0636e8f9816b17d7cff26ef5d280ce1c1aae992cda8165c6f4574029258a08a9

Analysis

max time kernel
1050s
max time network
989s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SolaraBootstrapper.exe
Size

12KB
MD5

06f13f50c4580846567a644eb03a11f2
SHA1

39ee712b6dfc5a29a9c641d92c7467a2c4445984
SHA256

0636e8f9816b17d7cff26ef5d280ce1c1aae992cda8165c6f4574029258a08a9
SHA512

f5166a295bb0960e59c176eefa89c341563fdf0eec23a45576e0ee5bf7e8271cc35eb9dd56b11d9c0bbe789f2eac112643108c46be3341fa332cfcf39b4a90b9
SSDEEP

192:cDnQvi7auc35nuKdhAWVIanaLvmr/XKTxnTc1BREVXLGDlNjA:cDn97auc35tAKIanayzKto1jEVQzj

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

XcHvYYrNa.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ XcHvYYrNa.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	XcHvYYrNa.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

XcHvYYrNa.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	XcHvYYrNa.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	XcHvYYrNa.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

SolaraBootstrapper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	SolaraBootstrapper.exe

Executes dropped EXE 1 IoCs

Processes:

XcHvYYrNa.exe

pid process

5088 XcHvYYrNa.exe
Loads dropped DLL 5 IoCs

Processes:

XcHvYYrNa.exe

pid process

5088 XcHvYYrNa.exe
5088 XcHvYYrNa.exe
5088 XcHvYYrNa.exe
5088 XcHvYYrNa.exe
5088 XcHvYYrNa.exe

pid	process
5088	XcHvYYrNa.exe

pid	process
5088	XcHvYYrNa.exe
5088	XcHvYYrNa.exe
5088	XcHvYYrNa.exe
5088	XcHvYYrNa.exe
5088	XcHvYYrNa.exe

Themida packer 8 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.dll	themida
behavioral1/memory/5088-1908-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/5088-1911-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/5088-1910-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/5088-1909-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/5088-1915-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/5088-1918-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/5088-1922-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

XcHvYYrNa.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA XcHvYYrNa.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

7 raw.githubusercontent.com
8 raw.githubusercontent.com
43 raw.githubusercontent.com
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

XcHvYYrNa.exe

pid process

5088 XcHvYYrNa.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	XcHvYYrNa.exe

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com
43	raw.githubusercontent.com

pid	process
5088	XcHvYYrNa.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609689186700574"	chrome.exe

Modifies registry class 64 IoCs

Processes:

chrome.exeXcHvYYrNa.exetaskmgr.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5000310000000000a8588e66100041646d696e003c0009000400efbea8582d61b758a5a12e0000006ee10100000001000000000000000000000000000000cca9c700410064006d0069006e00000014000000	XcHvYYrNa.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0	XcHvYYrNa.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	XcHvYYrNa.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	XcHvYYrNa.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	XcHvYYrNa.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	XcHvYYrNa.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	XcHvYYrNa.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	XcHvYYrNa.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	XcHvYYrNa.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	XcHvYYrNa.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7800310000000000a8582d611100557365727300640009000400efbe874f7748b758a5a12e000000c70500000000010000000000000000003a00000000001b3d6b0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	XcHvYYrNa.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	XcHvYYrNa.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 5000310000000000a8586e6310004c6f63616c003c0009000400efbea8582d61b758a5a12e0000008ce10100000001000000000000000000000000000000c734e2004c006f00630061006c00000014000000	XcHvYYrNa.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	XcHvYYrNa.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	XcHvYYrNa.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 4e00310000000000b758a7a1100054656d7000003a0009000400efbea8582d61b758a8a12e0000008de101000000010000000000000000000000000000004df22700540065006d007000000014000000	XcHvYYrNa.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000e521909140a1da0134a4319446a1da012c823a044eadda0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	XcHvYYrNa.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	XcHvYYrNa.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	XcHvYYrNa.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	XcHvYYrNa.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	XcHvYYrNa.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	XcHvYYrNa.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	XcHvYYrNa.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	XcHvYYrNa.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	XcHvYYrNa.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	XcHvYYrNa.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	XcHvYYrNa.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	XcHvYYrNa.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 5600310000000000b758a5a110007363726970747300400009000400efbeb758a5a1b758a5a12e0000003c3402000000070000000000000000000000000000001e67e4007300630072006900700074007300000016000000	XcHvYYrNa.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	taskmgr.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\MRUListEx = ffffffff	XcHvYYrNa.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 5600310000000000a8582d6112004170704461746100400009000400efbea8582d61b758a5a12e00000079e10100000001000000000000000000000000000000f2515f004100700070004400610074006100000016000000	XcHvYYrNa.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

