Analysis

  • max time kernel
    233s
  • max time network
    227s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15-06-2024 18:21

General

  • Target

    https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • Downloads MZ/PE file
  • Sets file execution options in registry 2 TTPs 2 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 15 IoCs
  • Loads dropped DLL 14 IoCs
  • Registers COM server for autorun 1 TTPs 31 IoCs
  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
  • Checks system information in the registry 2 TTPs 8 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 11 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 55 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 50 IoCs
  • Suspicious use of SendNotifyMessage 28 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5036
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdd0309758,0x7ffdd0309768,0x7ffdd0309778
      2⤵
        PID:4728
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:2
        2⤵
          PID:4664
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:8
          2⤵
            PID:4960
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:8
            2⤵
              PID:3868
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:1
              2⤵
                PID:4920
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:1
                2⤵
                  PID:4296
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:8
                  2⤵
                    PID:2308
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:8
                    2⤵
                      PID:2248
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1632 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:8
                      2⤵
                        PID:512
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:8
                        2⤵
                          PID:1672
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5408 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:1
                          2⤵
                            PID:3624
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:8
                            2⤵
                              PID:1364
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=764 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:1
                              2⤵
                                PID:3292
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2244 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:1
                                2⤵
                                  PID:348
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5804 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:8
                                  2⤵
                                    PID:2220
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5964 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:8
                                    2⤵
                                      PID:64
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6056 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:1
                                      2⤵
                                        PID:1496
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5684 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:2
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:4256
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6004 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:1
                                        2⤵
                                          PID:4968
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5256 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:1
                                          2⤵
                                            PID:4224
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5860 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:1
                                            2⤵
                                              PID:4256
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6128 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:8
                                              2⤵
                                                PID:740
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5360 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:8
                                                2⤵
                                                  PID:2988
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=948 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:8
                                                  2⤵
                                                    PID:3952
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5288 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:8
                                                    2⤵
                                                      PID:4216
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5408 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:8
                                                      2⤵
                                                        PID:616
                                                      • C:\Users\Admin\Downloads\MicrosoftEdgeWebview2Setup.exe
                                                        "C:\Users\Admin\Downloads\MicrosoftEdgeWebview2Setup.exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Drops file in Program Files directory
                                                        PID:1288
                                                        • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                          3⤵
                                                          • Sets file execution options in registry
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Checks system information in the registry
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:3480
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Modifies registry class
                                                            PID:1440
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:3304
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Registers COM server for autorun
                                                              • Modifies registry class
                                                              PID:4604
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Registers COM server for autorun
                                                              • Modifies registry class
                                                              PID:4112
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Registers COM server for autorun
                                                              • Modifies registry class
                                                              PID:2256
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuNDEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkE3RkIzNzgtRDU3My00RjM4LTlBMUEtNTlDNTFGMjE0QjNEfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezVCQUE0RDQxLUZENjMtNDNCMy1CM0FELUEyRDBBMDVGRUZERX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTUwNjMuMCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJRRU1VIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4xODcuNDEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYzMDUxNTQ0ODIiIGluc3RhbGxfdGltZV9tcz0iNTU1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Checks system information in the registry
                                                            PID:2700
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{2A7FB378-D573-4F38-9A1A-59C51F214B3D}"
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:3904
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1728,i,6700275962874136917,1908223178086075290,131072 /prefetch:8
                                                        2⤵
                                                          PID:2388
                                                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                        1⤵
                                                          PID:4944
                                                        • C:\Windows\System32\rundll32.exe
                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                          1⤵
                                                            PID:616
                                                          • C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe
                                                            "C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe"
                                                            1⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:500
                                                            • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
                                                              "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
                                                              2⤵
                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                              • Checks BIOS information in registry
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Checks whether UAC is enabled
                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              • Suspicious use of FindShellTrayWindow
                                                              PID:208
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                            1⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Checks system information in the registry
                                                            • Modifies data under HKEY_USERS
                                                            PID:2940
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuNDEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkE3RkIzNzgtRDU3My00RjM4LTlBMUEtNTlDNTFGMjE0QjNEfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7M0UyNkE3RkEtNDE2Ri00MkU5LUFCMTktMjBFQ0JCRDA3MzBCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IlFFTVUiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjcyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTIyMzM3MjIiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1NjcwNjU5MjgzNjIyMjciPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MzI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MzA5MjUxMjQ5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                              2⤵
                                                              • Executes dropped EXE
                                                              • Checks system information in the registry
                                                              • Drops file in System32 directory
                                                              • Modifies data under HKEY_USERS
                                                              PID:1900
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2217CA5E-CE3E-40DE-B762-694C704AC231}\MicrosoftEdge_X64_126.0.2592.56.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2217CA5E-CE3E-40DE-B762-694C704AC231}\MicrosoftEdge_X64_126.0.2592.56.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                              2⤵
                                                              • Executes dropped EXE
                                                              PID:3972
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2217CA5E-CE3E-40DE-B762-694C704AC231}\EDGEMITMP_7EBF5.tmp\setup.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2217CA5E-CE3E-40DE-B762-694C704AC231}\EDGEMITMP_7EBF5.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2217CA5E-CE3E-40DE-B762-694C704AC231}\MicrosoftEdge_X64_126.0.2592.56.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                3⤵
                                                                • Executes dropped EXE
                                                                • Drops file in Program Files directory
                                                                PID:2080
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2217CA5E-CE3E-40DE-B762-694C704AC231}\EDGEMITMP_7EBF5.tmp\setup.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2217CA5E-CE3E-40DE-B762-694C704AC231}\EDGEMITMP_7EBF5.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.57 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2217CA5E-CE3E-40DE-B762-694C704AC231}\EDGEMITMP_7EBF5.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.56 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6c2c8aa40,0x7ff6c2c8aa4c,0x7ff6c2c8aa58
                                                                  4⤵
                                                                  • Executes dropped EXE
                                                                  PID:4976

                                                          Network

                                                          MITRE ATT&CK Enterprise v15

                                                          Replay Monitor

                                                          Loading Replay Monitor...

