hxxps://github[.]com/quivings/Solara/blob/main/Files/SolaraB[.]zip

Analysis

max time kernel
119s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Executes dropped EXE 1 IoCs

pid	Process
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Loads dropped DLL 5 IoCs

pid	Process
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Themida packer 4 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/776-663-0x0000000180000000-0x0000000180B57000-memory.dmp	themida
behavioral1/files/0x00070000000234d5-655.dat	themida
behavioral1/memory/776-897-0x0000000180000000-0x0000000180B57000-memory.dmp	themida
behavioral1/memory/776-963-0x0000000180000000-0x0000000180B57000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
74	raw.githubusercontent.com
78	raw.githubusercontent.com
80	raw.githubusercontent.com
54	raw.githubusercontent.com
55	raw.githubusercontent.com
73	raw.githubusercontent.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133655709754445297"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 55 IoCs

pid	Process
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1696	SolaraBootstrapper.exe
1696	SolaraBootstrapper.exe
1696	SolaraBootstrapper.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
776	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 5048	1528	chrome.exe	83
PID 1528 wrote to memory of 5048	1528	chrome.exe	83
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 2936	1528	chrome.exe	84
PID 1528 wrote to memory of 3916	1528	chrome.exe	85
PID 1528 wrote to memory of 3916	1528	chrome.exe	85
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86
PID 1528 wrote to memory of 2164	1528	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quivings/Solara/blob/main/Files/SolaraB.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff90f76cc40,0x7ff90f76cc4c,0x7ff90f76cc58
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,17225789588127771598,2048571586668596586,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,17225789588127771598,2048571586668596586,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,17225789588127771598,2048571586668596586,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,17225789588127771598,2048571586668596586,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,17225789588127771598,2048571586668596586,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4556,i,17225789588127771598,2048571586668596586,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4440,i,17225789588127771598,2048571586668596586,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4368,i,17225789588127771598,2048571586668596586,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5396,i,17225789588127771598,2048571586668596586,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5564,i,17225789588127771598,2048571586668596586,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:2888

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4928

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2948

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1628

C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1696
- C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
  "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
319fe0e8ba4018615aaf8fbec871865b

SHA1
b1f1e2041a71e69b989634ef32d4b99fad15d766

SHA256
99cae9152f7fc508a79b4074e89770cce484f0d9afc5f8efa86b30d9b5a7e121

SHA512
ec4e375efbbd6f5593ea264d6e62cafb0eb4c870a4e3530c211218d86bd8857698516c04ec77faf5b0cbb3708be37f5e93c778278a4c78937832de6c29daa50c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1bbbd908d5a97937ad257f4e73be5575

SHA1
300965f76d04df29e295c60494066d44b5ce5e39

SHA256
175a0e30122a6a13ba3e41201928f12081bdbe081d5b491b3fb8678a53e91046

SHA512
41d86bda7609530b075229d69ce34f49a16bc968bb89d9855485eadf8abf48072abeb0cf695a043d288d5966fab9cd5faaf3730c47f14fae3789ef8afa17b989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG

Filesize
387B

MD5
94c80b01375cce1ced802ec9b7c081b4

SHA1
8eae2ca14328ae1bf35dd9bb5716c5532a523853

SHA256
33fa05680b01a0c9a27e476f0eb354b05040471f01765a0d3bd6ef6b8c66c26d

SHA512
5ad3747b712e5ee04c205329316e7d274c49fd08a76ad5e6155ecc511039e788bff59c3e9f0c94c40450e58e02ba5b55c49bf152a43e2a3c04e9cc1043b85805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
64e76d12bf4fd96f31944648162f1a59

SHA1
63c676f364000aabdbd4ff3959b21e4172d03d90

SHA256
961102989bacacec008c15ddde91b0ae7996992eb83ffbcc87b041752c3e9685

SHA512
8d67e8814bcdac7167ee21cee45d436723a4eca32dc23c9eb10155828364b4ef9a2ae98c9d4bb1fcff81780419a0feadc6bfb5035fe5445ab62899361b91fa91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
d9d0f58cc1c195b959429c4479cf7843

