ce537d6a75dc8eaf70494907770fdb780456fea1dc37947bd458481608c5939f

max time kernel
1799s
max time network
1800s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
18-05-2024 06:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

v0f044gc0000clmruo7og65lhh8ne4g0.mp4
Size

4.5MB
MD5

45b2647eadad13f8cf3137858fb0c3b5
SHA1

2d9b8f5ebc8dfb991eecadf9f85d62bfa6cb65ca
SHA256

ce537d6a75dc8eaf70494907770fdb780456fea1dc37947bd458481608c5939f
SHA512

d40f1d85507f0cd155061c9a95627523293b09005c914fdf9a5aa117646c8e1952b6cc420721daeffa2077e3098ead309b8ffa76d45c35310798d5b167fedb8c
SSDEEP

98304:4ju52Pv5pTpB4WuQLTyxZO3UUpTzFXRzeXwyqjq73zBOQcMN1H4nu9KC/GTG/:ULPh5QWuQCy3dpTzFhK7qjqvN1kuWTS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Solara_Updater.exe

pid process

2672 Solara_Updater.exe

pid	process
2672	Solara_Updater.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

unregmp2.exe

description	ioc	process
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service
T1102

Processes:

flow ioc

1 discord.com
20 discord.com
21 discord.com
32 raw.githubusercontent.com
33 discord.com
54 raw.githubusercontent.com

flow	ioc
1	discord.com
20	discord.com
21	discord.com
32	raw.githubusercontent.com
33	discord.com
54	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133604873951112066"	chrome.exe

Modifies registry class 4 IoCs

Processes:

chrome.exeMiniSearchHost.exechrome.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1672260578-815027929-964132517-1000\{E0019099-4870-4FE5-A99B-3A4C32344220}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Solara_Updater.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\SolaraBETA3.rar:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

chrome.exeSolara_Updater.exechrome.exe

pid process

1496 chrome.exe
1496 chrome.exe
2672 Solara_Updater.exe
1496 chrome.exe
1496 chrome.exe
2904 chrome.exe
2904 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

1496 chrome.exe
1496 chrome.exe
1496 chrome.exe
1496 chrome.exe
1496 chrome.exe
1496 chrome.exe
1496 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

unregmp2.exechrome.exe

description	pid	process
Token: SeShutdownPrivilege	964	unregmp2.exe
Token: SeCreatePagefilePrivilege	964	unregmp2.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

chrome.exe

pid	process
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

MiniSearchHost.exeOpenWith.exe

pid process

2124 MiniSearchHost.exe
1404 OpenWith.exe
1404 OpenWith.exe
1404 OpenWith.exe
1404 OpenWith.exe
1404 OpenWith.exe

pid	process
2124	MiniSearchHost.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

wmplayer.exeunregmp2.exechrome.exe

description	pid	process	target process
PID 4580 wrote to memory of 4480	4580	wmplayer.exe	setup_wm.exe
PID 4580 wrote to memory of 4480	4580	wmplayer.exe	setup_wm.exe
PID 4580 wrote to memory of 4480	4580	wmplayer.exe	setup_wm.exe
PID 4580 wrote to memory of 8	4580	wmplayer.exe	unregmp2.exe
PID 4580 wrote to memory of 8	4580	wmplayer.exe	unregmp2.exe
PID 4580 wrote to memory of 8	4580	wmplayer.exe	unregmp2.exe
PID 8 wrote to memory of 964	8	unregmp2.exe	unregmp2.exe
PID 8 wrote to memory of 964	8	unregmp2.exe	unregmp2.exe
PID 1496 wrote to memory of 3556	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3556	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 2936	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3156	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3156	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4536	1496	chrome.exe	chrome.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\v0f044gc0000clmruo7og65lhh8ne4g0.mp4"
1⤵
- Suspicious use of WriteProcessMemory
PID:4580

C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\v0f044gc0000clmruo7og65lhh8ne4g0.mp4"
2⤵
PID:4480

C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
2⤵
- Suspicious use of WriteProcessMemory
PID:8