taskmgr.exe

pid	process
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

XcHvYYrNa.exetaskmgr.exechrome.exe

pid process

5088 XcHvYYrNa.exe
1896 taskmgr.exe
60 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

4172 chrome.exe
4172 chrome.exe
4172 chrome.exe
4172 chrome.exe
4172 chrome.exe
4172 chrome.exe

pid	process
5088	XcHvYYrNa.exe
1896	taskmgr.exe
60	chrome.exe

pid	process
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

SolaraBootstrapper.exetaskmgr.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2664	SolaraBootstrapper.exe
Token: SeDebugPrivilege	1896	taskmgr.exe
Token: SeSystemProfilePrivilege	1896	taskmgr.exe
Token: SeCreateGlobalPrivilege	1896	taskmgr.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

taskmgr.exe

pid	process
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exe

pid	process
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe
1896	taskmgr.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

XcHvYYrNa.exechrome.exe

pid process

5088 XcHvYYrNa.exe
60 chrome.exe
60 chrome.exe
60 chrome.exe
60 chrome.exe
60 chrome.exe
60 chrome.exe
60 chrome.exe
60 chrome.exe
60 chrome.exe

pid	process
5088	XcHvYYrNa.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SolaraBootstrapper.exechrome.exe

description	pid	process	target process
PID 2664 wrote to memory of 5088	2664	SolaraBootstrapper.exe	XcHvYYrNa.exe
PID 2664 wrote to memory of 5088	2664	SolaraBootstrapper.exe	XcHvYYrNa.exe
PID 4172 wrote to memory of 4336	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 4336	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 700	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 3164	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 3164	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe
PID 4172 wrote to memory of 1600	4172	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2664

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe"
2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5088

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1896

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1656

C:\Windows\System32\cwwwvr.exe
"C:\Windows\System32\cwwwvr.exe"
1⤵
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb52bbab58,0x7ffb52bbab68,0x7ffb52bbab78
2⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:2
2⤵
PID:700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:8
2⤵
PID:3164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2284 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:8
2⤵
PID:1600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:1
2⤵
PID:1528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:1
2⤵
PID:4168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4380 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:1
2⤵
PID:2676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:8
2⤵
PID:1876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:8
2⤵
PID:4296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4344 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:8
2⤵
PID:4396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4932 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:8
2⤵
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:8
2⤵
PID:4728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:8
2⤵
PID:1548

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:2412

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7f676ae48,0x7ff7f676ae58,0x7ff7f676ae68
3⤵
PID:2888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:8
2⤵
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4896 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:1
2⤵
PID:4764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4304 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:1
2⤵
PID:3412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3396 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:1
2⤵
PID:4260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:8
2⤵
PID:4952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:8
2⤵
PID:1048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:8
2⤵
PID:4572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:8
2⤵
PID:3332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:60

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:8
2⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1808,i,1571577943320817823,5063916232879390900,131072 /prefetch:2
2⤵
PID:4148

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4324

C:\Windows\System32\cwwwvr.exe
"C:\Windows\System32\cwwwvr.exe" C:\Windows\System32\CustomShellHost.exe
1⤵
PID:3820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240523201519.pma
Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0b323c8f-e469-400b-a69b-5144222056fe.tmp
Filesize
16KB

MD5
e7162c59f5e53136b68315fade788f88

SHA1
2e19753f3886130bfc7b4b1410862016105c53fc

SHA256
5f48b0c5906c48a7dec2bb5271c4492a9015586ab45fdf3260b1313e9371773a

SHA512
9a8e97e0b855eb2cd790d23c73ff6c9534caaac66d060b9dd873d7b8a12267b3cbe8ebafa7c32242ea1cd77ff2bec859326d1f513a9398f16b5ef6b2ce7d4c4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
768B

MD5
20f3ec1e5341016587927afed421eb8f

SHA1
61f0a319e155babde08716c310ecabe843936eec

SHA256
1777bc5c8ea7f1a238d6a029f5b9afa84c47ee39309c0f744a2dec4098c18c46

SHA512
0addf1d16a976ce793e7765a1e1ff3b666ed117e1f9b748adc315fca728748f5439fc74f87cf1fe30aef88e8a7408baa8a2d44c999fdac9b9846be744e72e4a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
78ee700a02d0b073286b3451afcf2d77