                                                          Downloads

                                                          • C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Installer\setup.exe
                                                            Filesize

                                                            6.5MB

                                                            MD5

                                                            2db3410f16bfb551b063112f170cfe92

                                                            SHA1

                                                            4ac32b5efaed17e0aab5146774e0a90dd912b0ff

                                                            SHA256

                                                            34a13e267b18b462cfb5c2b13c822d2b7d06b631f0e3257585382a10ef379c72

                                                            SHA512

                                                            e499fd5fca2c9dfca23b11a651a647678d814f7e64cfafd8ce0e3a88621655f7d75eca8fdaa6d1fd248f6549f544ea91411bb7544420a662891fc2cb231bf23a

                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\EdgeUpdate.dat
                                                            Filesize

                                                            12KB

                                                            MD5

                                                            369bbc37cff290adb8963dc5e518b9b8

                                                            SHA1

                                                            de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                                            SHA256

                                                            3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                                            SHA512

                                                            4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                                                            Filesize

                                                            179KB

                                                            MD5

                                                            687ccc0cc0a4c1de97e7f342e7a03baa

                                                            SHA1

                                                            90e600e88b4c9e5bb5514a4e90985a981884f323

                                                            SHA256

                                                            ecbab53f1a62d0459d6ca81f6c004651c09562f8e037b560dcb0890a2c51360d

                                                            SHA512

                                                            4da91ee55de7abb6ce59203edd9ae7e6fcacd5528ac26d9e0bfbd12169db74758a9bc3fde437e3c1d10afc95d74b04b0e94586472b0a0bb15b738f5e6ec41d8d

                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\MicrosoftEdgeUpdate.exe
                                                            Filesize

                                                            201KB

                                                            MD5

                                                            e3f7c1c2e2013558284331586ba2bbb2

                                                            SHA1

                                                            6ebf0601e1c667f8d0b681b0321a73e8f4e91fa3

                                                            SHA256

                                                            d19616ac12d3d536c8fbf034513a4977c88ef2d1676d358a2358fa051c8a42ba

                                                            SHA512

                                                            7d4fd7ad06b05d79211144cbaa0047bdb4910212565b79f292a6bea652735dacf69435b24c73bc679cbdad4207f6352726eb297a1e7af4f7eef14dbc8a2ca42d

                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                            Filesize

                                                            212KB

                                                            MD5

                                                            a177a23ca2ed6147d379d023725aff99

                                                            SHA1

                                                            1a789e5ef7bf9f15f2ccbac5f9cf3750ee41f301

                                                            SHA256

                                                            9c584238ea9189afd6b11cf71604b1c2762ac815d6ca8994788de7e076b21318

                                                            SHA512

                                                            c508ffd3e2cc953d857a2128e29dfdfe0f9e729da38c9cc3022c4376342aec946c6e79176e7885f6637008573c85339bdc8a9e261b3811887ecf5a7dd78383c3

                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\MicrosoftEdgeUpdateCore.exe
                                                            Filesize

                                                            258KB

                                                            MD5

                                                            4f840a334c7f6d2a6cba74f201e83a7f

                                                            SHA1

                                                            cb032c7b1293190f8f1cd466f6ded4bbe71c47a1

                                                            SHA256

                                                            2ff44aa5f48a3e5b3ca3c5a3904be23d29a282b467e30d6f52494df3dc1d612d

                                                            SHA512

                                                            575c20fcdbebb16bcd17a137a656769d355a81817e7fa3743981976998e00bdf3ce42bbfa046c42a835e9e9e7a10ef6f8d7b306de9940fa332817cb2885db833

                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\NOTICE.TXT
                                                            Filesize

                                                            4KB

                                                            MD5

                                                            6dd5bf0743f2366a0bdd37e302783bcd

                                                            SHA1

                                                            e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                                            SHA256

                                                            91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                                            SHA512

                                                            f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdate.dll
                                                            Filesize

                                                            2.1MB

                                                            MD5

                                                            1125e435063e7c722c0079fdf0a5b751

                                                            SHA1

                                                            9b1c36d2b7df507a027314ece2ef96f5b775c422

                                                            SHA256

                                                            7d8d1756343598bc651d62a0e81835820e0d6cf7a995503bb6b129b4bcc37df4

                                                            SHA512

                                                            153f096af5c874c00a3c38602fab590eccf885f642040007b67799ef39d919d7cb261fba43a9ffbd68c8824eddea219505d49e05b3dcc70f00e6016a1fbd12b9

                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_af.dll
                                                            Filesize

                                                            29KB

                                                            MD5

                                                            3a8fa737407a1b3671d6c0f6adaabd8a

                                                            SHA1

                                                            b705b27c99349a90d7a379d64fd38679eed6ec30

                                                            SHA256

                                                            5995a5ae09cb7da69b5a6f8ea1a60406d8ebc2201b627417b578ebe903d22276

                                                            SHA512

                                                            9872f32a727b248d3edafe303e5290e1bae0c270a988500424221970c0041268c1626ebb94712a0b8ba0f21d2f29d833ab9dbc4db884f7f9af5a5063f94d71b5