SHA1
31413baa60e7f678c31f2257354cd88cee9ddaa6

SHA256
d8c5e0c926551196a93fcda76cb704ea5e774842fa4f6f55bd90b5ad9eb8c271

SHA512
4fdc214278e76476bd001dec617cbb2d584501c2928910bf9604cd8b8b41219bc97dc5be3198234a73ac1330fcdc194bc1674bee2b785093213233e1766a7342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe58f6bf.TMP

Filesize
347B

MD5
19506e9fd053719ff3ad5f0a2cd351d3

SHA1
0736450878076bd63b9726882f8acc8f43dbe396

SHA256
7b37792750a2e72f0d0d485c00e492ff7783d53653d2a8af38626a48cdfbb218

SHA512
416d09cce08c4f7e080b4eed2de93109082f61af27eadab04e2025b629ce935900ac6b60e542b6b6453ba85b4c3342bd600cb494a6ca7597008adeaf6d215cdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
34da3012560990b28a174683c8213ca6

SHA1
669240ab58eb76ebaaf6bb5d53a839ce52667df4

SHA256
6d46132fc9eb28f8da2ece71b41eb3e8d227a75273f58da3d630e71762454e30

SHA512
1b40db55228eeebbf39ea04f45b12fa5ffa6664a7439e4fb4f6d46cb86572ebbbbf6791b70c70c233852310158e0c1d7844a3799e3ff86abe64b3e02b79a3142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2a90873cf5c76610e5a60be447229c44

SHA1
406ef9276a2664cb752c0eb8bf63d529d3f3eba1

SHA256
33d7af2ca86b76e4793dd5ca56a87dcb981c5f4fb9b4764982abd27abe0c5204

SHA512
87e7ebdfbc2cf11c38e67403c28166b2f602ecabf8339babed285d90b6e90b7924a6cf1d79ae386e549abfe35d91d1f752b04300fda0dd4b32b534dfd159829c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d177d44bf92515f9930a67c0b75cc29f

SHA1
993f7a18b9d811bdd0009b4a8918ff4f2a428be6

SHA256
3f835161eafde086a3a2e74d3007219d2edc515f71820f17ff0ebe31ceff2f49

SHA512
8d734ed04b70e99d0b07fbd30be6ad62cd99818d39cc89df9f01116ff0a8104d24840578f11c3f85564c0eb99b87cfa7c5580d414a180a7708d1e1632995ac34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2ccb3be091eb8110e0366b1ca2fb3cd0

SHA1
8adfa9d1ed67c4869a2321f07b28c856f0a60617

SHA256
5e9db139c9b313fd0203ade49d6c70901974dfc8e8cac6d8b7dd6d7db1fc4160

SHA512
ed97206cd44164489640e5fcea8335a2884023e7057d9be270cda91dffb7338d10f2b1f7e6da5c7f85a1aef371cd82f2f937af5cded91f5b8bc58235587bd575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3eb4e8bb8d786abc9da7640769065162

SHA1
2a6fbfe1b5f3a5bed22be339da19ecf4db0346ef

SHA256
4eff6e75c16ebeee68cdcd62ea463fa183cc019695fc3d0e160bf85081e9a72d

SHA512
5a176ca6bcd1d3504429fbca31a666875739ece1f74dfa80b9677f2fe8d3a14ccec38d1642215c3017c7ace9607ef0307aca76f4f15db1fc58a8130659086c78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
24792c6a68399d14808c36c6af683f38

SHA1
ac4b080bd5cbab609aea6e6feda5c11ef8dc0342

SHA256
f61c3e546a7f05bf1a669171f3c36f0779a9f8bc3bbe6ef2365f03ee09e255ad

SHA512
1eb949552a31d491405f5bee73b5cea4490279a5c06105d35904756e12de9a0ad1a12254976f2b91a33952aaa19a527c82cd349b7eecf8241ff1fa15f6d3b35d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1fceacfcfd433db1abd0f57bfbe1253f