SHA1
ee252a5e3abaa159ec16d9c72f9313f7bb898b82

SHA256
d3613084d34016a373f74e945892a8cf22d39f169f85dc9e2dd820ac057a3479

SHA512
7036cfc5c766c3f8cc70ed399f2e9acea9321851769fcb7394e5c4b23fef714625be4d98020829a85df404c8d8b15b979ada001f44877f0ab6531e2ef144e80d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
f5ccbf74ecf0f0c62a6b45b8e29a14d9

SHA1
170bc18a9ca17bb65830af3c01fc8507485a98a0

SHA256
a6e113f7882ab4af49cbbc880a9ba49c1ecd64eddca0b49750cbdefae3d27a31

SHA512
08eb18c204179c14f734471a5f55108b671754d5df687e826778ad174be478f28c9fb44bdd5a6acb4d49f5b99722c7c4c57cf6305b49927ca91faf2a3166471e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
5dc7af4cd80df18a21d93fc8e982b5a3

SHA1
2b09d71103fb88928eca49393208fc6c62c0cdf8

SHA256
4a2c051ea87b6028cf8e7bb6cad91146e5c373638de544f792a193263187147a

SHA512
eac66d049f05a6d06bc5af1bcbe4fdb4bedaa25e022aafa331a9903deff2adf6d13935f0ed6724825bbc7c2158a8cce6fc5ffd8656742684e7cddececd590fef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
9ab28644aaece1348151f78f33ebde23

SHA1
ef5cacc9090850e848ea2d8f24eb835d6775e0f4

SHA256
97a27e89a3cffdd8edde865ace756ffdc63f32a8a8608ed15ab7e41c253f908b

SHA512
8d3a6f3a2307d5afe295973730788cf05f2a0c6fc733dc778fa6fabf1d6661eca4bce30653fcbd0b31f6f19a3b28c6e58d7762c8a1abf58b80a880ab08c60e43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
58ad5ce0a205d496df39c38a47b32b6e

SHA1
5b4855507e1f3ea0ebc8c01b7b1e26fe1b8009ea

SHA256
050b73ddce73b00ae6824f2fe063b57005789759c8aa071d68cf0d67955fb972

SHA512
6070a3bd099a22309d793ad7bd982c94352516d779fdcfdd19eaee836b305e78f2e5dac29c38117e5e091eb7c7d21c1815781b83dc96b6da1f150544f6f14104

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
6fe339b60a7cba98867b9641b2e5a84c

SHA1
378dbac6cba4c424840e60efc8d32c92d0a06b23

SHA256
b86d364fe789771344b0791ac8ea2a199c7b80b5cbe8622dc67b3c766ac7cdff

SHA512
c134d073805fa1455b265820bd35aebac3c1354b5d084f7bb9005e4d8df6f9c13fd86cc5416a3ef59c30b1518d9087c242b2c74f57c0f6b8eabe44e76613b764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
858B

MD5
8a381c1ebc245207f28bf64bd6f96edb

SHA1
7ce9ddd5b48728ae35e32f9c384090ecc49f7c9a

SHA256
c36083949a8fd63c1ab9d3d159574f7bcbef8745c4c433dcb2c876c3cecadba7

SHA512
ad92f18911bb3d83809a874ebb4cd45a0c1603f7b5087d3bc8de494a216f5e8506294514a7c93025f43405d7516071e4a275298f6253ae95fd900bc227a227b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\fd70890d-10d0-46c6-a768-a8325b5124fd.tmp
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
16c54d4c99bbf0b05089e537182eaf8d

SHA1
d2220c740d5a38fcd84fe15f985aecf046fa2433

SHA256
76f541052cf296bcc1f05296e85bd7ca2374595d4d2fe9ab6169092cebc80d21

SHA512
7541a7d49b024c96052ad5c79a072edec13651c78e01726da9fb203266409d2ebeeaaea3539c57029b22b059288ba852d3120981b57dd6dec0364acf1700ba06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
fcab904f565365976d9acec615bc96da

