Analysis

  • max time kernel
    62s
  • max time network
    62s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15-06-2024 18:21

General

  • Target

    https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3800
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8d2ae9758,0x7ff8d2ae9768,0x7ff8d2ae9778
      2⤵
        PID:3820
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:2
        2⤵
          PID:1036
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:8
          2⤵
            PID:1280
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:8
            2⤵
              PID:2008
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2812 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:1
              2⤵
                PID:4548
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2820 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:1
                2⤵
                  PID:3752
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:8
                  2⤵
                    PID:4156
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:8
                    2⤵
                      PID:8
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:8
                      2⤵
                        PID:2888
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:8
                        2⤵
                          PID:2900
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5600 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:1
                          2⤵
                            PID:3388
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1844,i,2989448065864983884,16014640916018691802,131072 /prefetch:8
                            2⤵
                              PID:2336
                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                            1⤵
                              PID:68
                            • C:\Windows\System32\rundll32.exe
                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                              1⤵
                                PID:4452
                              • C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe
                                "C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe"
                                1⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:2144
                                • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
                                  "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
                                  2⤵
                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                  • Checks BIOS information in registry
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Checks whether UAC is enabled
                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of FindShellTrayWindow
                                  PID:3120

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                1KB

                                MD5

                                d34f7cc2f21dde46563ca17e88ec3f5d

                                SHA1

                                75678493bd4b40037176abe874ca508aaacfbcb2

                                SHA256

                                beda3fbfc5330a009cb3cc796b3f716cb9222f91eb359507743ea650da2e7eda

                                SHA512

                                e3c8486dff26e822de9dc9c5fe6263c0bb0956ce4a97a6e205c160c6b0a110550695b2dee1316bfa52a48358ac677009e82b9b40a355267ce05682bf75aa1d30

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                Filesize

                                1KB

                                MD5

                                ae9be2f73957487c1dc4e67140cf8370

                                SHA1

                                27d097e5540e26ec4ed5a76c046ecb3bf38d44c4

                                SHA256

                                a4b7ed4b416ed595984b0c47fa70b79827ba29f980ad09253fa9f1cadfa54e7b

                                SHA512

                                64873147c5e525399a074a0e304ffc653f528ecc8d9aecb20ff1612e24f8770ee1bb47f7192336525465f9e959ffd959bbdea1c3a5090c0b7845401db55f7284

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                Filesize

                                1KB

                                MD5

                                c20930c93e9ef61c0517f3b0f6c0a5a5

                                SHA1

                                5a97c67c167ffcded4fb12f943cea6f66c985933

                                SHA256

                                5836ec3bc3916f3829bcadb072c63af5d15d9b0c6eff16bda762103b8e86d832

                                SHA512

                                edf57f54d51faf8d545fee291e1f28ab677cc05fcad9d47621f3445e53fa7a9b2af9f1044ae1bd5fb8cd671462023ab4bf173d6f48cb8786395d0e5254f8ee20

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                760ecfc0758b9d7f9288e7523ed48288

                                SHA1

                                365d8c2db24f4f5a66798824ab5dbc467afed5be

                                SHA256

                                fc86a42d75b4f3ef841f7bf13e2f55c66da19348355336d0cb65d4a3821dd80b

                                SHA512

                                9967381e3d2f8a90004faac8969cd36384b6008753864c67b766a06dc0724bc24365034cfb89445b5f93a4f84b856c4749f162bc26452fa0934e70366a8319d2

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                e03169138591aff8cd26b031f9e2ee56

                                SHA1

                                429cb50cca73e56fad49c04547aefd3b711a89e9

                                SHA256

                                bea0db26105d009f55f4187aa630d3c0a091e8598e9cdd52432ee83ceac1d5cb

                                SHA512

                                a6f768dcdaaa146633835a324eb81691d6a8d2d11efccce656e5510d8ad85439d4676c0c7f0f8c8eeffeb15c52e0852702e33a2c574186886d25269298a98196

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                3f98f92d727228d4b8899fb4440de1bc

                                SHA1

                                534e8d3b5f9f2b53f6a374bdafa7d321bad866d6

                                SHA256

                                f3f2477374f88c81ea0d037b1495c8902492633b1a0d83d60bc850741c668082

                                SHA512

                                f4903cc58ee66825a78489e4e25cd307684f0a938707de0eae49a73845fdc072d047cfae1a85125e7ecf0d7a400942eefb3ef3cbf602afd9de8d52a70fa102fb

