0636e8f9816b17d7cff26ef5d280ce1c1aae992cda8165c6f4574029258a08a9

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SolaraBootstrapper.exe
Size

12KB
MD5

06f13f50c4580846567a644eb03a11f2
SHA1

39ee712b6dfc5a29a9c641d92c7467a2c4445984
SHA256

0636e8f9816b17d7cff26ef5d280ce1c1aae992cda8165c6f4574029258a08a9
SHA512

f5166a295bb0960e59c176eefa89c341563fdf0eec23a45576e0ee5bf7e8271cc35eb9dd56b11d9c0bbe789f2eac112643108c46be3341fa332cfcf39b4a90b9
SSDEEP

192:cDnQvi7auc35nuKdhAWVIanaLvmr/XKTxnTc1BREVXLGDlNjA:cDn97auc35tAKIanayzKto1jEVQzj

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

XcHvYYrNa.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ XcHvYYrNa.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	XcHvYYrNa.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

XcHvYYrNa.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	XcHvYYrNa.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	XcHvYYrNa.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

SolaraBootstrapper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	SolaraBootstrapper.exe

Executes dropped EXE 1 IoCs

Processes:

XcHvYYrNa.exe

pid process

392 XcHvYYrNa.exe
Loads dropped DLL 5 IoCs

Processes:

XcHvYYrNa.exe

pid process

392 XcHvYYrNa.exe
392 XcHvYYrNa.exe
392 XcHvYYrNa.exe
392 XcHvYYrNa.exe
392 XcHvYYrNa.exe

pid	process
392	XcHvYYrNa.exe

pid	process
392	XcHvYYrNa.exe
392	XcHvYYrNa.exe
392	XcHvYYrNa.exe
392	XcHvYYrNa.exe
392	XcHvYYrNa.exe

Themida packer 9 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.dll	themida
behavioral1/memory/392-1908-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/392-1910-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/392-1911-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/392-1912-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/392-1913-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/392-1917-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/392-2340-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/392-2829-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

XcHvYYrNa.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA XcHvYYrNa.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

13 raw.githubusercontent.com
14 raw.githubusercontent.com
39 raw.githubusercontent.com
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

XcHvYYrNa.exe

pid process

392 XcHvYYrNa.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	XcHvYYrNa.exe

flow	ioc
13	raw.githubusercontent.com
14	raw.githubusercontent.com
39	raw.githubusercontent.com

pid	process
392	XcHvYYrNa.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609368545179738"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3558294865-3673844354-2255444939-1000\{1DA77D32-F5CC-46BD-995B-C9C53624E8A6}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2188 chrome.exe
2188 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

2188 chrome.exe
2188 chrome.exe
2188 chrome.exe
2188 chrome.exe
2188 chrome.exe
2188 chrome.exe
2188 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

SolaraBootstrapper.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4908	SolaraBootstrapper.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SolaraBootstrapper.exechrome.exe

description	pid	process	target process
PID 4908 wrote to memory of 392	4908	SolaraBootstrapper.exe	XcHvYYrNa.exe
PID 4908 wrote to memory of 392	4908	SolaraBootstrapper.exe	XcHvYYrNa.exe
PID 2188 wrote to memory of 2016	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2016	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4880	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2124	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2124	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4668	2188	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4908

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe"
2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9174cab58,0x7ff9174cab68,0x7ff9174cab78
2⤵
PID:2016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1396 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:2
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:8
2⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:8
2⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:1
2⤵
PID:948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:1
2⤵
PID:2768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4228 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:1
2⤵
PID:2176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4312 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:8
2⤵
PID:4580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:8
2⤵
PID:1836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4220 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:8
2⤵
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:8
2⤵
PID:4856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:8
2⤵
PID:4872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3876 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:8
2⤵
PID:2848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:8
2⤵
PID:748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4824 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:1
2⤵
PID:1220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:8
2⤵
PID:1568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2776 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:1
2⤵
PID:1884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2428 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:8
2⤵
PID:4180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4672 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:1
2⤵
PID:2928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:8
2⤵
PID:3624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5320 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:8
2⤵
PID:1476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5332 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:8
2⤵
PID:1084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5420 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:1
2⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5328 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:8
2⤵
PID:4600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:8
2⤵
- Modifies registry class
PID:1944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1920,i,17336391912852138368,11087842870811999684,131072 /prefetch:8
2⤵
PID:212

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:808

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
46010a297e50fed7dc0495762eb3474c

