b20a675a73f1940c54dda5cad8f5455bf4baa31d77edce3f391b12995d0abe85

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SolaraB/Solara/SolaraBootstrapper.exe
Size

12KB
MD5

74494703e5f44eeb9aa037f0f50bf682
SHA1

fcfd8813e63cd61c5bfd2db605827fb9070fe8e9
SHA256

3e4f692506d372bebc12d344c5f1543b67fa1dbe095c910aab78456510d7fe66
SHA512

dbd2a8d928c797c70c4286d8ebabe202902445ed60e94eeccf33c7e3d794c7e362139187dcd1a57a4919503c1c791cfbe38f6f6eff454248382b3c4e023791fe
SSDEEP

192:WrnDHbLupIapaLPr/XKnxxTc1l6VXtrNjA:WrnzHUIapazzKxm1cVdZj

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

XcHvYYrNa.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ XcHvYYrNa.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	XcHvYYrNa.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

XcHvYYrNa.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	XcHvYYrNa.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	XcHvYYrNa.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

SolaraBootstrapper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	SolaraBootstrapper.exe

Executes dropped EXE 1 IoCs

Processes:

XcHvYYrNa.exe

pid process

4592 XcHvYYrNa.exe
Loads dropped DLL 6 IoCs

Processes:

XcHvYYrNa.exe

pid process

4592 XcHvYYrNa.exe
4592 XcHvYYrNa.exe
4592 XcHvYYrNa.exe
4592 XcHvYYrNa.exe
4592 XcHvYYrNa.exe
4592 XcHvYYrNa.exe

pid	process
4592	XcHvYYrNa.exe

pid	process
4592	XcHvYYrNa.exe
4592	XcHvYYrNa.exe
4592	XcHvYYrNa.exe
4592	XcHvYYrNa.exe
4592	XcHvYYrNa.exe
4592	XcHvYYrNa.exe

Themida packer 7 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.dll	themida
behavioral2/memory/4592-1500-0x0000000180000000-0x0000000180C2E000-memory.dmp	themida
behavioral2/memory/4592-1501-0x0000000180000000-0x0000000180C2E000-memory.dmp	themida
behavioral2/memory/4592-1503-0x0000000180000000-0x0000000180C2E000-memory.dmp	themida
behavioral2/memory/4592-1504-0x0000000180000000-0x0000000180C2E000-memory.dmp	themida
behavioral2/memory/4592-1505-0x0000000180000000-0x0000000180C2E000-memory.dmp	themida
behavioral2/memory/4592-1509-0x0000000180000000-0x0000000180C2E000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

XcHvYYrNa.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA XcHvYYrNa.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

10 raw.githubusercontent.com
9 raw.githubusercontent.com
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

XcHvYYrNa.exe

pid process

4592 XcHvYYrNa.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	XcHvYYrNa.exe

flow	ioc
10	raw.githubusercontent.com
9	raw.githubusercontent.com

pid	process
4592	XcHvYYrNa.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607811548979199"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2539840389-1261165778-1087677076-1000\{61519BBC-76AA-4339-A2DC-89D68C70A85E}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exe

pid process

3512 chrome.exe
3512 chrome.exe
3512 chrome.exe
3512 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

3512 chrome.exe
3512 chrome.exe
3512 chrome.exe
3512 chrome.exe
3512 chrome.exe
3512 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

SolaraBootstrapper.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4788	SolaraBootstrapper.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

Processes:

chrome.exeXcHvYYrNa.exe

pid	process
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
4592	XcHvYYrNa.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SolaraBootstrapper.exechrome.exe

description	pid	process	target process
PID 4788 wrote to memory of 4592	4788	SolaraBootstrapper.exe	XcHvYYrNa.exe
PID 4788 wrote to memory of 4592	4788	SolaraBootstrapper.exe	XcHvYYrNa.exe
PID 3512 wrote to memory of 3488	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 3488	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 4168	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 3224	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 3224	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe
PID 3512 wrote to memory of 2520	3512	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4788