                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_am.dll
                                                            Filesize

                                                            24KB

                                                            MD5

                                                            86465afa3ac4958849be859307547f57

                                                            SHA1

                                                            9bbde5e4df719b5a7d815dd1704ab8215602f609

                                                            SHA256

                                                            921fce73f4fc7b47749d250f5ab885141bd5ddec2ad057b049e470cffa4a6b20

                                                            SHA512

                                                            13e178e317280cbd585261aa22a840ea2203d4ef5c845f4fd6d5b4fbf216d45aae55153aed43c1fe4284d45391c72e580e612347b2903effece8a2252a13b90e

                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_ar.dll
                                                            Filesize

                                                            26KB

                                                            MD5

                                                            819e3c9e056c95b894f1863208d628a2

                                                            SHA1

                                                            596993f5d21cfd92f29e2ea5b0a870dc2ac19917

                                                            SHA256

                                                            588adf8e9a300e39b51f7404356c4ae863dee1f404664933585f8d9f2467d494

                                                            SHA512

                                                            3a7e67248895ac2cbb1874514bffe62a23cdfff2c3674d21589f528ec283ccf3cc2e3abfea0d81f49046c7ba920f3e64cda100c5a20be69b91ce05095b50c06b

                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_as.dll
                                                            Filesize

                                                            29KB

                                                            MD5

                                                            d1aa2764e05f7c8c88a17bb0cd25b537

                                                            SHA1

                                                            2bee78f103faffe3e25ca20c915cc6b46e2134e4

                                                            SHA256

                                                            3dd5aab43eeaa6202adc115f40fc1feb5332128388c2d8e62176fdea20035097

                                                            SHA512

                                                            80762e4611b8ac451490e5238c0650be048bf315526ed405d9c5837e5002bd6a9526f335a06c6baa009cba671ecb0613c76dce23086e13333f332480cbd9ced0

                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_az.dll
                                                            Filesize

                                                            29KB

                                                            MD5

                                                            1e4093c3b0af3eed6f95d2620d45bf40

                                                            SHA1

                                                            e29a10ede562f2d057d6fc04c3a286996051a14d

                                                            SHA256

                                                            afcc0b001c7ffc1f5bbdea02fcbd6054e8b15aff9ae47366910bcf5908d4437d

                                                            SHA512

                                                            843480e2d2b431f32892830c26fc3e4b80656d069f83f9a9df78d10b1e22c9ceca99171360b2baa921d156995d87ea5223f18b11e2a8ac18fabdf905881940b1

                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_bg.dll
                                                            Filesize

                                                            29KB

                                                            MD5

                                                            c30674009659b56bdb6a60f8629f0eb2

                                                            SHA1

                                                            4b6fc6ea93620a206a621875513455b57fd24e83

                                                            SHA256

                                                            d09c23ecd92f5cfbe650c63bc93af84c11c9ae143a5838286c04169eab8bd103

                                                            SHA512

                                                            8947a9bada21ed2e0f2cf080d58f9473a5c54092a5c1f75ca9523b48143caed346e831714e80466cc2e88513e507aef422d8560b69cbf8663eb21ab05c61707c

                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_bn-IN.dll
                                                            Filesize

                                                            29KB

                                                            MD5

                                                            a8817334810c093e0c280e2a61caf36b

                                                            SHA1

                                                            9b3b2a8e33de3fa8df0b6b6ab4a40ab1d088ab28

                                                            SHA256

                                                            18d4c6a9840ba877dd1906ff258fb06c245cfea6bab00bbffe18c442957393ac

                                                            SHA512

                                                            24ee9a0c29d42c96ccec7f4f3322c3b6a2ed0e4d68b17a5b424a364f789adaa8f1404784c8feae77986cd0be39579dacc9ca89a3fa868bb0bf11d94c95f0bb23

                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_bn.dll
                                                            Filesize

                                                            29KB

                                                            MD5

                                                            4d2988ce0b2cf5cb02269a2455e1174b

                                                            SHA1

                                                            d89cd05805965648c9e7b8bb4bc8bd3605ce2d4a

                                                            SHA256

                                                            cbc9a8a3936e6cb279885dc8a23261a290e85907f947a1a16fe9e7d6bdee69f8

                                                            SHA512

                                                            64cee7e579367faca4864ebb5feb9dee310915f8640780a5a52c19f5c68d817adab7ef357913a68fe841a3b2e801e85de173a37402cdd49cf35319571ff6ce44

                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_bs.dll
                                                            Filesize

                                                            29KB

                                                            MD5

                                                            3e817089a18c72bd505dd6bbe5ce6163

                                                            SHA1

                                                            2c21b568c2fda5e475a1a996b73874ba6fe420dd

                                                            SHA256

                                                            7c31aa69e3109d7134443c47b12859fffbade13a2f994f0bf42a8fdc12f796df

                                                            SHA512

                                                            20534eee7c59a9cdb595c3f6d01abc8cfa534aaf84a693d3b011e4dada3fde080142a95ba036270a6a2ad2b65e6fdb18b08e53552715cc4edfcb87662fbf8100

                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEA66.tmp\msedgeupdateres_en.dll
                                                            Filesize

                                                            27KB

                                                            MD5

                                                            a430ce95b80c07bb729463063e0c7c48

                                                            SHA1

                                                            cc488bdc18c191d88dd93e45bb85fda19d496591

                                                            SHA256

                                                            c9c8a06948123607b7b35d0d46c9600b1d3e2f674e6117820b4f559818c26b60

                                                            SHA512

                                                            cc9c24b95d079a949a8e725002494b0c75c19bce9ec6457cb4307f5803b7433eed738944f1baf770df8e034212224b1d9662fa533aa5bc5c01568d192fa49efc