C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
3⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffcc9d6ab58,0x7ffcc9d6ab68,0x7ffcc9d6ab78
2⤵
PID:3556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:2
2⤵
PID:2936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:3156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:4536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:1
2⤵
PID:4080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:1
2⤵
PID:844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4160 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:1
2⤵
PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4324 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:2740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4468 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:2180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:5080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:4412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:1880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4576 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:1
2⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4564 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:1
2⤵
PID:3064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3916 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:4436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5012 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:1232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
- Modifies registry class
PID:3296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:3936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3916 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:5100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2684 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:1
2⤵
PID:2868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2824 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:4892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4148 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5156 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
- NTFS ADS
PID:1560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5436 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:3348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5292 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:1004

C:\Users\Admin\Downloads\Solara_Updater.exe
"C:\Users\Admin\Downloads\Solara_Updater.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5600 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5632 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:1
2⤵
PID:3844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3304 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
- NTFS ADS
PID:2736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1936,i,7768367826345674730,9529922503464599623,131072 /prefetch:8
2⤵
PID:3628

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3160

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004E0
1⤵
PID:5024

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:780

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b
Filesize
17KB

MD5
dd920c06a01e5bb8b09678581e29d56f

SHA1
aaa4a71151f55534d815bebc937ff64915ad9974

SHA256
31ad0482eee7770597b8aa723a80fd041ade0b076679b12293664f1f1777211b

SHA512
859fd3497e508c69d8298c8d365b97ab5d5da21cd2f471e69d4deb306ecf1f0c86347b2c2cfb4fd9fcd6db5b63f3da12d32043150c08ef7197a997379193dcbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c
Filesize
240KB

MD5
b89051e8cf348e69c0943b540af3b99c

SHA1
50200e338cb5df75077c6144884bf0ff6bf7cc7a

SHA256
2e0a0e7e5d510f4274cd22ca2ed10f4bcca932a8cb2a756a47c13fb36a5fb58d

SHA512
ab1e75c6ccf80fdd29bb35ec802032a46cf642e444ba392a2224cc025d05d78148f60bf81d4405b25301ce86b83e03d9249378864afa575fa6a61f05dea21408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
f47e3111857d740cda6e078b11df40a6

SHA1
9b0d15f1660a3120a90fc832e1cfdc4e887329c1

SHA256
50c72cbcfa187400d022cdb355ed8859e46377125087635512b000f8fc7edea7

SHA512
a4509a97841c00863e678d84bb194cdfe8b6c056d2e0c9c11c8955ab08d845dacfa13f2f112ed265ca099a66ef4f77dd1e3ab274d440b1f2a7a2f6cbc82098e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
36e0babf2401b366b90cbd026f99fdfd

SHA1
4cd13c6c1e1afbd4d0e4ae91951905c9d7c8d785

SHA256
6e8cda1b8c3879c94a70c0e12e1a5d4c0fcb919e6023c52a9ee8bb05e12d8123

SHA512
dc625660d3a4e83712ea73a40f60267aeed43947d4960b0fd996a01b9f60a0e06e638991c5a701fc61b4e01c2d98566d8aed21e616512a6cbad2e5fd3a0acd29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
f043b2ed6339fc673d089fb5c10f838f

SHA1
71b8042fc92015968bdb9819056c78396a459e2d

SHA256
4afb02f2543a820848f0324b29f335adeb06d258a94a2616cefbc4883ed44dd9

SHA512
495cfc71be5ae14a9225109b565fef12b9c6834ee42ca93697413035f9692a41172f595fe17655b5b7727044bcc44f7d7776567d2a47876e4f41a1b3eda1115a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
02437a1d5bbe39eea7a02826c31818ef

SHA1
b99e0a5eaff1af65eda05bbcbb9c1261be3cff7a

SHA256
3ca12d81c1d01bb83dcd1d28cd802a1e2a43a3d3131a6495377f7bf16e53cb69

SHA512
6f78d12766b43fb29bdaca3347d2295c0080d40c13dd6b64efdfa014ae19a36d26243d2a6775c0e5c72dce08a13c5ea3bce71ac12a6d6585668813dd7c66a37a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
95f543cb5c10a1c872dcbba4e025804b