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe"
2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of FindShellTrayWindow
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd53eeab58,0x7ffd53eeab68,0x7ffd53eeab78
2⤵
PID:3488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:2
2⤵
PID:4168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1564 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:8
2⤵
PID:3224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2156 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:8
2⤵
PID:2520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:1
2⤵
PID:2016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:1
2⤵
PID:4340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:1
2⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3992 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:8
2⤵
PID:1360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:8
2⤵
PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:8
2⤵
PID:2360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:8
2⤵
PID:2092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:8
2⤵
PID:1100

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:1300

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7c629ae48,0x7ff7c629ae58,0x7ff7c629ae68
3⤵
PID:556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4740 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:1
2⤵
PID:1388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:8
2⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:8
2⤵
PID:4604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3140 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:8
2⤵
PID:3404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3352 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:8
2⤵
PID:1080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3400 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:8
2⤵
PID:4388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:8
2⤵
PID:1436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4852 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:1
2⤵
PID:1596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:8
2⤵
PID:3704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5216 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:1
2⤵
PID:1396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5384 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:8
2⤵
PID:4500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:8
2⤵
- Modifies registry class
PID:1036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 --field-trial-handle=1984,i,4349023558675950913,16862205029832131654,131072 /prefetch:8
2⤵
PID:468

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2392

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240521160555.pma
Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
cd7c0949ec5baebee3b7c4bcfdfd30a5

SHA1
9a4d3b53166ba6a58562567fa63ed5f61d14e7dc

SHA256
ac65fbf3bf6d0b104ae482f03b62902f099142076fc8d362576b5b40599b0e58

SHA512
287d5aa25c1761d6a031b6519f78eba1948b35cae23a188c63e242052579f93d3244a36ce04f55a4ce731eaeeb22007d80c65f0385a9e1867f2cd7a09dfd3744

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
646eb92d81f372ab39c63a6ea4ab53bf

SHA1
8368282dd6437e52127d76a6e1215952c29bb5b4

SHA256
20abdf7b0922d234a9da66c76318e08478b78a6dd15492edda4466d11a1b9ebb

SHA512
61da3a81e59522049c6fcea8e75a348a4fe7bf1207ae648ab6cf0f58df1e0ec585694df414cee14186cb16b1872f7fd31efd82d0317b308ed3e8979156ce1385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
1d312b9cb0c5ba90c6f54e3fc1a5b10c

SHA1
e041307b7997f8fffb7c9ef2bc3f4c5aa8d706b1

SHA256
dad3d9e05da8cd28c84cd962ae67227b723373457e90afe764114cd6e98a7637

SHA512
0bd53f7901d58408adc497cb55b9a9c99755bbd26ddb6e543a75331969699de48e4ff842fc0df6f56d7608f48f66c50a2f55ed6b0108ede61390ca900dc9975f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
523B

MD5
7f8035203ecd59b64d3de4f47ae57bd0

SHA1
d0c9b9d215952c5e20c6d927f3c218043e000e72

SHA256
d8c595f354e16dc64c8bc7bc22e477cfffd60a2c4f3129de28e3d823fac70a19

SHA512
c9ab25397573529ad43d01f08954bc378bb274453bfd3499fd1f2180c9e383d7dca15a5c78f55b464007ee554de12a46795355a65bfbc83b2beb2986f486dbd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
804ca6eedeae03326872d9f27e6815a2

SHA1
64e4d80053c618a994d770dd6905190a8e2f987d

SHA256
8e18f34be73401b826ee96b17f5fc772cefb98392ce8803d22a1292f9e100896

SHA512
4d07a58eb494672046949171332e443748a42dbd16fcc55f284867c524df5a718ac6859f6d9b65dcb9272539ac325dab92b772198df1eaf31536c0a1230d12ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
840e3177e37396e5d27032964698ad03

SHA1
5e39d354fdfd6d261c0a4726c3c4d2032a625ace

SHA256
e6bb6550b3280b743b108ff4115dd50a49f15f28f801b3bc38c8453da4876110

SHA512
4f30c1777fd1129e12f66e8ee55f6f134010467eb04dfea30c6b30e26d89302cf1b4d418607ef53946698c70ab97389239cbc2b4f6803d81a6317c29b745c93e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
523B