                                                          • C:\Program Files\MsEdgeCrashpad\settings.dat
                                                            Filesize

                                                            280B

                                                            MD5

                                                            f915e622e8ee1ffd959db2b0262ad2b9

                                                            SHA1

                                                            d12915d51ec31ac7daafdb1f95638f765e33a559

                                                            SHA256

                                                            a79c4abf2a42518c8fc05f962562909a416a41c607a79249d04283fa91b70122

                                                            SHA512

                                                            2c47ecdac5cdd7ea02c335b0dca38e03063388046ef4db7b9d4b977dd250605c17a39eb25306a15c8ff4710f94077cb5b5ec727c9bd581e056043fc53bbf46d2

                                                          • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                                            Filesize

                                                            15KB

                                                            MD5

                                                            8c4e78998135d07dbf9e0a6f6593d76f

                                                            SHA1

                                                            c34377d9f8cc8050c8ceb9af513570623bc06842

                                                            SHA256

                                                            105906927da47713d7fd1bf2ff3ffa9fb674cb3a5890fb298c02a3f8a5570b6d

                                                            SHA512

                                                            f0b90ecaf05b6567e048416c64591be28541fac1d5c2966f77fbc645267c511388449302168fe7180cef4f301a855ec400c8e86373e2da02eb2db3a44b1e40bd

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            33448613b818f86148fc8543bbdc8a51

                                                            SHA1

                                                            5ca6c2cc795bebfbfb186db46195b53ce7a3037e

                                                            SHA256

                                                            052e2f064390124cd9a3487acd8564d3c593cbb0ef924da393c7e70cac68874d

                                                            SHA512

                                                            1052fc7e1d58c946dbeaec88868b3d405d6ede885d13dd5f97226ab13d8d186b80d93aba140be96c53b36f94426cbc398ff65a9d0373d70b49828f02c8dae3b4

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            fe8690647c1df4f0624f9f1a96e8d52e

                                                            SHA1

                                                            33e1d9b35246871ee00758e498b5b74626f5e14e

                                                            SHA256

                                                            fcaf88d5fd8e92bcb269e5bd4b4ac4a13a3a764933dcbbd26b0e7674ec4a6238

                                                            SHA512

                                                            e280bed32e73608597a9f6ca01e0eb3a127e66c2ed9c15dbb181fb16feb58de9fe81e363ee73909e7ef505ddd25980bb3b95d432eed3c8ee350723cab065d452

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
                                                            Filesize

                                                            264KB

                                                            MD5

                                                            8f3ea611fbc057eeb8f44cd5f8eca38c

                                                            SHA1

                                                            63eabfeca2d70532424b796c3e0ba763c102d309

                                                            SHA256

                                                            6d8427351ea5017dc5009a18d291840a3830a7f5315c04493b65711c7481fa89

                                                            SHA512

                                                            1a48827cecf3ee3e5a23a3c5fe98006615d7a467c233353df35c660034ef61e1a7df16db82f393e383b2f1b49ebe59b7e8234dc7918a02745eeb05571fc6c03b

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\25d47759-8314-4fe0-9002-9ffd8e0385f7.tmp
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            398f70fb65d509b162220ca0240e4545

                                                            SHA1

                                                            21b966ad5c085c0cbaae739a1e5cea39393b2c18

                                                            SHA256

                                                            c185df723f2acff16c93dad5017a5d5736aae12b6c6ed5b085ca43f885f8f269

                                                            SHA512

                                                            70a6548ac7af1c63673340aa7efee99436404d57c4701b97afe21edfc54fcfdc17c6be4f3b982f513dfe6da27de0be65ba780e0cbe08326cb6010c07d89a5d29

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            bee77e277061441ff99d813b8bf18ca5

                                                            SHA1

                                                            e0227e9aad7696143ba5b169597418ea7792f5fe

                                                            SHA256

                                                            cc9cd5254dd4c0b969577a0a3703365053bbe0571db465b621fa54ae922b46e4

                                                            SHA512

                                                            ee3c0f387698ba9083f91e10933ce90de55c34219e2a2938f2a6f956fddf7011c9e7d4a0246dcbd8b28f02066d3597769dacbadde2a27b85a531af14356e1e20

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            6b05baf25f8fed38dafd37784dafdbca

                                                            SHA1

                                                            027b3e242a633bc3d4ea65860e1ea5367a4affc4

                                                            SHA256

                                                            e790b24db25485eea12c354f3e76e31a1b6c6acfdff375679419bb7fd95b03bf

                                                            SHA512

                                                            977add576cbc84d3be7ca5289ee8487b3e8367b2379f469ce69b331dbee6045cf807f783b1d819bae4e38e93c8b982a8faa34db50d221ae90fb2d718e62705e7

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            e8f08c4dbd2845cc583ad43db7ddf95d

                                                            SHA1

                                                            4aad5193fa3fb64bb1399c65ca0d48acebd1c170

                                                            SHA256

                                                            d286694ad037d472aa588072f7a7b2c2fa4c48dcb00ee2da1dd2b0711fdf4b24

                                                            SHA512

                                                            661725142a43cf72a7912c3e4bc57f5fadca9664e6a639367915f346a864c9700453e3151d7d41824c98797bfc7109e53fb79b8399b06a666ec57f5ea9ce787d