SHA1
85a5f98bdf79dcbdfbba47a5a4130cb03054aa83

SHA256
125ee227521370936ca43d965b997ecbd869103d6a75e950dad0ee03914e3314

SHA512
2c834ef6b6111461678c60575e11b50a51c8513a272e4764f1e2f3d29fb66d0ec3c7d037863a0327d044a0ac59fa2f8cf21e3b28a824d15ad60518a68cfe528e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
9ee4d040c03764d1b83cec8cc75d0d15

SHA1
e4a58b174663efe2d0fb780a7583b67a93789121

SHA256
1d8c08aa9a97cd2b1bc79f9f6a49eb0c8579e4fc6bc6371a686d7bccc4e0d689

SHA512
277081261851cf2480a163b655780fd815b7f5559d715ebab343bc388bb5d7c6f8cd6d224c8612f42abb534ef848810e6746cef0578e96635b3434b25f89b63c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
103cc5229a67c1832e5ab182009e63ac

SHA1
52cfdbd925c3466e977ab7180433b73a62df920a

SHA256
9eb59e5d4ce0e40bc59c78e032e77ea2c8f71ca85ede2bd613a1a276814c57a1

SHA512
354b4c4a8275632f36c54d96293d4709c5b4dab949f1128198209b4b17f73f63f6f2d4b714262a100cb7bced2c3579bd8e3015781e3b27b555ad3febd632639a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59eb50.TMP
Filesize
48B

MD5
28077265572e5e5fd98d2760c4627d5f

SHA1
eda6057035f71d2d5b0e7aa608f5dc7520381286

SHA256
1a0b514b375651355c9c0b08b45cb1bd70a56c74496c52106e7ff60a9c717c7a

SHA512
8e3bf41558ad3cbc2aec09c719bff44e93cf4d3f696708a34f354cfcdc9fe1441ddee72cc9886628a302a0a61263d4903256ad8fb1d77276102348bade7b4b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
262KB

MD5
0ac5c159ec08add042f1e6b5417d6828

SHA1
2cbe938b877c872ef0e50c23c17d6cef986a3e2a

SHA256
75cd5ec87f37297cd014279e35e05031acd72fd38f792532ddd851aec98666df

SHA512
ded40c302aa52f8f1653fe48f9fb26c51049c852b09af364b58e4cf198bfdc5f9768cac1e23ed152fb3ce610a5f8a3aa71ea01cbfafa3b904bcc7d1401fd4d88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
282KB

MD5
a02a30bf0b97b1d1f41e920157755363

SHA1
e87520c7e775bf56566f940245dbaa8142371ecd

SHA256
d0cdd082bf3c962dd2e14856e852a21ea539011190e434dd9d7c5f857690d281

SHA512
cf28b4fbe86a9fee6bca39b04e360f5e46ddd02d9e9af90486f26fa8014abcc5df2b7da76b2fe1eef211ee7892cfbcb450b2a94dd6a9b9745827b523c175eff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
55990e4c6fe5da35dedb851d86a93865

SHA1
b8ae056d142cc36a23d71e975e594795162943e4

SHA256
87b182eaff72d8fe2767c70ceeb056938e126d3e263f5060d25c1e7d8f505590

SHA512
d596a5ddc4702675014b29ba2c41d3180ccc3c11cfc3dcab8c9b7df4d3b36ad2eccd8f61817c94533adaefad9273a376e5f1939e25a367ce8720d903f4f35aa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
262KB

MD5
00b78a5fbf2a7d52a147b9df148ba4b4

SHA1
41f19b1fd766f307faccdc4b47fc18fc57a470ca

SHA256
9598bb81e5165ac72acc548ddc83f3354ea41ce0d1ffa4c0d48a650b9d3962cf

SHA512
bfb2cb8c00c9190e18d9c7ed77f8a8c1193f7b178f7268ae54dc41193530158d143e98e5c052298a2ad53fd32dd62d3dbddf8e666f759990a5b7e587c33390b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
93KB

MD5
bf653b5487faf3918f9496c0a290913c

SHA1
a661bac2366e3a60b8cdfca26db4b545629dbd01

SHA256
eb15b5fa4cb905565aa8f54a97eecfa7ecfbbf64745c4d6f7c6ddac2a9153792

SHA512
b22b77cef51ecfd70f93e3e05c0a3d9fcedf452dce299b16071183e55eb4f51e825ef4ecfe6606ed6d1066c1ba94a4f7ff4c50c5e46e197d556e0f28be7a4727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
92KB

