Analysis
-
max time kernel
300s -
max time network
300s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
23-05-2024 13:09
General
-
Target
SolaraBootstraper.exe
-
Size
290KB
-
MD5
288a089f6b8fe4c0983259c6daf093eb
-
SHA1
8eafbc8e6264167bc73c159bea34b1cfdb30d34f
-
SHA256
3536c40290b9e7e9c3c47a96ab10fe3b737f334dd6779eaf70e35e91e10a677b
-
SHA512
c04bf3530cd471d589efb8f7e6bdddb39422fc4284afc7f2d3645a646ebbee170d57dc57eff30cee05ef091c64c6a98586c5a887d25fe53e49531c137d285448
-
SSDEEP
6144:4XWloZM+rIkd8g+EtXHkv/iD4H/pduMzvExlwOffujfb8e1mYoiCYvZZ:JoZtL+EP8H/pduMzvExlwOffuvZR9xZ
Malware Config
Signatures
-
Detect Umbral payload 3 IoCs
-
Umbral
Umbral stealer is an opensource moduler stealer written in C#.
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory 1 IoCs
-
Modifies Windows Firewall 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 2 IoCs
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 5 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer 9 IoCs
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Detects videocard installed 1 TTPs 1 IoCs
Uses WMIC.exe to determine videocard installed.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SolaraBootstraper.exe"C:\Users\Admin\AppData\Local\Temp\SolaraBootstraper.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Users\Admin\AppData\Local\Temp\Umbral.exe"C:\Users\Admin\AppData\Local\Temp\Umbral.exe"2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\wmic.exe"wmic.exe" csproduct get uuid3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\attrib.exe"attrib.exe" +h +s "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"3⤵
- Views/modifies file attributes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Umbral.exe'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 23⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\Wbem\wmic.exe"wmic.exe" os get Caption3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\Wbem\wmic.exe"wmic.exe" computersystem get totalphysicalmemory3⤵
-
C:\Windows\System32\Wbem\wmic.exe"wmic.exe" csproduct get uuid3⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER3⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\Wbem\wmic.exe"wmic" path win32_VideoController get name3⤵
- Detects videocard installed
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\AppData\Local\Temp\Umbral.exe" && pause3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\PING.EXEping localhost4⤵
- Runs ping.exe
-
C:\Users\Admin\AppData\Local\Temp\!FIXInj.exe"C:\Users\Admin\AppData\Local\Temp\!FIXInj.exe"2⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\!FIXInj.exe" "!FIXInj.exe" ENABLE3⤵
- Modifies Windows Firewall
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff9a1e9ab58,0x7ff9a1e9ab68,0x7ff9a1e9ab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1868,i,370490448875541802,16576202580924166284,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1868,i,370490448875541802,16576202580924166284,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1868,i,370490448875541802,16576202580924166284,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1868,i,370490448875541802,16576202580924166284,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1868,i,370490448875541802,16576202580924166284,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=1868,i,370490448875541802,16576202580924166284,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1868,i,370490448875541802,16576202580924166284,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1868,i,370490448875541802,16576202580924166284,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1868,i,370490448875541802,16576202580924166284,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1868,i,370490448875541802,16576202580924166284,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1868,i,370490448875541802,16576202580924166284,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1868,i,370490448875541802,16576202580924166284,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1868,i,370490448875541802,16576202580924166284,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 --field-trial-handle=1868,i,370490448875541802,16576202580924166284,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1868,i,370490448875541802,16576202580924166284,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4008 --field-trial-handle=1868,i,370490448875541802,16576202580924166284,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\System32\mousocoreworker.exeC:\Windows\System32\mousocoreworker.exe -Embedding1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=XcHvYYrNa.exe WpfApp1"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff999a246f8,0x7ff999a24708,0x7ff999a247182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,9368164084266803521,4279356259822865880,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2272,9368164084266803521,4279356259822865880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2272,9368164084266803521,4279356259822865880,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2488 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,9368164084266803521,4279356259822865880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,9368164084266803521,4279356259822865880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,9368164084266803521,4279356259822865880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2272,9368164084266803521,4279356259822865880,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4928 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2272,9368164084266803521,4279356259822865880,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4224 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,9368164084266803521,4279356259822865880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,9368164084266803521,4279356259822865880,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,9368164084266803521,4279356259822865880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,9368164084266803521,4279356259822865880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,9368164084266803521,4279356259822865880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,9368164084266803521,4279356259822865880,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,9368164084266803521,4279356259822865880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,9368164084266803521,4279356259822865880,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Virtualization/Sandbox Evasion
1Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Hide Artifacts
1Hidden Files and Directories
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD59eff7728c1331f4e96d7ee5c205c1235
SHA1d52ceee6b849c385e671efd62c91a993d15392cc
SHA2560de06dcc0b5cc18cba2562bb9063f5fade38e8dc8b8057a8ccc12b36efe120aa
SHA512cd89da6943291dae67180f39f159621e571457d5078de46531765e53e7497903da5bb1405b70406c27f405af367e9efe137518392bb73ab28daf7456d5a17540
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
356B
MD54326566c67d1d6b15370ad95d1403bc5
SHA1768267b267a19776e2228798ca59d8ebd0bf0039
SHA25643c96d5821a3035857a3cedb00f5f79f5846fd89e7b5c85e3157e1e873b70c5a
SHA512bc85f402f6165493a212a4a2cdf90a9e816761993c4a17a7275025e1143e092b94865c015193a79038db6c8520f3558f228ea2ada2ea9eac65ad7a1fd8af2ca3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f70aaab1-ae91-415d-a77a-1ec1249b0339.tmpFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5f339efb71029b3118c9cce6f47ea5dc7
SHA10d09aeab7898c68b2559a5689b4d640fd2937372
SHA256de5802c56e549b0f08f98f2c9b3b4b63755ab2575de874788e4121fbd3f2da7d
SHA5120742ff454230f9b80df7c05d90ebf704e02f464e1fd1b171f9eb3d0fc293695834cb54802ffa6858b6a4e236bae401cd41eb7010d9b23221067525da0cad9c41
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5d77a10226dcae903dde3457c24d60dfc