SHA1
4d4ff8c51c78a484197b108beb94830f2ece58b0

SHA256
f908c95dd113b1e285d40038f4895876ed3007bd72522c1928a4a3ad72cd6060

SHA512
7fd1236082a58fa42906f1413db6f98b838a58d435a153c629369a31522a929f91a02174e6e294ea2d9408bbc128c912f8e2e96035dcd1c87c298ff2ead35b96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ebef77a2-7559-4d86-ab81-6364587e1e1a.tmp

Filesize
3KB

MD5
b2a861c4a5a8f0f9b1908e7419717214

SHA1
153156ea4399f63deffc64a4f6f12800374a2fc9

SHA256
5aeb8fea77f37cbd17198d4cca79bb7767baf86117ad89970ecb7041adc47a01

SHA512
c750094eff841b5a7ccd8aac3b9018cda7eadade1970f83448d5953004860a9c0d3eea18a82eaae28089f7ae1fadd01934a42671340f57c2ec524a3624953eec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc58e28735bb8675c8805d20a61b900b

SHA1
a70fc0e35a8fffeae170ae0823aa412f6d7dd87b

SHA256
cd1db35faf2e00cb8070d081a00dec8d72baae713a9eeaf86d66b3630241d265

SHA512
c3bab7b0467f1dfb902b963ddac0f072d3320efcfbd2305b909c64787ac5bd39986e9314ff2e9675c6bd95b95c8a3c124f92a1a5acccb323bebce9af076c8eb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0d2755480960ef2512251902678e0d30

SHA1
7ab4fd2c01a06513b4a209c9d34fc45eee99dd79

SHA256
7c7ae1ab0ea98ffa5ec27b1c4b077022bf2a5daca3fa2e8c0ec9c2f555360e19

SHA512
eeff8fa4bf308447f5a89302f33e4b7b1df95a65dd72a47c425fec6a3e5a08d926e9bc38fcef7d0ea121e5dd3afdcfb2cd353656778b02e734cf2502ab665f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3469f56c35fd97617fadfb890351c6b1

SHA1
e02bc1a365b6b9638af39fb4073e2b823ebe360c

SHA256
76213afd0cd76ff7465ed65f5b68fe59f1933a483be7050c0569f9bd4d264d63

SHA512
d50bed5d75540204d4f342bf1c10f73f84a69859f03c85155d8e6204e46f52d85c22076b53d8bbc25e5b7af957f7270f6b3b6833ad354832da8cbbc2d2a4c6e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
33611622c0c0d719b86b948c2c93518a

SHA1
cb1c0b30c93a874e61372a95946f26e6e0baa436

SHA256
0242dff97c4b8048a8a8176750f38ea97d38bb7624d3f77a195ad22a3fb23624

SHA512
1f317949fdb206c68a1a6affc99916f4acb4d14fad836ab1d1c16be04a7a81e4eb89829e1344c335314123f3c467e9d0b2b7dcaebe07054c258f166268d6f1fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab23dc7605dcbd10522a7aa4ee706a2a

SHA1
ee956cb0ab33d44344fe28775b80a11d74b5efa4

SHA256
651a1e8c6a63a31035e766082e3982c8aadc0e01e4be20c9178bf9f67c10a521

SHA512
840956c4b41891457b8e1e15d86a6363cf58a643c9e5e8a85b1fcdefd0f7d3a2e85003bf742280ebb82591a80adb3d1b512a8097ab95e6f5b2c17594ea156368

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
88cf31ddb4e4287be1a6357eea246a85

SHA1
4c8f08513338d21ec190c4990d0d7c9b61021e09

SHA256
f15d3911f04a40b385e367ab8ee41a1db09e04c74df9d5ab1de9ddf13b7d5904

SHA512
da2bb0324447a680e5ab9cc5f001f1b9f0960d47f60b5d806fc4ebae1283a4756326d860b2588586d5e02b10feeafe6391b7d42a6939d0be7f571a7ac20fba38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
73ca96ed0425939ffd213f61dacb25de