MD5
dfab84ef272bfee551fc45bdf857261d

SHA1
d1c803de3f5a55a00f3fe487238290aca6425740

SHA256
c91640bf9b92d4fe4d34edc1a110ab5ec6a2a53753f0d45c702f82b0236f8465

SHA512
8db1a29c583b76e9df5811a00d4057a7fc6f091f5f0938cb9980cf817bf9d4d81f9b8553b178b413238215d984b1261fdc738136de06cb8ff7f928b143f343d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59ddb4.TMP
Filesize
89KB

MD5
f3d53114c0c12e109d67fd97e7ae8ec8

SHA1
4ce83cff2fcd132d3eb9627d2e4d1465873cc87c

SHA256
72882cbb30f3836943b105a7d151efafcb6d906d135c8736c148607cc786fa78

SHA512
fc1d8e48ab0294470b53c5f6af2fea12596c705ddb523f2b19ee4ecdae9fc0c3e6e6663980caf1597922e25370202059248168a07c2c8d1c0c767f73d0b0ccff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
Filesize
488KB

MD5
851fee9a41856b588847cf8272645f58

SHA1
ee185a1ff257c86eb19d30a191bf0695d5ac72a1

SHA256
5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

SHA512
cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
Filesize
43KB

MD5
34ec990ed346ec6a4f14841b12280c20

SHA1
6587164274a1ae7f47bdb9d71d066b83241576f0

SHA256
1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

SHA512
b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
Filesize
139B

MD5
d0104f79f0b4f03bbcd3b287fa04cf8c

SHA1
54f9d7adf8943cb07f821435bb269eb4ba40ccc2

SHA256
997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

SHA512
daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
Filesize
43B

MD5
c28b0fe9be6e306cc2ad30fe00e3db10

SHA1
af79c81bd61c9a937fca18425dd84cdf8317c8b9

SHA256
0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

SHA512
e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
Filesize
1KB

MD5
13babc4f212ce635d68da544339c962b

SHA1
4881ad2ec8eb2470a7049421047c6d076f48f1de

SHA256
bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

SHA512
40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Newtonsoft.Json.dll
Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\VCRUNTIME140.dll
Filesize
99KB

MD5
7a2b8cfcd543f6e4ebca43162b67d610

SHA1
c1c45a326249bf0ccd2be2fbd412f1a62fb67024

SHA256
7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

SHA512
e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll
Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.dll
Filesize
4.2MB

MD5
114498719219c2427758b1ad9a11a991

SHA1
742896c8ec63ddbf15bab5c1011eff512b9af722

SHA256
913059869dca00dfa49bcf2691b384eb9804739d9148e3671cf1d6b89c828c42

SHA512
4f36ea0c5e8af8087ecf92fa49e157dcc94a1cc68563fc97b3fe026b92c0abdbe640bf347c24a666f59b60380367f85daab1a15e2c4902921e63e1b741c01452

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe
Filesize
85KB

MD5
5e1bc1ad542dc2295d546d25142d9629

SHA1
dd697d1faceee724b5b6ae746116e228fe202d98

SHA256
9cc1a5b9fd49158f5cca4b28475a518cb60330e0cad98539d2a56d9930bdf9f9

SHA512
dc9dbecec37e47dd756cd00517f1bfe5b27832bd43c77f365defc649922cb7967eb7e5de76d79478b6ebfd99a1cc2e7e6b5119a05a42fd51a1c091b6f00f2456

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Extension State\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_1
Filesize
264KB

MD5
17bd7672040db656308d76d6e66a3095

SHA1
8ed1945d141244a8807a94d78f9150f4a311a31f

SHA256
73c89191d5808f65ddf660bff7827dd0aaa68747418749c5f2835bb824a0e665

SHA512
c3c8fdb9212f7187715454a64f4888f8cbe4805b8d0f754875fc11d623df27976c62eb58c64f35399d6e63d3094262ab9169c0255653d177feced62d8d6aa0b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt
Filesize
34B

MD5
0e2184f1c7464b6617329fb18f107b4f

SHA1
6f22f98471e33c9db10d6f6f1728e98852e25b8f

SHA256
dbf5f44e1b84a298dbbcad3c31a617d2f6cfa08eb5d16e05a5c28726c574d4eb

SHA512
8e745c0215d52e15702551f29efb882a5eba97b5f279ccc29293b1a9b1b8661bf71b548569f9a99fa35c35a15d1b6b288d3c381c1292418c36dc89e2fa0b3a37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
Filesize
522KB