SHA1c110c67433eec54b478f0315967faa8fe0e0e2cb
SHA256c7f261ca3d34e7167465786ff7241ca1c8cf2ca9fd13dcec6275b24ed6b9b555
SHA512931ac59219199449be784c45451ec4b0dc7e79eb35d6a70790c301d344d0d0051a96f8ee825ee533ca781c2c2bdebeeb51aa5869e60f5fd66d819aa775cf9e9f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
16KB
MD565bf09beca5ffa1a29479330b1a83a3d
SHA111508bee6d1f59b3deb6ebecaba186618f0357cd
SHA256e7c904f131b162bfbfc716da7622fc2af3628b49cf1b8429c0012fd353f72a99
SHA5125ef5897aa93317044a89fbbaea8a78f2776972afc627bd453ae8a662a12936d3c780f78cf3724725f91fe9035407f192f3a1a885d4004499f8f38beef7d5e7fb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
262KB
MD517a67e08cbe851cab1f102a0c571b6d4
SHA10060bbf50fabdeef5fb40879a5530979f1d0b8e4
SHA2560d4c4ecd734e990ae530bb8f7c4bd42e12aeca9d3df7c4ce72c20f4b2d0e8656
SHA512e9a9d01a750946faa1ab9706bef981684468fd4332d2080d12760206102d2b485f8204d8b01fb54d0422b6ad7dad883517e04f156967d698af43f9eb49471f77
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
257KB
MD561f078ac0316863dd42b6da96c3c7e87
SHA17986808fc778c583c0a65050b165c5cbe076a5ff
SHA256d8509f97135427cac594230c68da4ee1fbd2183aff8fbf6f98e8f78ec724b8ac
SHA5124cb8647a43c54a755f9cffefafa8c3638612154587bbce3fd939f5a6f5c2a1988037d961b84c2af9d9ab4f0ce07bb7cbee00cd956d712fe58c4b33a9acf88971
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
262KB
MD5827da791cfb936a3cbbc41d648cecd7f
SHA1cce99afd7a630d778a39a3c5c21eb8cd0f13524b
SHA25678b65b5b17a94429c1abb9b7c8b6d0083cefe80d1e6a3020566e91e15444df60
SHA51296aa3484d146a6c28ca6d9e4f978951a92a03d4749ffc234879fc1d2652326249392a8a1895f56c393ca40cb12f4ac222126989413dfa19e678c98da40028dc1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
91KB
MD5bff73ed189dbcec38b8d39f648511b5e
SHA140525a59750198ecf94bbcf5fd9c1fcba0039096
SHA2566d49893473f5ad12921b58eb0a1d9e061bacdc5e1b5f0784e77765fb2da5582d
SHA5127938936543a04a7eecdb079083bedcd7b02c0f04e886d166f88294a76d80616519133fda46f8e219f7f4ad34d7b7043b7c1daad0ef2e9bc794f4a6be8ee21bef
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57fa1f.TMPFilesize
88KB
MD553851d770de9fa10403681c652dd031f
SHA17d9cbb62b55139e14300830ce118249a90a58996
SHA2568155f7d4282c47e1687b06a8fa40d9d96ed54366f96ec3d07bf9dcdaf004681c
SHA5121f0d5341ccd9bfbc640612f94dcd22fa08d142a9d32f0dc42d19dde96f38782774b066bcfd3797384f63f2c3ec39950eebb0fa075b1eb7694524813d79c7df9b
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.logFilesize
2KB
MD5d85ba6ff808d9e5444a4b369f5bc2730
SHA131aa9d96590fff6981b315e0b391b575e4c0804a
SHA25684739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA5128c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD59abf568dd000de9fcccdfc8533501115
SHA1e6ecbbcb6b39c2059f38f6729249c9cd89c4762a
SHA2562b472b7d407e2550b5b4e4da9b9488e4017b9838b54e6cf6811976cd3dadb8e0
SHA5124d04a4de37a82523cfa8a069401a9563b4d72cc7ddd5b9cfe5695a0771d85066ded7ec4bf8ffdf0fa3921a2e8190ac9d3f6c7bc488f0831d3fe016f97dc48c70
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
987B
MD515a26610ad32c9bcd55575935f9749b2
SHA15455c2eb9c98440c7cb2ccb6bc7e23e436ef8ddc
SHA256919357c7899d4150cfe49561be31e53ce1bdac910c89b83f4d52fc2727709fe6
SHA512d8f22996992c6771e20e2bd75a24d43905ed04b5731c63f08565f9b176049df306fe5874a047fba6de66f214ba23e7ad86c29084f871cdcff7873ac92176437d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5d9ec8f6cf6c88a3bed1afe34832167e1
SHA1fd12a68bd34ce75b1356d9fde9846a9d0a0d25ea
SHA256e9978bcfa2b1a990ae35683628fea517fd3296409e7de003d8e4b1a52226331e
SHA512852ce07524a491f58843daef057f82d6d24195cacd0396e88eb6cdd0651990a44eb293e428ba81e936101ba1242c12b068c3e9431950351f0ed4c9796f26a8c9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f89e7d8c99df86a3dddfe46abc26a6fe
SHA14088eb13771cc25d1af9bd2b7f3c437ba2424c8e
SHA25627e70dbe683ecad19aee9d5e6320eabd177316da366802be3dd9e4e8b53d126c