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            98063d3d0750af2701b57a3a92de4a37

                                                            SHA1

                                                            5df5c1e9f389d00a1df6e305b9601d545bd23122

                                                            SHA256

                                                            83471631336d1dec58da0f854e2a6a7de0269b8fee69266e651fc0ae80c6322b

                                                            SHA512

                                                            8c4c5a0894a90c8f11696df0cdf5a80d05d5d5a87e86859fb9c5b88e8304221d7a1519a656b755dcce38020a367199a9cbe5b0b54e0cf7370565311310d07183

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            5c06593b4ba16b91fd03a45f6c11cfc4

                                                            SHA1

                                                            c18b53ec775069c2c2934f5bfc6281f8fcde7b4e

                                                            SHA256

                                                            93c4a31f71e802de30c6ee3ad18e3471405d771a46f2df53771a33832c70906d

                                                            SHA512

                                                            e5d4e3c735d5e7872670c2cb12ce26989175e32888e20583e5dab9790dd11def433652f01d94f5a39ba9c3124df7dad5dccb9448009700d8eff1c4e02ae1d032

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            6d0710af9d2ad2d54f98af4181a57c94

                                                            SHA1

                                                            deec801f8bd9d3f03dcf2a2327d66c5209ac0283

                                                            SHA256

                                                            950f52793d3678a15d637218b169d2383ea6027feb49603033ca4651d1b418b0

                                                            SHA512

                                                            4dcc29e81d867117bb9eaebe9c6aab22fd4f0c7d4e8defd8354c53746fc23d3ee7728962808d524200c93d541fe96e3a665b7f05e77c08451a1385911ad43185

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            75c4e2761761c1edc91262a37767a3d2

                                                            SHA1

                                                            3309f2fd7a87ac0f150018dfbe34507a649799de

                                                            SHA256

                                                            ad41569aa5543ff951d53a0437c1e6a48e13be221c79b3d134729e113e9cdb25

                                                            SHA512

                                                            ae9fc94e010d086f5cbe25dd63e9a96156680d72a0c22393abbedbc5ae4fd8393183b9708a60e81f6edffa03db9de354ff661101e3f79c12ecb46e1ba6c1f347

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            9e0bc9a66673df816e4228d479e630f6

                                                            SHA1

                                                            52a66b59c1e16f17bcad5ff704a327081f563022

                                                            SHA256

                                                            dc63d0640587e3d7e4f8c6c0a9802a9733f1ff4b1b4450c9dae47572bd501591

                                                            SHA512

                                                            e61f0b99eadfd38ffe6243b25cbadf35d4aac37d0c680b152278440543499bd2d90baca4fcb4edeff8e7b47e3a5ffba42af17c5a69cd1c86b8699ecb24e067ef

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                            Filesize

                                                            6KB

                                                            MD5

                                                            cedd395a66070a07fe3c820119ee24e5

                                                            SHA1

                                                            f2c8eaf9fd8e9c2ecef2613758c018ff4649c051

                                                            SHA256

                                                            0636c723ef11c2a511c86dc5a62fdc391032a1e7c15751380c563c05c782f31c

                                                            SHA512

                                                            893c3ca0dc75dc0006cb003ab90bb45ba828a4d680ec01184c18c8c18a9300c3c66f764c5f7cda8f0ea345824efd54cedecd84e928d1fe622422656487bc291b

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                            Filesize

                                                            6KB

                                                            MD5

                                                            f8896fef21f0a64769006d1255f1198e

                                                            SHA1

                                                            6d5dbcb3b036d0a5efc18d55b2bf1cb06c74d793

                                                            SHA256

                                                            6b4654f3252b82a6d5f15c87e3397a44bbf2b8260f17b3041fda25ca37aedb15

                                                            SHA512

                                                            a7a9c88ffdded4c1f7212ecd0418847dff1591e5da284345c006d6851c9049db8df5f9118d3c58318d17f302f9adbff1a4198d54b5343937edaf888033e792c8

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                            Filesize

                                                            7KB

                                                            MD5

                                                            ec4da1875be7d19a2a793a630f7a74bf

                                                            SHA1

                                                            a6002f31db4e8a50e519d51e4989018b3853ffd0

                                                            SHA256

                                                            adb39526f7fb72e1c4603f2c8cc974811e8813316834373cd2a8649344c03b52

                                                            SHA512

                                                            f705a4b6e1d9081728d83a96e257d91ee8eee855429179b4680d82006529830b41b84a79f26697cc9de46f6dc2b36c573dcc2d3892a31a632a9580450d74a0ce

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                            Filesize

                                                            7KB

                                                            MD5

                                                            0628427b9336b7e5de15c8d078dee946

                                                            SHA1

                                                            1b50e4b80ea5f14536b6b9b3a8e5fe79c1607feb

                                                            SHA256

                                                            cf36962382c46d413d66d6ba6373ed0ce023a645618072fccb8ad931a898b7e5

                                                            SHA512

                                                            533115b40a4abc15dcbf2641f77e74c0d94ae321c59c76b75bcbd179c1de7d8c07ddd4ed85f32cdac41aedb3e5c06bc29ff1e72a34d2ddf501d0036bfb33aa48

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                            Filesize

                                                            7KB

                                                            MD5

                                                            3ddf3c85ea3e8076dc62af25909fa479

                                                            SHA1

                                                            8f7818976ed36f6c3fd307c664efd99fd58a97e3

                                                            SHA256

                                                            820a27656239b74191b177187e7c1cac855172596ee46b843d9b7f8834eb68f3

                                                            SHA512

                                                            b5682fdd8cd8877ab6e93f88e37a96b010910c9a6a928d6dca999c86e8dab2428629d589d723ecc2a67b05c8a09d6abf55dce1307aa7a5227f450fbc63864976