SHA1
b4a154573cde5930d67859da7ae6005666dd6cac

SHA256
7a843bdc2e94289257b2694030af6b3e92b140ae62fc5ede54d6319e6c72cdfe

SHA512
aae118086ef8ffd39c16519cc5fbb1f3e347b246bf95163f9b72a56ce19abb45f6a347048974fda8d07c7cccb5d572b03e94d5c3745443fdae408bfda3aee381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\420cd7c2-387e-490a-a2dd-c0161c6b7b46.tmp
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
407cc28f78b043b198a3a4784be458b3

SHA1
7ea798e06590563ae56e771f7e0bcad07ae8c636

SHA256
20ff331ca23b77b8ee49a83076404f18f3de87c2294f34fcd1fc60e6b54781a9

SHA512
cfbcdcdbc11c932664dd5a6a78dbff2a9f8fcf3a614e9169c666de391fa9cc2fbe2353274c458ecc1d387b5dfc4d76ec22b54e809e6242fd2a7a3f6e339ed94d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
3d5fc7e109f9fba0b13f9ce7fb78a503

SHA1
94c78c1aff8e2b45aff247abb31f9d8397bebf31

SHA256
7804d815bece49107dd85ebd667780f6d593866c9741705193d2609bf296ab29

SHA512
8ecfa6d91bad839c62d2bfcc012a09a50a9529d7057807bfbcf11e7b384325699d3fe97565deb5abcfb1ab1820cd3e12bc84c0a17fda5572726774c9f9e9f88d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c5f253c695df50c8f846872d1688ac73

SHA1
9df889836eccc459bf3e754f28503fe5c5b0eb0d

SHA256
8f49ad6d8299e899a0b6c753d7ef6ddb3ff9b647d49de0dcc61018c076604c9e

SHA512
d0d999e5f5a968ae22d8569d5b3f0c6a69cd2cb07f26c87a9c2b0c18733cbfe03970e094bc07808901a21a6375795257659884085006fdf4541e22500bd2ca0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f54367e8bdb39fd18c10327eac6a6376

SHA1
2674f5ed1029a89821d47e90815c9056b02b78dd

SHA256
302cbe106e4b3a231074671d12d5e73864f05ddfcf4de068208e5f6f04314a32

SHA512
20757febbea21c992c1da7bb96cd9e14e8d77b56db835c060c1b3a3ea6542fae1e2c5732737c0ba789ae093a4f5c7a1db98c974b0edfcef98adac18443d13e70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
fcb38664d2ba1bdfb1ce0eceeef7b9b6

SHA1
b32fd8470badfcd18d405feabb825f6d8edf80ce

SHA256
7a8bed294bd273c19b2a3b8a4b32b058d5e790b09be42f2e3c2341bd2cb4c860

SHA512
414580cb42472922d8d1445a3b61ccdc5e144a9cdb633547d556fc2330917f159f4b15af23450902b0b26fd944e258e89d9295aa9ed6aec5081d25becb38fbc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
57e11dab859a384ecfdb5c204bbf41d5

SHA1
023989802fbcdd3b7fc61f7082e3004e03f1c037

SHA256
0dc94e2b38f4cfb743eddf9bead95ff4328dc5ab8ed260dc85e19802afe7955e

SHA512
7cd391701aacdd2dff3e1b95c5c9f9c4866993a834c4b12ea1874625cbd1c60a21af993f2d37b95269e3c4370fd667b49d608634e855b711b89821c52294d523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
0f6e5245ec269d63e7360099af346160

SHA1
7f39cc1273b85334d9bc27350822b871350f1ec9

SHA256
e7d41b7dd6b16bb7188f694f9d5ac1d12869b02900301c3b5515194158a35d4f

SHA512
d0f505ee83f446e54769db0ed6d36c7ec2b429c51b8176ec0cb272e7f061dcf4ec7767d0fbc53b953b9dab9c0493af31e94c2cc7dfb99f8be2194bc249e5eae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
03fec0f684b27dfa14f4bcecc563d08c

SHA1
0b2adaf27b1462ae5459c3cbef1682699cdf7a26

SHA256
0a52dcf0a36a51a84c94201c1ab07825feaad29d4c05ddc2c9a0c9f150a07f71

SHA512
e0ce0a9d1526ca8dd38dbb7b46b4bf666a791290b85ad50d7ea36132ee1ae505a495ad13cd67eafc1c03d78ce57b52c2657a72f0218b29711f24624ef21ee163

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
31506b38fddd754d749348b9e9596916

SHA1
6a7e050859beaf9980b1705c094c3e31c3812e1b

SHA256
bff9ff76a917c72a4f41b1695fea35867ac2981e36702404bb7b70f22bcecde5

SHA512
2e5ecd3ad8adf6c61e8c2ad2c9a9b018fe874f64bb157b3a2d78c68b6fe8391e96f73bbf7ff0b11b27ccdc39ecea3e1777f6a4fadc147b37e93422b99cb5fff5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
fb4108a171f695fe58838fe297e1fa78