SHA512c52990842fb0f5aaf2f62d57665731f410bc034d8af6bc4f2d73de70a7965017b314e47c1b67a6c30db970c8655dcb60f9f8755d97f1899e1f81260c1e9c85a7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5e6fad3893d31406f3fe2d536c06ba481
SHA17d7f2c3a29750a2fb627dbb7e128b0397e8c8e87
SHA256a23d31e09dffbe95121172505457cbcdcde88c023afe6b37e9687266be2fecd5
SHA51228557bdba396f23396d6d8faf2c44777b36c7fa77d5bee83b61c38ea324a676247f611f12c2b76a8e96967ebd73912c7ce78c92ea4aa65be0602a1435e7aedec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5ee4486531924ec062cf78568115650e5
SHA197d9a41d22484e150489c6e0bd0476f248a611d4
SHA256cde068d5046b836ba2202e246b9f1696b6d3ee2376cd885a14ea3fa277ba3bb5
SHA51283f62c0e1a9a335a0b5dc0957a554b8b5b8229d1d8e02243e5fc94c823c3cc00bb46852570a5a96592f3aa274b3465484f6ee7b50cd8b8158928877fbdd44c6b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD563b7f119463fe8c8a9f2eaff28d23b82
SHA111dedc7de7567969e307aac4653e452ae2a12b95
SHA256a0e42626f2a8f061958339e343f60729fdbb48fa48c1f21a57725050efb1b8b2
SHA512512b9437b7309b3cd879ad5cd8a103f6fd184e0b832fffd8d9b4becf80d83f59c5d045c13ce5b992bba9fd1db4e4740e8c7144e304e46ca0558216197f981b1e
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
1KB
MD5548dd08570d121a65e82abb7171cae1c
SHA11a1b5084b3a78f3acd0d811cc79dbcac121217ab
SHA256cdf17b8532ebcebac3cfe23954a30aa32edd268d040da79c82687e4ccb044adc
SHA51237b98b09178b51eec9599af90d027d2f1028202efc1633047e16e41f1a95610984af5620baac07db085ccfcb96942aafffad17aa1f44f63233e83869dc9f697b
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
1KB
MD569c0d78ebf4b55c1485bd194ad95ecb2
SHA113ab64e9380bcd4f87ca88ce1553d5734cbe41b1
SHA2564a42052c732550d45df72a6bb90e10f603f44e45a3c621c0da225f838a758865
SHA51272991c8b0e649a745473f5286d8138b843ee8957d7711904caa6f91e8e0cc3964968df042ed0ce78960949e1c1b1924da5859b0550a34979150093b36bb43e85
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
944B
MD56d42b6da621e8df5674e26b799c8e2aa
SHA1ab3ce1327ea1eeedb987ec823d5e0cb146bafa48
SHA2565ab6a1726f425c6d0158f55eb8d81754ddedd51e651aa0a899a29b7a58619c4c
SHA51253faffbda8a835bc1143e894c118c15901a5fd09cfc2224dd2f754c06dc794897315049a579b9a8382d4564f071576045aaaf824019b7139d939152dca38ce29
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
948B
MD574a6b79d36b4aae8b027a218bc6e1af7
SHA10350e46c1df6934903c4820a00b0bc4721779e5f
SHA25660c64f6803d7ad1408d0a8628100470859b16ef332d5f1bd8bb2debe51251d04
SHA51260e71435a9a23f4c144d641844f4182ddc9aa4ccd3e99232149a187112dce96458aab9587e9fea46f5dc5a52f5ca758969a04657a2b5b10241d3e4554f7c85e0
-
C:\Users\Admin\AppData\Local\Temp\!FIXInj.exeFilesize
37KB
MD5ad8378c96a922dcfe813935d1eec9ae4
SHA10e7ee31880298190258f5282f6cc2797fccdc134
SHA2569a7b8171f8c6bd4bb61b7d8baf7dab921983ab7767705c3f1e1265704599ab98
SHA512d38a7581ef5c3dcc8752fc2465ad698605bbd38bf380201623265e5ef121510d3f34116438727e60b3832e867e2ed4fd52081d58690690ff98b28cde80f6af5f
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dllFilesize
488KB
MD5851fee9a41856b588847cf8272645f58
SHA1ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA2565e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dllFilesize
43KB
MD534ec990ed346ec6a4f14841b12280c20
SHA16587164274a1ae7f47bdb9d71d066b83241576f0
SHA2561e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
SHA512b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrcFilesize
139B
MD5d0104f79f0b4f03bbcd3b287fa04cf8c
SHA154f9d7adf8943cb07f821435bb269eb4ba40ccc2
SHA256997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a
SHA512daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrcFilesize
43B
MD5c28b0fe9be6e306cc2ad30fe00e3db10
SHA1af79c81bd61c9a937fca18425dd84cdf8317c8b9
SHA2560694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641
SHA512e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrcFilesize
216B
MD5c2ab942102236f987048d0d84d73d960
SHA195462172699187ac02eaec6074024b26e6d71cff
SHA256948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a