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                Filesize

                                136KB

                                MD5

                                b393a7d38c8e12b8900e98c8b5a13042

                                SHA1

                                9ac2f9da39a31a008cb16816dbd541b90a6380ba

                                SHA256

                                9d7dc819252830d3207569f06e00f0d07c3bafac57e66ecf73152914b56c02e4

                                SHA512

                                07a0f2ad18cd27ed88e9ba8429eed659e0266e19c0cb9ae9690ead1f2876965b9f2f46d7b5c1088247ce0be74bf5a6d2c92e2893bba629af1e76c8f7a191c93b

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                Filesize

                                136KB

                                MD5

                                f4b7d46c901f096a255381bf1ee81edd

                                SHA1

                                238046ab395158b294731c53b14c9bd8c2948671

                                SHA256

                                0c4cf391161abf7cd77d396e2fc763aa79113e14c79ef70c5b24159c7017273f

                                SHA512

                                0dd8ac3dd5d1cb6eeb450d02386f0700bd35c161ee79f9a75516982c605f9579e30d371c03bc426a1f0ba564a23ba7fd202f50356f76d07c92e22caac348c4a7

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                Filesize

                                109KB

                                MD5

                                8babef4e42c465a8e7cfe24a8b606259

                                SHA1

                                1117dc0c5c9d0ef5547382cd06a70aa9ff9d7620

                                SHA256

                                485ff94d76b15af0f99884c1aae0a5d81b0dc411ae16495a74c4c93e44f29c74

                                SHA512

                                399529566bdcc1cb7955c314c2f74103a09d8bf55a5a6b78a1714b1ec08fe8bb6f3ecbe2f5022c6b971792d82841d663c8f67a54c26e4bc363475475fe069f07

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e7d0.TMP
                                Filesize

                                98KB

                                MD5

                                25b1cb3c4d11437b0e5438c8a547e2ac

                                SHA1

                                1a5ba5fc1d805546f09c2e5d8de0ae3b013e448c

                                SHA256

                                be5d9fe7e3e7ab3f780e5aa0c4278aa214ed20e3fb553f6bc1d809c15ca91822

                                SHA512

                                e6d832d3169c9f8c9538b1486dcbee3fe4a46957e50cad88130a1f201128a7eeae64bd50bb43e38ee2e012dd8e8d351da47559f6eaf21be831ad062c95f20b25

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                                Filesize

                                2B

                                MD5

                                99914b932bd37a50b983c5e7c90ae93b

                                SHA1

                                bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                SHA256

                                44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                SHA512

                                27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
                                Filesize

                                488KB

                                MD5

                                851fee9a41856b588847cf8272645f58

                                SHA1

                                ee185a1ff257c86eb19d30a191bf0695d5ac72a1

                                SHA256

                                5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

                                SHA512

                                cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dll
                                Filesize

                                37KB

                                MD5

                                4cf94ffa50fd9bdc0bb93cceaede0629

                                SHA1

                                3e30eca720f4c2a708ec53fd7f1ba9e778b4f95f

                                SHA256

                                50b2e46c99076f6fa9c33e0a98f0fe3a2809a7c647bb509066e58f4c7685d7e6

                                SHA512

                                dc400518ef2f68920d90f1ce66fbb8f4dde2294e0efeecd3d9329aa7a66e1ab53487b120e13e15f227ea51784f90208c72d7fbfa9330d9b71dd9a1a727d11f98

                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
                                Filesize

                                43KB

                                MD5

                                34ec990ed346ec6a4f14841b12280c20

                                SHA1

                                6587164274a1ae7f47bdb9d71d066b83241576f0

                                SHA256

                                1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

                                SHA512

                                b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
                                Filesize

                                139B

                                MD5

                                d0104f79f0b4f03bbcd3b287fa04cf8c

                                SHA1

                                54f9d7adf8943cb07f821435bb269eb4ba40ccc2

                                SHA256

                                997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

                                SHA512

                                daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
                                Filesize

                                43B

                                MD5

                                c28b0fe9be6e306cc2ad30fe00e3db10

                                SHA1

                                af79c81bd61c9a937fca18425dd84cdf8317c8b9

                                SHA256

                                0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

                                SHA512

                                e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
                                Filesize

                                216B

                                MD5

                                c2ab942102236f987048d0d84d73d960

                                SHA1

                                95462172699187ac02eaec6074024b26e6d71cff

                                SHA256

                                948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

                                SHA512

                                e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
                                Filesize

                                1KB

                                MD5

                                13babc4f212ce635d68da544339c962b

                                SHA1

                                4881ad2ec8eb2470a7049421047c6d076f48f1de

                                SHA256

                                bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

                                SHA512

                                40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll
                                Filesize

                                133KB

                                MD5

                                a0bd0d1a66e7c7f1d97aedecdafb933f

                                SHA1

                                dd109ac34beb8289030e4ec0a026297b793f64a3

                                SHA256

                                79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

                                SHA512

                                2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
                                Filesize