SHA1
92af5a64a7c39dd63e3a43497278b16dc0582b23

SHA256
efd330babb35f0235095d48f953cd8e1fbccf825bf6cc72980af7be13aeccc29

SHA512
b1f63501f0318df572f342bfd72fc6809c776fab7126369d1072605927a23f28ab28318c4776ecd5c7474e27715d1dd211c11d922df3a0e2c8e7204bdbc7169a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
11d352844342e1c321ec33b61e26d8d7

SHA1
a4c8f61be6cede29d3587735f0bbe80c2051de6f

SHA256
1b4b21216efac1cf49431f50b267d05a8d3f962f73a45e3a51d780adc1a0a73b

SHA512
dc352cac1724b51f53cef2ce0e33ed5e6da137914e37547e471f2011d835d037260a5c96d0434ea28084ddbabd35b381bbe971afde4341a8aaf8deb6aa6e8592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
e52e252a80537a1b58b9dad2b0940a46

SHA1
f5f1715d9cd2bc4c678b13895495004e7b72f7c6

SHA256
7d6c87cb71e0d6e5e3dec9e951d365d336542ed5cbbf887a1ec5eadbdd30fd84

SHA512
468f7297cc25725d672a9d9ec2a0bec0d3edfbdfa8854e88bc2ec41ab43be6a6b27dd2a7769cb4f6bea3007a692436a9eae3365d20af96e2ad2244f8bea55788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
a56c53181143b65022e11d0cbe0d70ca

SHA1
ff2bebbfb00d90741282de7fdb42597ae49ff907

SHA256
ca8458a11d7b091c27c82ac0b1aac4b7a9af6c29824567fc78cbd47d945810f8

SHA512
90ec5e5579946a521e482e7a15853c13db3e9e7f52261039e26049ae99562970d228b69979bb039b0b4f245d913b5d5b0dd7d4e24be18d53d686cd2aeeca1b91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
90KB

MD5
874a4e1d0a1f0d63496a29da5c049d9f

SHA1
1c7fefe3dd57a44479a833a75620d0ef6d0e2fd8

SHA256
5a41ab2408023920a330eca37bec5b7056c65e1177d95443674146c0a597674c

SHA512
49622421e13740e816afd7daa6a3dc362962ffa1fe527c7b5183d62691b13e3b0a10247b4b6def9a2af4de562f257facec7c7f93de74edff4544407b5ff3a545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
93KB

MD5
54f5e4a3db0a48ea1db8f3374fe708b0

SHA1
2cd04d1f86373c847d64bd22896460ff7c704507

SHA256
ef2d30b214ada2654ac9597c6434eeef292e907c8d8e7dec8ccc9033b147e62c

SHA512
b17d27603d20648964d68a37789cd5d5e3b067c746bffa594bfaca53cca3a6b6d292df5d74760825ec89668fcda2ccb5ed81635716619a02d0692362262ad440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587fba.TMP
Filesize
89KB

MD5
bf5c4f9dc9a7dfe4a64959fbb1eae2db

SHA1
2739e53ebac35e0fb0823225474c3acabf689ed9

SHA256
bd21fdaaf7052efd371a1a3fd928385184a917e25551074e1001d464188265b4

SHA512
f78848345c0edebbf890973fcab1377f5f47c412b885d2b4e00717a9d52365f92b1ce62c0852ddf8eb8e66d2fa6ea6e5585bb18ed13ebc78f0de73c9ee997ebc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
Filesize
488KB

MD5
851fee9a41856b588847cf8272645f58

SHA1
ee185a1ff257c86eb19d30a191bf0695d5ac72a1

SHA256
5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

SHA512
cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
Filesize
43KB

MD5
34ec990ed346ec6a4f14841b12280c20

SHA1
6587164274a1ae7f47bdb9d71d066b83241576f0

SHA256
1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

SHA512
b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
Filesize
139B

MD5
d0104f79f0b4f03bbcd3b287fa04cf8c

SHA1
54f9d7adf8943cb07f821435bb269eb4ba40ccc2

SHA256
997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

SHA512
daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
Filesize
43B

MD5
c28b0fe9be6e306cc2ad30fe00e3db10

SHA1
af79c81bd61c9a937fca18425dd84cdf8317c8b9

SHA256
0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

SHA512
e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
Filesize
1KB

MD5
13babc4f212ce635d68da544339c962b

SHA1
4881ad2ec8eb2470a7049421047c6d076f48f1de

SHA256
bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

SHA512
40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll
Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.dll
Filesize
4.2MB