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                            Filesize

                                                            6KB

                                                            MD5

                                                            098f9e03cf9b619e4533054b13348d86

                                                            SHA1

                                                            efb15e4e80586839f59b12dd7ec04722ff51d460

                                                            SHA256

                                                            860e2675f4e500760f7638187ada26788a821a84847d8cbf658aa05221a5b797

                                                            SHA512

                                                            0b27f2c25d58f351412d305b96cf55b037794c9378cd4cfd1df135373c5d538d0fc0ffb1c1891654972f9aa341e4fc56db1f22d0bb648c0314c32289413b379a

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                            Filesize

                                                            6KB

                                                            MD5

                                                            eaa53a854eeef2a7ff8e632c29937c9a

                                                            SHA1

                                                            5677465572c6ff07c4f91b4da6490e43f6d168da

                                                            SHA256

                                                            d222ebad49235fbaa9b8f80af2024cf56be9c0c9f89a509b6e449a102b32d06e

                                                            SHA512

                                                            fad08d4b644d90da6b906809ef485ee90e9940cde4d92511a501df82c8bfbca46f3e983e79c765bef3f08f263594ec4414a9e4019346975790319a3afedb0d1d

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                            Filesize

                                                            136KB

                                                            MD5

                                                            765fd34e78b700616ee642b75454dd2f

                                                            SHA1

                                                            09e85a23b937706cdf68930c0883351eb7fb4ec3

                                                            SHA256

                                                            4302e90daf5eacb35eb55d46265a928b1eabe7fe3aba8a06ba0a783a592500fd

                                                            SHA512

                                                            1baf3f879db3b71a9e27fd102afb46c5ff93b9bdb827c0713337964b1ba739b2c545f3f64c801a661ae551875e4ed2f391afb0fb1ecc4194a9ddd77d16c19853

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                            Filesize

                                                            136KB

                                                            MD5

                                                            5deb002575523215eff943183aba30a2

                                                            SHA1

                                                            c8e80eba55dafa5bcb7a39ddc991c5dd5f4a48e2

                                                            SHA256

                                                            169c553afe90291e3f54e65fd8eab6786f6e33ed75aa29a1eee6014f2322d140

                                                            SHA512

                                                            7c96fbb556997dc51bae3db03d417ea87f5e67f3fd77397664f50b85f5cf94d5ac03b758afe6283238b86590924744615aeb06030b5eaf156cea79997216ec3a

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                            Filesize

                                                            136KB

                                                            MD5

                                                            299b94c2a13b1e83d35caeb8a470b9ca

                                                            SHA1

                                                            36f9055c0363f1345c2a8b7e01fe85d60bd1770d

                                                            SHA256

                                                            071f345c4a90e2bb1bae44c7931532fb35d9a7b199ae09353627c81b84f02589

                                                            SHA512

                                                            5c7ee087f3c8f85c15ecbbe441457aef70a156f63fa3303f5fae7ac718438f4e16decd6e0055270fbf375e6852de3be7200a48282f7314bfac78866f27baf9ef

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                            Filesize

                                                            136KB

                                                            MD5

                                                            fb8d3b80b84f63929a26d74aa88a26d1

                                                            SHA1

                                                            fabbf43efd9a40ca195231ae183f3ae7d688e501

                                                            SHA256

                                                            1feacbdf8c00065f109bb53d9c8e82e38b76b5779e0f84b21976c0847f15f15b

                                                            SHA512

                                                            ade220bde3afe205094e5b20e7b499d716eeade9d758f299d6e6b288ce9b1017ba387d67591db5cb1e66b902aef879a63e167ee4fb7a27a3791c33ab71a4bae9

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                                            Filesize

                                                            112KB

                                                            MD5

                                                            cafaead0b56ab008b15521a8415d38e2

                                                            SHA1

                                                            fdeea4dfec3bbbec189141b8cedaa1273422b4b6

                                                            SHA256

                                                            82874d2daa4f050de552f10943b785ec4266a64daf0696fb1a014ed642d94558

                                                            SHA512

                                                            2d5d7f5127a9ba67101908fd0f9d920e3c70f4fa05ca97965f985c02cc1675d7dfd6515ec97096e78835d52ad18ec96c4e2656453928967efa5087b7fa01e10e

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                                            Filesize

                                                            109KB

                                                            MD5

                                                            8babef4e42c465a8e7cfe24a8b606259

                                                            SHA1

                                                            1117dc0c5c9d0ef5547382cd06a70aa9ff9d7620

                                                            SHA256

                                                            485ff94d76b15af0f99884c1aae0a5d81b0dc411ae16495a74c4c93e44f29c74

                                                            SHA512

                                                            399529566bdcc1cb7955c314c2f74103a09d8bf55a5a6b78a1714b1ec08fe8bb6f3ecbe2f5022c6b971792d82841d663c8f67a54c26e4bc363475475fe069f07

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5892c5.TMP
                                                            Filesize

                                                            98KB

                                                            MD5

                                                            25b1cb3c4d11437b0e5438c8a547e2ac

                                                            SHA1

                                                            1a5ba5fc1d805546f09c2e5d8de0ae3b013e448c

                                                            SHA256

                                                            be5d9fe7e3e7ab3f780e5aa0c4278aa214ed20e3fb553f6bc1d809c15ca91822

                                                            SHA512

                                                            e6d832d3169c9f8c9538b1486dcbee3fe4a46957e50cad88130a1f201128a7eeae64bd50bb43e38ee2e012dd8e8d351da47559f6eaf21be831ad062c95f20b25