SHA1
b8cdd35e503582f597192b2f14154af277e0b957

SHA256
8a4436465b19880e61268a9335862609cc62fe33e52899ea977210954855c71e

SHA512
ab183edcabba0f01c48c99c179dd24a3e427dbe099cd1b40f1c8475b7b79782d9881f32440739a4d20782b62b5e61573b7082f4ae133a0d2018b4410d722110f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f3d00aa2fd4797396b8a39e5a92853f8

SHA1
8e151c4143a35741246e33ddec6ce598788cc040

SHA256
5f6ba3cf28c9ac1a42cf308416a9f0aa744b6b0f8b6defa651349003530a27c0

SHA512
752695ea0359ebef355786a7d896de78824102f4835b46cd4fa399107897c6890972ddecfd8212414bcfee95432438ba0a98af72adadd691e54949793ab76c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4dbf474556662daaa985b4900013e3aa

SHA1
1682f397970ee96bc040af7862b8e64052f9f990

SHA256
87354cf6a812eeb9606fab3c4a6b312aec8ad1f8b7fa7c57c041ddd2b21b107f

SHA512
d379268afc5c94124a1d73bbcc8deea123a6b3570c18029bfafe013f3dc8ab8fe4a8aa61294208daee59df91c8bbd9e6daa850c7cbbf54837d6d47719fc6e4dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c3b4e234593c6d9f7e5dc97e76d4b07c

SHA1
0f8786372a1fd214d5948e76026ff940b8a08266

SHA256
f113e311f0bb0f0e2dc3e19291688f6c021ad0508a292ccab0cd05027bb063c0

SHA512
a78035ed8c8d8b3d9b75c7907011e98411247e6c4f184f88100a0d4f094c50978b63928b2539a869b1c364eb2df83063e8d0b67ba4c5bab992fa4e96e7dd631e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
b2b5955b0b147d1aa8f1b4eafb70d6d4

SHA1
7c52cb1497b88830253eaa1616fa5322ed4332d4

SHA256
d577e72975e98290dc60dc4fb7940a8a315aa2f7ba4483fb4493a9fb884daa0f

SHA512
e4c99cbb07090714d54bd37c8d7a71c73f6d386d756a9817936bf0639c7155e24339391cb81076ab0c6e903d2bf32b1a03b9d116e17d126d58627dfb474c0d4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
07aa7327b5aba4cfc77f1b20fd92bfd0

SHA1
a82933bf764d36323d0484df884c10bcb8696bc3

SHA256
5dd045277e44f8e35a872bd2358250f043e8ec5dd104d1509032e8c4a28121b8

SHA512
673e9940100c5c719977ac112cfc5958edf4d7c33bc49ac03c9722735d954556ca6d80749d423dd3703d145da0161e4461c64a136d5179df8f55c68f58e9ec43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
82558e78802a86fb92eb0724a35c20e7

SHA1
b1903d471fbea6f5b7dd4fc9be5123de787aa779

SHA256
62529d1681a0253e614055d71c4171ed6a0ab1a668c3beb168d4bf079dccd538

SHA512
b059f16aada3e102f567c0976d79254601c506fa25c091d7998762b87460c5ef3628cdae86caf56ef5649a1aeb5c75ab3bb73aff78cb465ce1235091429e8f93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
305422889dd206808ba234b52abaffa5

SHA1
e438c1e8e539dfc2576bd6395ee1a0fd3047119b

SHA256
846a61dd5fbc3257d3f36578830d1e2576f71b70da9aa4aea1d42ec38380c862

SHA512
b9102a44fdd80b98292c5ede17593296bb008c16e4e1f99eaaf7023ab0fc915ca921562e5e04aace3a1a9b8c0115a32fe6536d340ed9796322222bc0d8d15324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
54e8cb788922b39d0978a27c0aa4a641