MD5
304f64f731562557a4645f73beb5429e

SHA1
267b8c57650210696dc7885fdbf73736f502ce3e

SHA256
583a7d25d8338e394af63f1beb17af09a69f630dfcd99273eff3ca4356f44d5b

SHA512
68e85c2e8a9743778a5b38501e49ba2c3bbf4f11ea9bc347871917b6cee31b461ad6c2a5e241c13d578207cb94d584e9c3dd9a234ea62cf33c1066960fe8ebfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
24be60d10bc03b3ba79489f8462368eb

SHA1
f514fef7a5341910faf7ccc314509fe417446494

SHA256
6c6037a43295c5b460383dcd04a3ad1870a3df60232df58562d7e451ff42a1e8

SHA512
c360d3532a192d98ff4a13b1d074937d715e16778446723a2d56fd88bbb5efa7607eb58095a79230d46302c649b5a03d75526fae86d35983c2a7972843615c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
060d86b1135653437357c67c9d3e0c6f

SHA1
7382f2c8db1a356cabd4ffe24fb654ec33674b45

SHA256
fefb7bbbca0fbdb7faaf4ffebed6da8af81634bc2c6db4c3bba67de8032fd6c5

SHA512
a4de9ce2edae4bc883133b0c5e600c0c19c4f18babaacc68480bc1729e98368a4a42abb4cace6cd7463f61d7575d1a596ac077bf591245a5f876e8480b43b8a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
8eda00495d7ff71b2143bf87f99e4142

SHA1
f0c4f23826d42948d1e56354ba3c4e32073050ee

SHA256
d042f9e7ce68df7ef52cd4b31b4779fd338bf185ed8e2bb042d4100062269133

SHA512
d99816693e2f9b9d4545c8a83582aa86b36d310a2374003e644f91a11e02b1a433854d5fcac9e4d9721f5488518886c06faa7c3f7cb35eccba8d5ce2884e3a1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
5aa3e102a5bee2ec846572a6e66dde2c

SHA1
e369d2081f0a4df6775a96c553c16c7d85aad708

SHA256
5017725d7591dd46633f8042c3b7b74674ce8425249581935746bdce62a6167c

SHA512
8d91f904d3c3944e5f6a1fdd104a2f3a88ee15f542441d4017a7b5d61380dc29b201909082b71389054ee5383c17a7548a1d04cb48e3c32726f1a99ad55d9c0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
77e8081e974c72ee67dd173f8f595239

SHA1
2598075353121ea9a8fb6a80ed5a52d308fd7cfd

SHA256
e792ac4ad8cfb1cecb145a719766ab67102618f6d1cd4988a939cb9e07d07117

SHA512
dd3a88fe35993b1bafbf23c57037dbd09f33052a3c2368f831fa00bebbf755946ae5a0dea6e09ef47cb4ac5c752e31b29a26aabcb768b0451b9dbf39401091e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
428ade995494738197495f5d2fb85364

SHA1
a54c61fd7635b2f88c51597c5d48345528a7790b

SHA256
da16f9988d56dc7475a77953837997e031ae69536c7eb39653d9330b4613446b

SHA512
f607131109a47e66c73aa2b10629f4132c44d81e0c174978d64bb88a36b8441ee26d105a71b40a99809832299686a76a4b3f4e8905eaa87d07d97abfb36a0604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
261KB

MD5
8ceda20e227fe985e9c583eaa2153473

SHA1
dcbc76c555205e671237394dd38280ef4f25520f

SHA256
1e16240201cc3e00dfc0c7037d401a6bf6580c719faed38f838d2ceb85635579

SHA512
989dc6106334afc94f5f5ff108c50fcdcf53e46e619dc1da98ecf6ce919b5bd0112f3a7558b99dae5f9aa9c38652ed0b378da02a45f1404aea6004503e3797b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
281KB

MD5
582e9f7513514b22f7b0ccfac490321e

SHA1
ec10a4199c7f160f75171ffca671c7b46afaeaaf

SHA256
7f6eb689840ff694c0f36de93bde45642fde861b7ee8957f6151d908a12ccbdb

SHA512
44e9901312a9f977178d648253cacc0feac4c562cd18a560279758bb2246e54410380b5b9d09005921756e30c348b2cb5a7b1655d4afba4301faf3b1c63f5baf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
7811e9fdc6e5128ac3d99ffd57545e80