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                                                            Filesize

                                                            2B

                                                            MD5

                                                            99914b932bd37a50b983c5e7c90ae93b

                                                            SHA1

                                                            bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                            SHA256

                                                            44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                            SHA512

                                                            27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                          • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
                                                            Filesize

                                                            488KB

                                                            MD5

                                                            851fee9a41856b588847cf8272645f58

                                                            SHA1

                                                            ee185a1ff257c86eb19d30a191bf0695d5ac72a1

                                                            SHA256

                                                            5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

                                                            SHA512

                                                            cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

                                                          • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dll
                                                            Filesize

                                                            37KB

                                                            MD5

                                                            4cf94ffa50fd9bdc0bb93cceaede0629

                                                            SHA1

                                                            3e30eca720f4c2a708ec53fd7f1ba9e778b4f95f

                                                            SHA256

                                                            50b2e46c99076f6fa9c33e0a98f0fe3a2809a7c647bb509066e58f4c7685d7e6

                                                            SHA512

                                                            dc400518ef2f68920d90f1ce66fbb8f4dde2294e0efeecd3d9329aa7a66e1ab53487b120e13e15f227ea51784f90208c72d7fbfa9330d9b71dd9a1a727d11f98

                                                          • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
                                                            Filesize

                                                            43KB

                                                            MD5

                                                            34ec990ed346ec6a4f14841b12280c20

                                                            SHA1

                                                            6587164274a1ae7f47bdb9d71d066b83241576f0

                                                            SHA256

                                                            1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

                                                            SHA512

                                                            b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

                                                          • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
                                                            Filesize

                                                            139B

                                                            MD5

                                                            d0104f79f0b4f03bbcd3b287fa04cf8c

                                                            SHA1

                                                            54f9d7adf8943cb07f821435bb269eb4ba40ccc2

                                                            SHA256

                                                            997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

                                                            SHA512

                                                            daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

                                                          • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
                                                            Filesize

                                                            43B

                                                            MD5

                                                            c28b0fe9be6e306cc2ad30fe00e3db10

                                                            SHA1

                                                            af79c81bd61c9a937fca18425dd84cdf8317c8b9

                                                            SHA256

                                                            0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

                                                            SHA512

                                                            e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

                                                          • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
                                                            Filesize

                                                            216B

                                                            MD5

                                                            c2ab942102236f987048d0d84d73d960

                                                            SHA1

                                                            95462172699187ac02eaec6074024b26e6d71cff

                                                            SHA256

                                                            948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

                                                            SHA512

                                                            e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

                                                          • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            13babc4f212ce635d68da544339c962b

                                                            SHA1

                                                            4881ad2ec8eb2470a7049421047c6d076f48f1de

                                                            SHA256

                                                            bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

                                                            SHA512

                                                            40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

                                                          • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\VCRUNTIME140.dll
                                                            Filesize

                                                            99KB

                                                            MD5

                                                            7a2b8cfcd543f6e4ebca43162b67d610

                                                            SHA1

                                                            c1c45a326249bf0ccd2be2fbd412f1a62fb67024

                                                            SHA256

                                                            7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

                                                            SHA512

                                                            e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

                                                          • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll
                                                            Filesize

                                                            133KB

                                                            MD5

                                                            a0bd0d1a66e7c7f1d97aedecdafb933f

                                                            SHA1

                                                            dd109ac34beb8289030e4ec0a026297b793f64a3

                                                            SHA256

                                                            79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

                                                            SHA512

                                                            2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

                                                          • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
                                                            Filesize

                                                            5.2MB

                                                            MD5

                                                            aead90ab96e2853f59be27c4ec1e4853

                                                            SHA1

                                                            43cdedde26488d3209e17efff9a51e1f944eb35f

                                                            SHA256

                                                            46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

                                                            SHA512

                                                            f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

                                                          • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt
                                                            Filesize

                                                            48B

                                                            MD5

                                                            be2a7d7f566380c227aee6c9352ba882

                                                            SHA1

                                                            b8b1236b1ce17f295b2780622cad96f4a1694b46

                                                            SHA256

                                                            fa95da2b65d081614dc31c4ec93f5443a42fca6f0fec3552d341b7588cd0a0e6

                                                            SHA512

                                                            771cacef95bf3f9564fa59f72654e269b280b08ed388910c60d911a5a265c3ccdadb75060e502981301c38041eb25d7097731901aa431822f47208d10a73c67b

                                                          • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
                                                            Filesize

                                                            86KB

                                                            MD5

                                                            d213a75b1956398e4c36bcc2f93339bf

                                                            SHA1

                                                            6a2739cc0e67f5593c744fbcbc8f00f12eef9954

                                                            SHA256

                                                            ece75d080f94df4b3699389021337b1536cfed229d1325f09b03f0b0d6d85ab4

                                                            SHA512

                                                            d32ddaf4c6f8f8df6c390d683e6c039f3b0d8f35f68f690b28bf88b17caedf0e11abd3aeb2e46238d0cd0a91b2db095cca0782b4e27f04453ea4cb6db38f4dd7

                                                          • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
                                                            Filesize

                                                            113KB

                                                            MD5

                                                            75365924730b0b2c1a6ee9028ef07685

                                                            SHA1

                                                            a10687c37deb2ce5422140b541a64ac15534250f

                                                            SHA256

                                                            945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

                                                            SHA512

                                                            c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

                                                          • C:\Users\Admin\Downloads\Unconfirmed 73292.crdownload
                                                            Filesize