SHA1
a6dfd674eacad246f2de08d58be2e536db28f7f7

SHA256
1a9a1d4e6a787df3d01922560a5dfbe449ccac993e9e4cd9a91b73c6d1d07dea

SHA512
137da7e4ac27c08dcd228ddd2874f21a382fa44fa1be43b6cb98dcc61dba33841f3d98752547f599ce6bd0f0925c730b18502e96da728e8e75560739e1daa061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
04d36620819f144f8300c55be494aba2

SHA1
5166faeae930c5aaa35cda4c3d9d5d63484ebcf6

SHA256
31f0eea9c6882aa2fd63cf2fb5c428d214574490cb36da0d1ccfd6fc6a411b32

SHA512
ef44d75285e60c4a032156043ad885a619363262671a7d5c564835a2ec44bf9fac43d4f563eeb2c3c535f39945dd1156474fce2343bfd1f9bd5117aacea0fc8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
038eb39f54b7003a927907d2c2e84ff7

SHA1
f41a8572e0bfe3e1925b2f7c2e2476fef6b5cf96

SHA256
57a309f750b34674ef65dcd1eeca97d5e1f5aeeea02fa88a97c2b137a335a94e

SHA512
021550758f3f12e9976d8f37be7fa0446cfa77cfc45830b71e509e926d8890295e437934c5cb9b54da1d3d9931c457c4e70bcb46a48284e644a9ce0d52d3a828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
adc437b35d0785d42e7e2c9d8d2fdb01

SHA1
a5e09efc89075383123379872fde46a3442b749a

SHA256
6bbc4da242638d350fba35c3905cd433a2e5dbc1f38ae88e9ec77b04455c10ab

SHA512
fc4644baf0b9b1ea69aa28b3b440ba6ba34f880fe5cebe9d400a64d0313a6051b97c480ad547c6601facf762d778838d4c6d7680e9437716ed88f7b8cfb63691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
137938b542719bea9d30da45cdda7a62

SHA1
49d94a450068f8ae99280c291303f06f739f76b4

SHA256
148532e76b7d497ba8982722d2af5e79024017e83761b35de380da0227bfa3f2

SHA512
41b6e53b5e55a4af0a39efd0685a73f2d6e96d3fed8b8eb9f7eaf3c3f7dfda031780410b843902ca417c9057dc70aa22ed567b62e22fad2d6971d92dd63dd299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
8b9ec21d9007ae2af037bd93c2e5dbcc

SHA1
31374c10453e0999c4c99e11079c5f3a8d778a5e

SHA256
52fada8672d50ae4154826ff2734f1148bec639d728ae9ca77246a826360eef9

SHA512
a65f10214ac620605738738a3d638e30916e9d3f4ed7ea267d503c163ca47f6c5c974b11e88fac478fe91a4fc4bd00e6f368caee7d5f6cf5e414389007cb5065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
ee88ca1cf6b1c468fbad6efe72fd047f

SHA1
43e4f971133a67e1a23c6635defb8c2b6f3b36a6

SHA256
9577bca00f8ec57452225a1a17b14e15e67e8dee8407d5c92df93e149eb400a7

SHA512
3c1551cced4a7612270a4ba3ec09b79d561a744b9a980b83de3dd9dc0c63493eabb83226bf8ad460dd413f10af048e249e3bd1e28039ba97443ec47b34ddfb71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
262KB

MD5
aaae9826db8131ab65332cd3634c0b26

SHA1
eccc277c24a6ba75415ce3cabc986b10596bfbfa

SHA256
c21da42c81707dba6463655c082d32f373752e61745c54caeffed1ca642c3fa5

SHA512
249c300a18840b55d55e4f7ad19e30fbfd1e38acd78d354cb813391e2f148bc9943f50521670abecab31ca156d11aeea444114d6039044cb55c8756a60ce256d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
282KB