SHA512e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSEFilesize
1KB
MD513babc4f212ce635d68da544339c962b
SHA14881ad2ec8eb2470a7049421047c6d076f48f1de
SHA256bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400
SHA51240e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\VCRUNTIME140.dllFilesize
99KB
MD57a2b8cfcd543f6e4ebca43162b67d610
SHA1c1c45a326249bf0ccd2be2fbd412f1a62fb67024
SHA2567d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f
SHA512e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dllFilesize
133KB
MD5a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1dd109ac34beb8289030e4ec0a026297b793f64a3
SHA25679d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA5122a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dllFilesize
5.2MB
MD5aead90ab96e2853f59be27c4ec1e4853
SHA143cdedde26488d3209e17efff9a51e1f944eb35f
SHA25646cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.dllFilesize
4.2MB
MD5114498719219c2427758b1ad9a11a991
SHA1742896c8ec63ddbf15bab5c1011eff512b9af722
SHA256913059869dca00dfa49bcf2691b384eb9804739d9148e3671cf1d6b89c828c42
SHA5124f36ea0c5e8af8087ecf92fa49e157dcc94a1cc68563fc97b3fe026b92c0abdbe640bf347c24a666f59b60380367f85daab1a15e2c4902921e63e1b741c01452
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exeFilesize
85KB
MD55e1bc1ad542dc2295d546d25142d9629
SHA1dd697d1faceee724b5b6ae746116e228fe202d98
SHA2569cc1a5b9fd49158f5cca4b28475a518cb60330e0cad98539d2a56d9930bdf9f9
SHA512dc9dbecec37e47dd756cd00517f1bfe5b27832bd43c77f365defc649922cb7967eb7e5de76d79478b6ebfd99a1cc2e7e6b5119a05a42fd51a1c091b6f00f2456
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Extension State\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\indexFilesize
24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_0Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_1Filesize
264KB
MD517bd7672040db656308d76d6e66a3095
SHA18ed1945d141244a8807a94d78f9150f4a311a31f
SHA25673c89191d5808f65ddf660bff7827dd0aaa68747418749c5f2835bb824a0e665
SHA512c3c8fdb9212f7187715454a64f4888f8cbe4805b8d0f754875fc11d623df27976c62eb58c64f35399d6e63d3094262ab9169c0255653d177feced62d8d6aa0b0
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_2Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_3Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dllFilesize
522KB
MD5e31f5136d91bad0fcbce053aac798a30
SHA1ee785d2546aec4803bcae08cdebfd5d168c42337
SHA256ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
SHA512a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dllFilesize
113KB
MD575365924730b0b2c1a6ee9028ef07685
SHA1a10687c37deb2ce5422140b541a64ac15534250f
SHA256945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b
SHA512c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1
-
C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exeFilesize
12KB
MD506f13f50c4580846567a644eb03a11f2
SHA139ee712b6dfc5a29a9c641d92c7467a2c4445984
SHA2560636e8f9816b17d7cff26ef5d280ce1c1aae992cda8165c6f4574029258a08a9
SHA512f5166a295bb0960e59c176eefa89c341563fdf0eec23a45576e0ee5bf7e8271cc35eb9dd56b11d9c0bbe789f2eac112643108c46be3341fa332cfcf39b4a90b9
-
C:\Users\Admin\AppData\Local\Temp\Umbral.exeFilesize
230KB
MD59694195bfd2d5a2d219c548d8dc65cf0
SHA1d1113d97bb1114025e9260e898f3a3048a5a6fda
SHA256c58b3fa42e404b4a095ee2959a7975b392d7d6b6af6e4d11c1431e3a430dfb6e
SHA51224bb0f6432b221fe621d81a1c730bd473e9c295aa66a2b50cbe670ad2260f942a915f7f9aef65e6dc28320b8208fc712d9bfdc43dbc1a607ed9393bb5c17051a
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_e3hpdzix.mfe.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Windows\system32\drivers\etc\hostsFilesize
2KB
MD54028457913f9d08b06137643fe3e01bc
SHA1a5cb3f12beaea8194a2d3d83a62bdb8d558f5f14
SHA256289d433902418aaf62e7b96b215ece04fcbcef2457daf90f46837a4d5090da58
SHA512c8e1eef90618341bbde885fd126ece2b1911ca99d20d82f62985869ba457553b4c2bf1e841fd06dacbf27275b3b0940e5a794e1b1db0fd56440a96592362c28b