                                                            1.6MB

                                                            MD5

                                                            db7fb67fcec9f1c442de25f3ad59f50c

                                                            SHA1

                                                            b600aa26d1cded59760304c6d77f4ff75722eabd

                                                            SHA256

                                                            c227208854734bbd38c9f74f39034111733da5c7ce71515b1610aedd79417f9f

                                                            SHA512

                                                            c14ec7d252a6f201dfea476d302fbc5140713cb4ea7bc8d4e610bfd806b3fa3c141153e2e9b8cb36255fba1fab4d4400ed83f5f5c1228d77d77bace41d5de7fe

                                                          • \??\pipe\crashpad_5036_SKNUITTENRFGNCXJ
                                                            MD5

                                                            d41d8cd98f00b204e9800998ecf8427e

                                                            SHA1

                                                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                            SHA256

                                                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                            SHA512

                                                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                          • \Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll
                                                            Filesize

                                                            4.1MB

                                                            MD5

                                                            c2bde3ba169916206ef61ce2af29abd5

                                                            SHA1

                                                            9ea8cc423fdd68280988d94f2eac468e445d34f8

                                                            SHA256

                                                            2099337afdfc49b325763e2e741253aac15c195e0010039a625459e8ea1ac526

                                                            SHA512

                                                            442e5935be20dd345fb9940113a7db2e06649eb36fc79a4b7128e3054c8a27a34c62b826397b2d46810ea32f3b2d8367bb375b7996019fcbc2d400dff5f21ca0

                                                          • \Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
                                                            Filesize

                                                            522KB

                                                            MD5

                                                            e31f5136d91bad0fcbce053aac798a30

                                                            SHA1

                                                            ee785d2546aec4803bcae08cdebfd5d168c42337

                                                            SHA256

                                                            ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

                                                            SHA512

                                                            a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

                                                          • memory/208-1706-0x0000000180000000-0x0000000180AC0000-memory.dmp
                                                            Filesize

                                                            10.8MB

                                                          • memory/208-1693-0x000002A5F1460000-0x000002A5F146E000-memory.dmp
                                                            Filesize

                                                            56KB

                                                          • memory/208-1688-0x000002A5EEEE0000-0x000002A5EEEFA000-memory.dmp
                                                            Filesize

                                                            104KB

                                                          • memory/208-1713-0x0000000180000000-0x0000000180AC0000-memory.dmp
                                                            Filesize

                                                            10.8MB

                                                          • memory/208-1711-0x000002A5F7390000-0x000002A5F739E000-memory.dmp
                                                            Filesize

                                                            56KB

                                                          • memory/208-1710-0x000002A5F72F0000-0x000002A5F7328000-memory.dmp
                                                            Filesize

                                                            224KB

                                                          • memory/208-1709-0x000002A5F7110000-0x000002A5F7118000-memory.dmp
                                                            Filesize

                                                            32KB

                                                          • memory/208-1690-0x000002A5F27F0000-0x000002A5F2D2C000-memory.dmp
                                                            Filesize

                                                            5.2MB

                                                          • memory/208-1695-0x000002A5F2720000-0x000002A5F279E000-memory.dmp
                                                            Filesize

                                                            504KB

                                                          • memory/208-1691-0x000002A5F2430000-0x000002A5F24E8000-memory.dmp
                                                            Filesize

                                                            736KB

                                                          • memory/500-224-0x0000000000AC0000-0x0000000000ACA000-memory.dmp
                                                            Filesize

                                                            40KB

                                                          • memory/500-227-0x0000000005D60000-0x0000000005D72000-memory.dmp
                                                            Filesize

                                                            72KB

                                                          • memory/500-223-0x000000007318E000-0x000000007318F000-memory.dmp
                                                            Filesize

                                                            4KB

                                                          • memory/500-225-0x0000000002D30000-0x0000000002D3A000-memory.dmp
                                                            Filesize

                                                            40KB

                                                          • memory/2940-2126-0x0000000073690000-0x00000000738AF000-memory.dmp
                                                            Filesize

                                                            2.1MB

                                                          • memory/2940-2167-0x0000000073690000-0x00000000738AF000-memory.dmp
                                                            Filesize

                                                            2.1MB

                                                          • memory/2940-2199-0x0000000073690000-0x00000000738AF000-memory.dmp
                                                            Filesize

                                                            2.1MB

                                                          • memory/2940-2139-0x0000000073690000-0x00000000738AF000-memory.dmp
                                                            Filesize

                                                            2.1MB

                                                          • memory/3480-2165-0x0000000073690000-0x00000000738AF000-memory.dmp
                                                            Filesize

                                                            2.1MB

                                                          • memory/3480-2124-0x0000000073690000-0x00000000738AF000-memory.dmp
                                                            Filesize

                                                            2.1MB

                                                          • memory/3480-2123-0x0000000000C50000-0x0000000000C85000-memory.dmp
                                                            Filesize

                                                            212KB

                                                          • memory/3904-2166-0x0000000073690000-0x00000000738AF000-memory.dmp
                                                            Filesize

                                                            2.1MB

                                                          • memory/3904-2187-0x0000000073690000-0x00000000738AF000-memory.dmp
                                                            Filesize

                                                            2.1MB

                                                          • memory/3904-2125-0x0000000073690000-0x00000000738AF000-memory.dmp
                                                            Filesize

                                                            2.1MB