MD5
114498719219c2427758b1ad9a11a991

SHA1
742896c8ec63ddbf15bab5c1011eff512b9af722

SHA256
913059869dca00dfa49bcf2691b384eb9804739d9148e3671cf1d6b89c828c42

SHA512
4f36ea0c5e8af8087ecf92fa49e157dcc94a1cc68563fc97b3fe026b92c0abdbe640bf347c24a666f59b60380367f85daab1a15e2c4902921e63e1b741c01452

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe
Filesize
85KB

MD5
5e1bc1ad542dc2295d546d25142d9629

SHA1
dd697d1faceee724b5b6ae746116e228fe202d98

SHA256
9cc1a5b9fd49158f5cca4b28475a518cb60330e0cad98539d2a56d9930bdf9f9

SHA512
dc9dbecec37e47dd756cd00517f1bfe5b27832bd43c77f365defc649922cb7967eb7e5de76d79478b6ebfd99a1cc2e7e6b5119a05a42fd51a1c091b6f00f2456

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Extension State\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_1
Filesize
264KB

MD5
17bd7672040db656308d76d6e66a3095

SHA1
8ed1945d141244a8807a94d78f9150f4a311a31f

SHA256
73c89191d5808f65ddf660bff7827dd0aaa68747418749c5f2835bb824a0e665

SHA512
c3c8fdb9212f7187715454a64f4888f8cbe4805b8d0f754875fc11d623df27976c62eb58c64f35399d6e63d3094262ab9169c0255653d177feced62d8d6aa0b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
Filesize
522KB

MD5
e31f5136d91bad0fcbce053aac798a30

SHA1
ee785d2546aec4803bcae08cdebfd5d168c42337

SHA256
ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

SHA512
a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dll
Filesize
99KB

MD5
7a2b8cfcd543f6e4ebca43162b67d610

SHA1
c1c45a326249bf0ccd2be2fbd412f1a62fb67024

SHA256
7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

SHA512
e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
Filesize
113KB

MD5
75365924730b0b2c1a6ee9028ef07685

SHA1
a10687c37deb2ce5422140b541a64ac15534250f

SHA256
945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

SHA512
c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_2188_TCBKIYWVBWWVPTKR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/392-1897-0x0000024EDFC50000-0x0000024EDFC5E000-memory.dmp

Filesize
56KB

Download
memory/392-1895-0x0000024EF9D70000-0x0000024EF9DEE000-memory.dmp

Filesize
504KB

Download
memory/392-1917-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/392-1916-0x0000024EFEF00000-0x0000024EFEF0E000-memory.dmp

Filesize
56KB

Download
memory/392-1909-0x00007FF91E480000-0x00007FF91E4A4000-memory.dmp

Filesize
144KB

Download
memory/392-1960-0x00007FF915B93000-0x00007FF915B95000-memory.dmp

Filesize
8KB

Download
memory/392-1966-0x00007FF915B90000-0x00007FF916651000-memory.dmp

Filesize
10.8MB

Download
memory/392-1913-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/392-1914-0x0000024EFA300000-0x0000024EFA308000-memory.dmp

Filesize
32KB

Download
memory/392-1908-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/392-1912-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/392-1910-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/392-1911-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/392-1915-0x0000024EFEF40000-0x0000024EFEF78000-memory.dmp

Filesize
224KB

Download
memory/392-1893-0x0000024EF9FF0000-0x0000024EFA0AA000-memory.dmp

Filesize
744KB

Download
memory/392-1892-0x00007FF915B90000-0x00007FF916651000-memory.dmp

Filesize
10.8MB

Download
memory/392-1891-0x0000024EFA340000-0x0000024EFA87C000-memory.dmp

Filesize
5.2MB

Download
memory/392-1889-0x0000024EDF800000-0x0000024EDF81A000-memory.dmp

Filesize
104KB

Download
memory/392-1887-0x00007FF915B93000-0x00007FF915B95000-memory.dmp

Filesize
8KB

Download
memory/392-2829-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/392-2340-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/4908-5-0x0000000005B40000-0x0000000005B52000-memory.dmp

Filesize
72KB

Download
memory/4908-3-0x0000000074440000-0x0000000074BF0000-memory.dmp

Filesize
7.7MB

Download
memory/4908-0-0x000000007444E000-0x000000007444F000-memory.dmp

Filesize
4KB

Download
memory/4908-2-0x0000000005040000-0x000000000504A000-memory.dmp

Filesize
40KB

Download
memory/4908-1888-0x0000000074440000-0x0000000074BF0000-memory.dmp

Filesize
7.7MB

Download
memory/4908-1-0x0000000000770000-0x000000000077A000-memory.dmp

Filesize
40KB

Download