-
\??\pipe\crashpad_1860_ZSWFKOATNKFJWQORMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/216-32-0x0000000000400000-0x0000000000450000-memory.dmpFilesize
320KB
-
memory/2464-37-0x000000007309E000-0x000000007309F000-memory.dmpFilesize
4KB
-
memory/2464-38-0x0000000000B00000-0x0000000000B0A000-memory.dmpFilesize
40KB
-
memory/2464-39-0x0000000005290000-0x000000000529A000-memory.dmpFilesize
40KB
-
memory/2464-109-0x0000000005D80000-0x0000000005D92000-memory.dmpFilesize
72KB
-
memory/3420-2110-0x0000000073842000-0x0000000073843000-memory.dmpFilesize
4KB
-
memory/3420-36-0x0000000073842000-0x0000000073844000-memory.dmpFilesize
8KB
-
memory/3420-35-0x0000000000F90000-0x0000000000FA0000-memory.dmpFilesize
64KB
-
memory/3420-33-0x0000000073842000-0x0000000073843000-memory.dmpFilesize
4KB
-
memory/3420-2112-0x0000000073842000-0x0000000073844000-memory.dmpFilesize
8KB
-
memory/3420-2111-0x0000000000F90000-0x0000000000FA0000-memory.dmpFilesize
64KB
-
memory/3848-40-0x000001FBD2B20000-0x000001FBD2B42000-memory.dmpFilesize
136KB
-
memory/4608-66-0x000001DD2C4E0000-0x000001DD2C556000-memory.dmpFilesize
472KB
-
memory/4608-105-0x000001DD44D70000-0x000001DD44D82000-memory.dmpFilesize
72KB
-
memory/4608-28-0x00007FF9A8013000-0x00007FF9A8015000-memory.dmpFilesize
8KB
-
memory/4608-26-0x000001DD2A670000-0x000001DD2A6B0000-memory.dmpFilesize
256KB
-
memory/4608-34-0x000001DD44E00000-0x000001DD44E10000-memory.dmpFilesize
64KB
-
memory/4608-67-0x000001DD2C330000-0x000001DD2C380000-memory.dmpFilesize
320KB
-
memory/4608-68-0x000001DD2C2E0000-0x000001DD2C2FE000-memory.dmpFilesize
120KB
-
memory/4608-104-0x000001DD2C380000-0x000001DD2C38A000-memory.dmpFilesize
40KB
-
memory/4672-2400-0x000001CEBD810000-0x000001CEBD848000-memory.dmpFilesize
224KB
-
memory/4672-2391-0x0000000180000000-0x0000000180ACA000-memory.dmpFilesize
10.8MB
-
memory/4672-2003-0x000001CE9E470000-0x000001CE9E48A000-memory.dmpFilesize
104KB
-
memory/4672-2468-0x0000000180000000-0x0000000180ACA000-memory.dmpFilesize
10.8MB
-
memory/4672-2445-0x0000000180000000-0x0000000180ACA000-memory.dmpFilesize
10.8MB
-
memory/4672-2443-0x0000000180000000-0x0000000180ACA000-memory.dmpFilesize
10.8MB
-
memory/4672-2413-0x0000000180000000-0x0000000180ACA000-memory.dmpFilesize
10.8MB
-
memory/4672-2006-0x000001CEB8F30000-0x000001CEB946C000-memory.dmpFilesize
5.2MB
-
memory/4672-2414-0x00007FF9A4C10000-0x00007FF9A4C34000-memory.dmpFilesize
144KB
-
memory/4672-2015-0x000001CE9E880000-0x000001CE9E88E000-memory.dmpFilesize
56KB
-
memory/4672-2011-0x000001CEB8BE0000-0x000001CEB8C9A000-memory.dmpFilesize
744KB
-
memory/4672-2390-0x0000000180000000-0x0000000180ACA000-memory.dmpFilesize
10.8MB
-
memory/4672-2392-0x0000000180000000-0x0000000180ACA000-memory.dmpFilesize
10.8MB
-
memory/4672-2401-0x000001CEBD7E0000-0x000001CEBD7EE000-memory.dmpFilesize
56KB
-
memory/4672-2393-0x0000000180000000-0x0000000180ACA000-memory.dmpFilesize
10.8MB
-
memory/4672-2013-0x000001CEB8CA0000-0x000001CEB8D1E000-memory.dmpFilesize
504KB
-
memory/4672-2399-0x000001CEB97D0000-0x000001CEB97D8000-memory.dmpFilesize
32KB
-
memory/5920-2109-0x00000155BE460000-0x00000155BE461000-memory.dmpFilesize
4KB
-
memory/5920-2105-0x00000155BE460000-0x00000155BE461000-memory.dmpFilesize
4KB
-
memory/5920-2097-0x00000155BE460000-0x00000155BE461000-memory.dmpFilesize
4KB
-
memory/5920-2099-0x00000155BE460000-0x00000155BE461000-memory.dmpFilesize
4KB
-
memory/5920-2098-0x00000155BE460000-0x00000155BE461000-memory.dmpFilesize
4KB
-
memory/5920-2104-0x00000155BE460000-0x00000155BE461000-memory.dmpFilesize
4KB
-
memory/5920-2103-0x00000155BE460000-0x00000155BE461000-memory.dmpFilesize
4KB
-
memory/5920-2107-0x00000155BE460000-0x00000155BE461000-memory.dmpFilesize
4KB
-
memory/5920-2106-0x00000155BE460000-0x00000155BE461000-memory.dmpFilesize
4KB
-
memory/5920-2108-0x00000155BE460000-0x00000155BE461000-memory.dmpFilesize
4KB