SHA1
9581a71c42675ef632369af041d752eda87ef021

SHA256
f51440c7b9114f7ab1e44f06c0929a41ae2406f66561dc4ffbfe787a9b963543

SHA512
9d14c856f899b43fb26cdcf580c3f315aebfd0a45651f232fe20a88654660076904462df76356746da848b3633cc9fdfbd8e0b2ae3001763211ec0359f846390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
789033a16271d879181b3208d88fc9c3

SHA1
ff1d5ace47276e72b0aecfb28a82afb31a488253

SHA256
2de3238f3d481e952517c0570dbbe385371903907fd47eda63b537d6cb506774

SHA512
e4866b2b34f0ef5caa1c0ebe29967350df68c92dc0e01baeeea5a359eca07b71ad0d5bd18915c13dcbdc56522a02a2e221ce5041c592bfdbc60ef9c7d0ce7c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
99KB

MD5
24ffff3b20c1d0e4f0405bc9e1190eec

SHA1
753ea03e140a126ce2032c5dbef8a0b05e929e8b

SHA256
fb5f781d28887ce1d4ae43edf9f3eab219337812a90f629d88cfc43572269b32

SHA512
4df8a6f2c66d9da9b183d44e68560f92e22c5516ff4663977c527e4577457292c3423d5d5ecd2640de575daeaf94ea4c3b5208fce5311b7ea0cd86aec07d7bdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
102KB

MD5
baf102ff920be85773725dd09610846c

SHA1
2fa795741e469b68c0b1241d10458f4cbf72e776

SHA256
02e2273dfca518b0c1cc27ec850872e7a916da08f0648220dc3c4560f1164a81

SHA512
a8ac71eafbbbdd15274d708b8741e491129e5de04dd059bbd05f95b42c677ae276dd40ec6d6ff33fa22c2a9bc8e85ad95256944fd4ee23062ef1e1c9b2229bec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe592689.TMP
Filesize
89KB

MD5
73d59be13f77b35a6ed66113437f803f

SHA1
ca0efa947d43dd1021027c5554ce059457dba35d

SHA256
d9c56e15d876a8c49c6307607e911bb30fe2c632a55a4157a16eed0b8c22d925

SHA512
e2d2b0aaca5bf8ab9b61d2f69be2f26654a7e608478959977b71f7485900c6e369b0fc9614fc2641e043750482974813e8195b8d9ad3c59b88b74e9b19e61bde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
Filesize
488KB

MD5
851fee9a41856b588847cf8272645f58

SHA1
ee185a1ff257c86eb19d30a191bf0695d5ac72a1

SHA256
5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

SHA512
cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
Filesize
43KB

MD5
34ec990ed346ec6a4f14841b12280c20

SHA1
6587164274a1ae7f47bdb9d71d066b83241576f0

SHA256
1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

SHA512
b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
Filesize
139B

MD5
d0104f79f0b4f03bbcd3b287fa04cf8c

SHA1
54f9d7adf8943cb07f821435bb269eb4ba40ccc2

SHA256
997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

SHA512
daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
Filesize
43B

MD5
c28b0fe9be6e306cc2ad30fe00e3db10

SHA1
af79c81bd61c9a937fca18425dd84cdf8317c8b9

SHA256
0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

SHA512
e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
Filesize
1KB

MD5
13babc4f212ce635d68da544339c962b

SHA1
4881ad2ec8eb2470a7049421047c6d076f48f1de

SHA256
bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

SHA512
40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.dll
Filesize
5.2MB

MD5
85b0dcb64053e35280477d88e1e05505

SHA1
70ebc4da4ac422bb47c1c49114d935d01848436b

SHA256
0c11716983653fef7d0f403c31429d9730c3c182eecc2e518ab98b4de6dd6730

SHA512
2f79e49f093fd0aaef79cbda75924ddec34a8172182a5cb7ddcde5227897f46e9e55dccf310779918afd1144f2af9a003d58939b5e631ecda147c81b95ad4d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe
Filesize
85KB

MD5
5e1bc1ad542dc2295d546d25142d9629

SHA1
dd697d1faceee724b5b6ae746116e228fe202d98

SHA256
9cc1a5b9fd49158f5cca4b28475a518cb60330e0cad98539d2a56d9930bdf9f9

SHA512
dc9dbecec37e47dd756cd00517f1bfe5b27832bd43c77f365defc649922cb7967eb7e5de76d79478b6ebfd99a1cc2e7e6b5119a05a42fd51a1c091b6f00f2456