MD5
5d941ffce3ad253ae901e200c47b5c50

SHA1
fe4eef8a9acf3f2b49d122daaa90c4884a48064c

SHA256
57a37edb1f5f3e4939f0f6421bbe26ffbc336136e2f7163a93e8e4f0b07ee615

SHA512
2070f612a143d2a1a06a189aae2287d82b323f89011a1632792465c733d66258041f81abd56091f2efb96497e44d906be1525e5da2dd49947ad385410323b403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
fcec978fb7cbd71d9936cd6bd0a08c3c

SHA1
4b756a9b134cc8d666e154259b52cb4faf3dcc91

SHA256
847a944b6fe9a059d885c0a4eafb4e950e838fe18a8d38e22765e8b9be6c3240

SHA512
692752dc0aea785529d44549c20adb7e719dad86992061310f36eddee3430a47629b1437ac828038da9ac7c12c68e77271380d9f56b9228ce0671ccf52d9c026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
261KB

MD5
f9d34adcfc0f017b26674dfc96066863

SHA1
ed69387cbf40b9b44f0132c419109fc7f5517fda

SHA256
64295c6e031c99ffa4826318104ebdcebef9350384e0a81694fbc874c3327a03

SHA512
4fafa0753f0979302cbf32c2f95aa274dcd9f9957687af6bf3659b5e7e1c01d8057e4079d6a0978d5e35f43f9ffd49fdb462f5dcb17352067675e602be046135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
261KB

MD5
0f09a65e24378470721b7f830195c647

SHA1
92e96354fda174acbeb884742a9d50d3e257d9d7

SHA256
cdfa48198e96ee8f889d9fe53a7eef287a7ab147429ffc59a7d9ccf057298fb9

SHA512
e973ebec967f8159d47abb5e9e4872ce215bf9b21a9244127731c37e46f5b60724fb80f536ddfe2224e9d171c561807ff8c3dd4d758b7cb5bf800e5cba30ec6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
102KB

MD5
8b3725cedeca432c3df337ad0a752723

SHA1
7e06a2f9cccd8f2d756678d92e89dda93ce9cedf

SHA256
d22c32a677082e3ade815cc8d6562d9f0a651d1ff01d781a4107cce57fc953d8

SHA512
b334966e7afed35fbb3b898008cfa5cbc57f4485a5b8ae02781732a6839b42c1ea63af9eb67d5095c8a4e98da4de911f16b4811789cc0a40a040c05477070cdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
83KB

MD5
0a766ece5b32195d6ac336b68f117212

SHA1
1bc3ba8675704c9b78ea2c4bc60674f18ae58d7d

SHA256
8a167360692bef0ab8a4b9c41818e4e325d78aff4494796257e1b839f0bbcd57

SHA512
75a053e1ad0414b6d6f91dad157905b2dbbb4c93f16a41ac56e1de78920bab0370c3697d7037da062f9034c904df130cbdd8ee47577f2d69954784fa26c15f5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
103KB

MD5
b094e9d1d394214c74aeca0ef706dc1d

SHA1
9891f4227ef09cf6eebba19fb0d3178ca42e7f55

SHA256
1dbacfa5cb69606120055238d96aae71e67052d178724c7fd20a120f6e8c06fe

SHA512
54564c16e614dcf00f12e3b299b5e171049da29b5a3aa43aaf81e11746704ac4c620fa07c9fad6dfbd6cb8ba77184aecd0f27a2aa8b9221349b6cd2c9ea37cf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
87KB

MD5
05d36e01ddcf4b96d3cf197a1a776021

SHA1
701a4b56ae14ab33fcbd42ca33f09fc562500b13

SHA256
94a3b77c590389523ba6eeba2530dd0cf94d028e6b602118cb108829e08cad2c

SHA512
6ed63a5a8706f577e0cef2b1f3f7ea983471b4fab7d3e2ef3fbe7ee6a461ea3bb940340c4e8df0580be1492fe8e05e970c8e8c9e040a28acf07ba810825fec72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57bc99.TMP
Filesize
83KB

MD5
d025e334ec4f224899a535291e8a77ce

SHA1
83411082df8186fc51d2e65662a146c89af721d3

SHA256
835c13d2ce6fe875b2165c2226f0d2f9a6f224603d37948f6fc59426f9c815a1

SHA512
6b335e66ac841ac6237a7609766ef00fcde2df6028418c7351a85dd9f05a364f820fabcb97d7ce9f0d81c19ca6c9ff57dae88d19ba8dddf9e9b314b85897fcc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
Filesize
512KB