SHA1
94db9ba666ddeab69a3fefc6fa28182fef692527

SHA256
ef7510234ce421a4cbef166cfd7e9918ece99e118d3399707da9a0b0811da398

SHA512
40fe67758118d24ae063e14c9c136a136f0dd5d0683241682f001c56869edbb55e1821ac789158cccf1eac2a81d6cd785f190e286ad57eecf247bcce2ef6a919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
595e101e12129741bc8a1e4bcf46f074

SHA1
9354e7e83d14f3e0de1b43bd0db59ba0cce608d3

SHA256
140e771eaae2e00e8fd7f67f1cd664b36ec81a04d78295f070cbcd9babdd04c1

SHA512
b0fd0af1bfbcd7f65b370b69854275240d0987596bc9a5dd5df7c1e630285ae5d85b6a70ce3ba504176b273ac9e823aadf4be7f6f3e85dda824623545433069c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
bd991d173e2ebc25861f4704c7ec272a

SHA1
7173840b02415711fb726c7c5ada737f2491f04a

SHA256
d29c7f5c2fe2911bdbe1be4cd218c5ab0dd42d6617edc875973023c63881ac70

SHA512
10dc797b3b197d2f94c36990e5bf9002af1b4a9e92a6a75bc2aed2897642df8f15ddaacc41d9ee1ad78e70d1082257f01490f95c864cc183e66fb3d7817cf5ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
40d771e801e035ebf4b3b649e6645cb3

SHA1
fab47aa486f6b7f2fcbf5a6459b9d3352a5a568b

SHA256
849fe7e47f2be07cf27ec84afd35485fab88390d81f4e3ac4022b9386de57cc4

SHA512
3567c05eebcd3ca35d0a64d5f1a944e1f658936e6af0e05a2661ea7f918104761fde74300007d455463ed8ba3cd67b3a33002633085a44a449a134b9434f6422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
db45f9e6a1c7e04146c686f8fd36ef45

SHA1
54f97f032fd814f0840e00018b8be3c5022df65c

SHA256
0342cfe580c68d9d845f600e10719f336490822702d5a924872eb4950a27697d

SHA512
878ced59709a4cc6f55a8b7d979dce82693ce3986d693d82af23549cb2c0aa929c673c3d8cbb6c799ea822c040ebc2bc922d06c8372a7905f253e98d37dda6a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll

Filesize
488KB

MD5
851fee9a41856b588847cf8272645f58

SHA1
ee185a1ff257c86eb19d30a191bf0695d5ac72a1

SHA256
5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

SHA512
cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dll

Filesize
37KB

MD5
4cf94ffa50fd9bdc0bb93cceaede0629

SHA1
3e30eca720f4c2a708ec53fd7f1ba9e778b4f95f

SHA256
50b2e46c99076f6fa9c33e0a98f0fe3a2809a7c647bb509066e58f4c7685d7e6

SHA512
dc400518ef2f68920d90f1ce66fbb8f4dde2294e0efeecd3d9329aa7a66e1ab53487b120e13e15f227ea51784f90208c72d7fbfa9330d9b71dd9a1a727d11f98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll

Filesize
43KB

MD5
34ec990ed346ec6a4f14841b12280c20

SHA1
6587164274a1ae7f47bdb9d71d066b83241576f0

SHA256
1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

SHA512
b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\VCRUNTIME140.dll

Filesize
99KB

MD5
7a2b8cfcd543f6e4ebca43162b67d610

SHA1
c1c45a326249bf0ccd2be2fbd412f1a62fb67024

SHA256
7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

SHA512
e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll

Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt

Filesize
48B

MD5
be2a7d7f566380c227aee6c9352ba882

SHA1
b8b1236b1ce17f295b2780622cad96f4a1694b46

SHA256
fa95da2b65d081614dc31c4ec93f5443a42fca6f0fec3552d341b7588cd0a0e6

SHA512
771cacef95bf3f9564fa59f72654e269b280b08ed388910c60d911a5a265c3ccdadb75060e502981301c38041eb25d7097731901aa431822f47208d10a73c67b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll

Filesize
4.4MB

MD5
d2707360ae563a7a10e27beba85a6cd9

SHA1
686e830b839fc63a65fdebe78aa90edd687e9257

SHA256
f69022372a947acb86bae76f312ab518c1eb5df954339a46c4be71b4a8f73557

SHA512
e9f2a99869936f64e427ad081059e35283bd40f2b0d85bffc23d4ce35277778d8bfe98057e077e62955b0299c3182d173cb91a3d96a3b5690e7de61d01a1e000

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Filesize
90KB

MD5
d84e7f79f4f0d7074802d2d6e6f3579e

SHA1
494937256229ef022ff05855c3d410ac3e7df721

SHA256
dcfc2b4fa3185df415855ec54395d9c36612f68100d046d8c69659da01f7d227

SHA512
ed7b0ac098c8184b611b83158eaa86619001e74dba079d398b34ac694ce404ba133c2baf43051840132d6a3a089a375550072543b9fab2549d57320d13502260

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll

Filesize
522KB

MD5
e31f5136d91bad0fcbce053aac798a30

SHA1
ee785d2546aec4803bcae08cdebfd5d168c42337

SHA256
ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

SHA512
a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll

Filesize
113KB

MD5
75365924730b0b2c1a6ee9028ef07685

SHA1
a10687c37deb2ce5422140b541a64ac15534250f

SHA256
945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

SHA512
c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

Download Submit
memory/776-647-0x000001BAEAC70000-0x000001BAEAD22000-memory.dmp

Filesize
712KB

Download
memory/776-644-0x000001BAEB030000-0x000001BAEB56C000-memory.dmp

Filesize
5.2MB

Download
memory/776-663-0x0000000180000000-0x0000000180B57000-memory.dmp

Filesize
11.3MB

Download
memory/776-897-0x0000000180000000-0x0000000180B57000-memory.dmp

Filesize
11.3MB

Download
memory/776-652-0x000001BAEB770000-0x000001BAEB7EE000-memory.dmp

Filesize
504KB

Download
memory/776-650-0x000001BAEAB00000-0x000001BAEAB0E000-memory.dmp

Filesize
56KB

Download
memory/776-648-0x000001BAEAB20000-0x000001BAEAB42000-memory.dmp

Filesize
136KB

Download
memory/776-669-0x000001BAEB930000-0x000001BAEB93E000-memory.dmp

Filesize
56KB

Download
memory/776-645-0x000001BAEABB0000-0x000001BAEAC6A000-memory.dmp

Filesize
744KB

Download
memory/776-667-0x000001BAEAFC0000-0x000001BAEAFC8000-memory.dmp

Filesize
32KB

Download
memory/776-642-0x000001BAE83B0000-0x000001BAE83CA000-memory.dmp

Filesize
104KB

Download
memory/776-668-0x000001BAEB960000-0x000001BAEB998000-memory.dmp

Filesize
224KB

Download
memory/776-963-0x0000000180000000-0x0000000180B57000-memory.dmp

Filesize
11.3MB

Download
memory/1696-641-0x0000000074C80000-0x0000000075430000-memory.dmp

Filesize
7.7MB

Download
memory/1696-218-0x0000000005AE0000-0x0000000005AF2000-memory.dmp

Filesize
72KB

Download
memory/1696-216-0x0000000074C80000-0x0000000075430000-memory.dmp

Filesize
7.7MB

Download
memory/1696-215-0x0000000001180000-0x000000000118A000-memory.dmp

Filesize
40KB

Download
memory/1696-214-0x0000000000610000-0x000000000061A000-memory.dmp

Filesize
40KB

Download
memory/1696-213-0x0000000074C8E000-0x0000000074C8F000-memory.dmp

Filesize
4KB

Download