MD5
e31f5136d91bad0fcbce053aac798a30

SHA1
ee785d2546aec4803bcae08cdebfd5d168c42337

SHA256
ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

SHA512
a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
Filesize
113KB

MD5
75365924730b0b2c1a6ee9028ef07685

SHA1
a10687c37deb2ce5422140b541a64ac15534250f

SHA256
945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

SHA512
c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

Download Submit
\??\pipe\crashpad_4172_NHAODRRQIONFKNND
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1896-1933-0x00000158B4900000-0x00000158B4901000-memory.dmp

Filesize
4KB

Download
memory/1896-1943-0x00000158B4900000-0x00000158B4901000-memory.dmp

Filesize
4KB

Download
memory/1896-1938-0x00000158B4900000-0x00000158B4901000-memory.dmp

Filesize
4KB

Download
memory/1896-1931-0x00000158B4900000-0x00000158B4901000-memory.dmp

Filesize
4KB

Download
memory/1896-1932-0x00000158B4900000-0x00000158B4901000-memory.dmp

Filesize
4KB

Download
memory/1896-1937-0x00000158B4900000-0x00000158B4901000-memory.dmp

Filesize
4KB

Download
memory/1896-1940-0x00000158B4900000-0x00000158B4901000-memory.dmp

Filesize
4KB

Download
memory/1896-1939-0x00000158B4900000-0x00000158B4901000-memory.dmp

Filesize
4KB

Download
memory/1896-1942-0x00000158B4900000-0x00000158B4901000-memory.dmp

Filesize
4KB

Download
memory/1896-1941-0x00000158B4900000-0x00000158B4901000-memory.dmp

Filesize
4KB

Download
memory/2664-5-0x0000000005530000-0x0000000005542000-memory.dmp

Filesize
72KB

Download
memory/2664-1888-0x0000000074A50000-0x0000000075200000-memory.dmp

Filesize
7.7MB

Download
memory/2664-3-0x0000000074A50000-0x0000000075200000-memory.dmp

Filesize
7.7MB

Download
memory/2664-2-0x0000000002540000-0x000000000254A000-memory.dmp

Filesize
40KB

Download
memory/2664-0-0x0000000074A5E000-0x0000000074A5F000-memory.dmp

Filesize
4KB

Download
memory/2664-1-0x0000000000170000-0x000000000017A000-memory.dmp

Filesize
40KB

Download
memory/5088-1892-0x00007FFB52BC0000-0x00007FFB53681000-memory.dmp

Filesize
10.8MB

Download
memory/5088-1930-0x00007FFB52BC0000-0x00007FFB53681000-memory.dmp

Filesize
10.8MB

Download
memory/5088-1927-0x0000024973D70000-0x0000024973E22000-memory.dmp

Filesize
712KB

Download
memory/5088-1922-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/5088-1921-0x00007FFB52BC0000-0x00007FFB53681000-memory.dmp

Filesize
10.8MB

Download
memory/5088-1918-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/5088-1920-0x00007FFB52BC3000-0x00007FFB52BC5000-memory.dmp

Filesize
8KB

Download
memory/5088-1915-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/5088-1916-0x00007FFB64930000-0x00007FFB64954000-memory.dmp

Filesize
144KB

Download
memory/5088-1914-0x00000249783D0000-0x00000249783DE000-memory.dmp

Filesize
56KB

Download
memory/5088-1913-0x0000024978400000-0x0000024978438000-memory.dmp

Filesize
224KB

Download
memory/5088-1912-0x0000024977E00000-0x0000024977E08000-memory.dmp

Filesize
32KB

Download
memory/5088-1909-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/5088-1910-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/5088-1911-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/5088-1908-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/5088-1895-0x00000249734A0000-0x000002497351E000-memory.dmp

Filesize
504KB

Download
memory/5088-1897-0x0000024973320000-0x000002497332E000-memory.dmp

Filesize
56KB

Download
memory/5088-1893-0x00000249733E0000-0x000002497349A000-memory.dmp

Filesize
744KB

Download
memory/5088-1891-0x0000024973770000-0x0000024973CAC000-memory.dmp

Filesize
5.2MB

Download
memory/5088-1889-0x0000024970CB0000-0x0000024970CCA000-memory.dmp

Filesize
104KB

Download
memory/5088-1887-0x00007FFB52BC3000-0x00007FFB52BC5000-memory.dmp

Filesize
8KB

Download