MD5
857186c859d060552b6fcb3460ca6720

SHA1
ec5af3abda49821a836846351fb57847113b0cb6

SHA256
2394183378a8fcab423a331d7c2565cb707d6634678840a2c1ba5c2d8bbcfa00

SHA512
d2be42b484d829fe7a0eb3bd5ed6aee170df8c819087e33107829f46ba208c3e6f180440c3ca0a88ff279f7475b54bcf197b8dbde6ccdacd22443741173622c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
e9aa12ff0be6d995ed86f8cf88678158

SHA1
e5ee38fc2ebef0fcbc3059dee29b39f7daf21931

SHA256
f35cd8ef03ac924a59943c5dfffc31ab67a8b5aff272e9f47ff776aabc7ee561

SHA512
95a67acd2a4784b87d73910c1f1f590937c9d9b901e98448556a37eb8137ae5f458f1c673d65a46cf7d6b90bee5fe6b102ce3eeac9e819062cd9c5c2418bcbfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
Filesize
1KB

MD5
5795c631689709db064020a149ad9ea9

SHA1
a9b0df3a26b457707092961301d54995ec845d84

SHA256
84fa5a48484de716d64625da01f8a8a82b2812824346188fce8b42a1075a2e00

SHA512
f5d33fef537c74a7c063c5eae84781d2ecb3007a8add6db51d58832d06e93343c85790fbee03ad18f27588a6e9a8eeff8e64a044fe364df56d833003fe06473b

Download Submit
C:\Users\Admin\Downloads\SolaraBETA3.rar.crdownload
Filesize
14.3MB

MD5
a6d8949e3f607cdcc0dab3a8a238e392

SHA1
cebd6a5f7119992718631c1c31dbeb836f60a8eb

SHA256
168a76679d03d1e2e72cfc68f665ac3e9a498a8f1c3e603b808dd92723694c4f

SHA512
71d6417939c535cc0dd6e60b1772d22c840d95977a662d3e18d8f7debde41cd5d343095ca14a7ccc6226b437c8c6c66127a1b2a2d99c053fcbf4ba7f18226d03

Download Submit
C:\Users\Admin\Downloads\Solara\SolaraBETA3.1\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
Filesize
139B

MD5
d0104f79f0b4f03bbcd3b287fa04cf8c

SHA1
54f9d7adf8943cb07f821435bb269eb4ba40ccc2

SHA256
997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

SHA512
daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

Download Submit
C:\Users\Admin\Downloads\Solara\SolaraBETA3.1\Monaco\fileaccess\node_modules\has-proto\.eslintrc
Filesize
43B

MD5
c28b0fe9be6e306cc2ad30fe00e3db10

SHA1
af79c81bd61c9a937fca18425dd84cdf8317c8b9

SHA256
0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

SHA512
e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

Download Submit
C:\Users\Admin\Downloads\Solara\SolaraBETA3.1\Monaco\fileaccess\node_modules\hasown\.nycrc
Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Users\Admin\Downloads\Solara\SolaraBETA3.1\Monaco\fileaccess\node_modules\vary\LICENSE
Filesize
1KB

MD5
13babc4f212ce635d68da544339c962b

SHA1
4881ad2ec8eb2470a7049421047c6d076f48f1de

SHA256
bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

SHA512
40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

Download Submit
C:\Users\Admin\Downloads\Solara_Updater.exe:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\crashpad_1496_HNVLVEXKGTUYXECA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2672-594-0x0000000006BA0000-0x0000000006BAA000-memory.dmp

Filesize
40KB

Download
memory/2672-595-0x0000000006BD0000-0x0000000006BE2000-memory.dmp

Filesize
72KB

Download
memory/2672-573-0x0000000000A90000-0x0000000000AD2000-memory.dmp

Filesize
264KB

Download