241576f0
SHA2561e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
SHA512b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrcFilesize
139B
MD5d0104f79f0b4f03bbcd3b287fa04cf8c
SHA154f9d7adf8943cb07f821435bb269eb4ba40ccc2
SHA256997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a
SHA512daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrcFilesize
43B
MD5c28b0fe9be6e306cc2ad30fe00e3db10
SHA1af79c81bd61c9a937fca18425dd84cdf8317c8b9
SHA2560694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641
SHA512e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrcFilesize
216B
MD5c2ab942102236f987048d0d84d73d960
SHA195462172699187ac02eaec6074024b26e6d71cff
SHA256948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a
SHA512e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSEFilesize
1KB
MD513babc4f212ce635d68da544339c962b
SHA14881ad2ec8eb2470a7049421047c6d076f48f1de
SHA256bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400
SHA51240e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dllFilesize
133KB
MD5a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1dd109ac34beb8289030e4ec0a026297b793f64a3
SHA25679d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA5122a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dllFilesize
5.2MB
MD5aead90ab96e2853f59be27c4ec1e4853
SHA143cdedde26488d3209e17efff9a51e1f944eb35f
SHA25646cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txtFilesize
48B
MD5be2a7d7f566380c227aee6c9352ba882
SHA1b8b1236b1ce17f295b2780622cad96f4a1694b46
SHA256fa95da2b65d081614dc31c4ec93f5443a42fca6f0fec3552d341b7588cd0a0e6
SHA512771cacef95bf3f9564fa59f72654e269b280b08ed388910c60d911a5a265c3ccdadb75060e502981301c38041eb25d7097731901aa431822f47208d10a73c67b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exeFilesize
86KB
MD5d213a75b1956398e4c36bcc2f93339bf
SHA16a2739cc0e67f5593c744fbcbc8f00f12eef9954
SHA256ece75d080f94df4b3699389021337b1536cfed229d1325f09b03f0b0d6d85ab4
SHA512d32ddaf4c6f8f8df6c390d683e6c039f3b0d8f35f68f690b28bf88b17caedf0e11abd3aeb2e46238d0cd0a91b2db095cca0782b4e27f04453ea4cb6db38f4dd7
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dllFilesize
522KB
MD5e31f5136d91bad0fcbce053aac798a30
SHA1ee785d2546aec4803bcae08cdebfd5d168c42337
SHA256ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
SHA512a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6
-
\??\pipe\crashpad_3800_YQZJCREMTYCPWFVYMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dllFilesize
4.1MB
MD5c2bde3ba169916206ef61ce2af29abd5
SHA19ea8cc423fdd68280988d94f2eac468e445d34f8
SHA2562099337afdfc49b325763e2e741253aac15c195e0010039a625459e8ea1ac526
SHA512442e5935be20dd345fb9940113a7db2e06649eb36fc79a4b7128e3054c8a27a34c62b826397b2d46810ea32f3b2d8367bb375b7996019fcbc2d400dff5f21ca0
-
\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dllFilesize
99KB
MD57a2b8cfcd543f6e4ebca43162b67d610
SHA1c1c45a326249bf0ccd2be2fbd412f1a62fb67024
SHA2567d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f
SHA512e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8
-
\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dllFilesize
113KB
MD575365924730b0b2c1a6ee9028ef07685
SHA1a10687c37deb2ce5422140b541a64ac15534250f
SHA256945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b
SHA512c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1
-
memory/2144-209-0x0000000002A20000-0x0000000002A2A000-memory.dmpFilesize
40KB
-
memory/2144-208-0x0000000000770000-0x000000000077A000-memory.dmpFilesize
40KB
-
memory/2144-207-0x0000000073A5E000-0x0000000073A5F000-memory.dmpFilesize
4KB
-
memory/2144-211-0x0000000005B40000-0x0000000005B52000-memory.dmpFilesize
72KB
-
memory/3120-1687-0x00000275587A0000-0x000002755881E000-memory.dmpFilesize
504KB
-
memory/3120-1685-0x0000027557A70000-0x0000027557A7E000-memory.dmpFilesize
56KB
-
memory/3120-1683-0x00000275584B0000-0x0000027558568000-memory.dmpFilesize
736KB
-
memory/3120-1698-0x0000000180000000-0x0000000180AC0000-memory.dmpFilesize
10.8MB
-
memory/3120-1682-0x0000027558870000-0x0000027558DAC000-memory.dmpFilesize
5.2MB
-
memory/3120-1680-0x000002753D480000-0x000002753D49A000-memory.dmpFilesize
104KB
-
memory/3120-1701-0x0000027558850000-0x0000027558858000-memory.dmpFilesize
32KB
-
memory/3120-1702-0x000002755D350000-0x000002755D388000-memory.dmpFilesize
224KB
-
memory/3120-1703-0x000002755D410000-0x000002755D41E000-memory.dmpFilesize
56KB
-
memory/3120-1707-0x0000000180000000-0x0000000180AC0000-memory.dmpFilesize
10.8MB