                                5.2MB

                                MD5

                                aead90ab96e2853f59be27c4ec1e4853

                                SHA1

                                43cdedde26488d3209e17efff9a51e1f944eb35f

                                SHA256

                                46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

                                SHA512

                                f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt
                                Filesize

                                48B

                                MD5

                                be2a7d7f566380c227aee6c9352ba882

                                SHA1

                                b8b1236b1ce17f295b2780622cad96f4a1694b46

                                SHA256

                                fa95da2b65d081614dc31c4ec93f5443a42fca6f0fec3552d341b7588cd0a0e6

                                SHA512

                                771cacef95bf3f9564fa59f72654e269b280b08ed388910c60d911a5a265c3ccdadb75060e502981301c38041eb25d7097731901aa431822f47208d10a73c67b

                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
                                Filesize

                                86KB

                                MD5

                                d213a75b1956398e4c36bcc2f93339bf

                                SHA1

                                6a2739cc0e67f5593c744fbcbc8f00f12eef9954

                                SHA256

                                ece75d080f94df4b3699389021337b1536cfed229d1325f09b03f0b0d6d85ab4

                                SHA512

                                d32ddaf4c6f8f8df6c390d683e6c039f3b0d8f35f68f690b28bf88b17caedf0e11abd3aeb2e46238d0cd0a91b2db095cca0782b4e27f04453ea4cb6db38f4dd7

                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
                                Filesize

                                522KB

                                MD5

                                e31f5136d91bad0fcbce053aac798a30

                                SHA1

                                ee785d2546aec4803bcae08cdebfd5d168c42337

                                SHA256

                                ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

                                SHA512

                                a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

                              • \??\pipe\crashpad_3800_YQZJCREMTYCPWFVY
                                MD5

                                d41d8cd98f00b204e9800998ecf8427e

                                SHA1

                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                SHA256

                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                SHA512

                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                              • \Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll
                                Filesize

                                4.1MB

                                MD5

                                c2bde3ba169916206ef61ce2af29abd5

                                SHA1

                                9ea8cc423fdd68280988d94f2eac468e445d34f8

                                SHA256

                                2099337afdfc49b325763e2e741253aac15c195e0010039a625459e8ea1ac526

                                SHA512

                                442e5935be20dd345fb9940113a7db2e06649eb36fc79a4b7128e3054c8a27a34c62b826397b2d46810ea32f3b2d8367bb375b7996019fcbc2d400dff5f21ca0

                              • \Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dll
                                Filesize

                                99KB

                                MD5

                                7a2b8cfcd543f6e4ebca43162b67d610

                                SHA1

                                c1c45a326249bf0ccd2be2fbd412f1a62fb67024

                                SHA256

                                7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

                                SHA512

                                e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

                              • \Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
                                Filesize

                                113KB

                                MD5

                                75365924730b0b2c1a6ee9028ef07685

                                SHA1

                                a10687c37deb2ce5422140b541a64ac15534250f

                                SHA256

                                945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

                                SHA512

                                c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

                              • memory/2144-209-0x0000000002A20000-0x0000000002A2A000-memory.dmp
                                Filesize

                                40KB

                              • memory/2144-208-0x0000000000770000-0x000000000077A000-memory.dmp
                                Filesize

                                40KB

                              • memory/2144-207-0x0000000073A5E000-0x0000000073A5F000-memory.dmp
                                Filesize

                                4KB

                              • memory/2144-211-0x0000000005B40000-0x0000000005B52000-memory.dmp
                                Filesize

                                72KB

                              • memory/3120-1687-0x00000275587A0000-0x000002755881E000-memory.dmp
                                Filesize

                                504KB

                              • memory/3120-1685-0x0000027557A70000-0x0000027557A7E000-memory.dmp
                                Filesize

                                56KB

                              • memory/3120-1683-0x00000275584B0000-0x0000027558568000-memory.dmp
                                Filesize

                                736KB

                              • memory/3120-1698-0x0000000180000000-0x0000000180AC0000-memory.dmp
                                Filesize

                                10.8MB

                              • memory/3120-1682-0x0000027558870000-0x0000027558DAC000-memory.dmp
                                Filesize

                                5.2MB

                              • memory/3120-1680-0x000002753D480000-0x000002753D49A000-memory.dmp
                                Filesize

                                104KB

                              • memory/3120-1701-0x0000027558850000-0x0000027558858000-memory.dmp
                                Filesize

                                32KB

                              • memory/3120-1702-0x000002755D350000-0x000002755D388000-memory.dmp
                                Filesize

                                224KB

                              • memory/3120-1703-0x000002755D410000-0x000002755D41E000-memory.dmp
                                Filesize

                                56KB

                              • memory/3120-1707-0x0000000180000000-0x0000000180AC0000-memory.dmp
                                Filesize

                                10.8MB