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
Filesize
522KB

MD5
e31f5136d91bad0fcbce053aac798a30

SHA1
ee785d2546aec4803bcae08cdebfd5d168c42337

SHA256
ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

SHA512
a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\runtimes\win-x64\native\WebView2Loader.dll
Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dll
Filesize
99KB

MD5
7a2b8cfcd543f6e4ebca43162b67d610

SHA1
c1c45a326249bf0ccd2be2fbd412f1a62fb67024

SHA256
7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

SHA512
e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
Filesize
113KB

MD5
75365924730b0b2c1a6ee9028ef07685

SHA1
a10687c37deb2ce5422140b541a64ac15534250f

SHA256
945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

SHA512
c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_3512_YISFOACFCHNPHYBY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4592-1481-0x00007FFD5B030000-0x00007FFD5BAF1000-memory.dmp

Filesize
10.8MB

Download
memory/4592-1487-0x000001B3206F0000-0x000001B3206FE000-memory.dmp

Filesize
56KB

Download
memory/4592-1511-0x00007FFD5B033000-0x00007FFD5B035000-memory.dmp

Filesize
8KB

Download
memory/4592-1509-0x0000000180000000-0x0000000180C2E000-memory.dmp

Filesize
12.2MB

Download
memory/4592-1507-0x000001B33E0F0000-0x000001B33E128000-memory.dmp

Filesize
224KB

Download
memory/4592-1508-0x000001B33E0B0000-0x000001B33E0BE000-memory.dmp

Filesize
56KB

Download
memory/4592-1506-0x000001B339FA0000-0x000001B339FA8000-memory.dmp

Filesize
32KB

Download
memory/4592-1505-0x0000000180000000-0x0000000180C2E000-memory.dmp

Filesize
12.2MB

Download
memory/4592-1504-0x0000000180000000-0x0000000180C2E000-memory.dmp

Filesize
12.2MB

Download
memory/4592-1503-0x0000000180000000-0x0000000180C2E000-memory.dmp

Filesize
12.2MB

Download
memory/4592-1501-0x0000000180000000-0x0000000180C2E000-memory.dmp

Filesize
12.2MB

Download
memory/4592-1502-0x00007FFD5CD50000-0x00007FFD5CD74000-memory.dmp

Filesize
144KB

Download
memory/4592-1500-0x0000000180000000-0x0000000180C2E000-memory.dmp

Filesize
12.2MB

Download
memory/4592-1512-0x00007FFD5B030000-0x00007FFD5BAF1000-memory.dmp

Filesize
10.8MB

Download
memory/4592-1485-0x000001B339580000-0x000001B3395FE000-memory.dmp

Filesize
504KB

Download
memory/4592-1483-0x000001B3394C0000-0x000001B33957A000-memory.dmp

Filesize
744KB

Download
memory/4592-1482-0x000001B339850000-0x000001B339D8C000-memory.dmp

Filesize
5.2MB

Download
memory/4592-1477-0x00007FFD5B033000-0x00007FFD5B035000-memory.dmp

Filesize
8KB

Download
memory/4592-1478-0x000001B31EAC0000-0x000001B31EADA000-memory.dmp

Filesize
104KB

Download
memory/4788-1479-0x0000000074DC0000-0x0000000075570000-memory.dmp

Filesize
7.7MB

Download
memory/4788-0-0x0000000074DCE000-0x0000000074DCF000-memory.dmp

Filesize
4KB

Download
memory/4788-6-0x0000000006180000-0x0000000006192000-memory.dmp

Filesize
72KB

Download
memory/4788-4-0x0000000074DC0000-0x0000000075570000-memory.dmp

Filesize
7.7MB

Download
memory/4788-3-0x0000000074DC0000-0x0000000075570000-memory.dmp

Filesize
7.7MB

Download
memory/4788-2-0x0000000003050000-0x000000000305A000-memory.dmp

Filesize
40KB

Download
memory/4788-1-0x0000000000DB0000-0x0000000000DBA000-memory.dmp

Filesize
40KB

Download