Malware Analysis Report

2024-10-16 07:00

Sample ID 240609-r5hnksbf41
Target SolaraB.zip
SHA256 2510be907ec476e8375ac7b5431536ae9a32bf99fe77ab695a5100852b111b96
Tags
themida
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

2510be907ec476e8375ac7b5431536ae9a32bf99fe77ab695a5100852b111b96

Threat Level: Shows suspicious behavior

The file SolaraB.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

themida

Themida packer

Legitimate hosting services abused for malware hosting/C2

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-09 14:46

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-09 14:46

Reported

2024-06-09 14:49

Platform

win10v2004-20240426-en

Max time kernel

0s

Max time network

71s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.0.1179053611\1145084917" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c0a44a4-10d2-4d97-bbad-52fd222bdf9b} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 1836 22191716d58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.1.162945662\785262636" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4de80a34-8660-4df3-aea3-788ad6732229} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 2404 22184a89358 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.2.1759716429\292699726" -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 2980 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52fe2bcc-e936-4d8c-8603-637edc86917b} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 2996 2219450ce58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.3.1614237144\1390886681" -childID 2 -isForBrowser -prefsHandle 3844 -prefMapHandle 3828 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e52c5c9-cc9e-44fe-9b3f-0e183c2faab5} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 3856 221962c5358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.4.1731217342\1423780405" -childID 3 -isForBrowser -prefsHandle 5180 -prefMapHandle 5176 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2678ed1-00c0-43cf-9115-8c12664f9b19} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 5188 221970f7e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.5.1149922110\1608304677" -childID 4 -isForBrowser -prefsHandle 5328 -prefMapHandle 5332 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31c40498-e142-470a-a3d7-3467ff0a01fa} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 5316 22198408e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.6.1564947225\1225354899" -childID 5 -isForBrowser -prefsHandle 5520 -prefMapHandle 5524 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff3226e7-434f-443b-981e-a4c1497268ef} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 5508 2219966b858 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 204.79.197.203:443 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

memory/3728-0-0x00000000744BE000-0x00000000744BF000-memory.dmp

memory/3728-1-0x00000000007C0000-0x00000000007CA000-memory.dmp

memory/3728-2-0x0000000005190000-0x000000000519A000-memory.dmp

memory/3728-3-0x00000000744B0000-0x0000000074C60000-memory.dmp

memory/3728-5-0x0000000005C80000-0x0000000005C92000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc

MD5 c2ab942102236f987048d0d84d73d960
SHA1 95462172699187ac02eaec6074024b26e6d71cff
SHA256 948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a
SHA512 e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc

MD5 c28b0fe9be6e306cc2ad30fe00e3db10
SHA1 af79c81bd61c9a937fca18425dd84cdf8317c8b9
SHA256 0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641
SHA512 e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc

MD5 d0104f79f0b4f03bbcd3b287fa04cf8c
SHA1 54f9d7adf8943cb07f821435bb269eb4ba40ccc2
SHA256 997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a
SHA512 daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE

MD5 13babc4f212ce635d68da544339c962b
SHA1 4881ad2ec8eb2470a7049421047c6d076f48f1de
SHA256 bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400
SHA512 40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

MD5 f8f4522d11178a26e97e2046f249dfa7
SHA1 8b591d9a37716e235260fb6b3f601e4ccbebf15d
SHA256 3c372a8919c28dc76414b2f30da423c3e1018b1a8444527949ce20cc3fc93ed0
SHA512 52ea881cad501cf1d5e8ac47355e862ac1bd39cb6e1ff3d362d392b6f2d676e74878832505d17a552aaa3bc8f3977da11fa3f9903722eedd23716fb46ddb7492

memory/3728-1473-0x00000000744B0000-0x0000000074C60000-memory.dmp

memory/5084-1472-0x000001F2E8A10000-0x000001F2E8A2A000-memory.dmp

memory/5084-1471-0x00007FFA87653000-0x00007FFA87655000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll

MD5 b689169b2956fff21f686f39106fa7fc
SHA1 0bf7c393b9820813527f44956bc245cfe4d25a41
SHA256 4f10137da039041165ce3c6eea382da44908e20a531a461512946c894b1fcf77
SHA512 194a7a501e9524a6fb12a766c2ef3c9ab3f518bc72c888581e55955a88ee3a423cf3f59c10c5341603ff20e0d18df42653d8940f84459b8137879f2727a91fb9

memory/5084-1476-0x00007FFA87650000-0x00007FFA88111000-memory.dmp

memory/5084-1475-0x000001F2ECBB0000-0x000001F2ED0EC000-memory.dmp

memory/5084-1477-0x000001F2EC860000-0x000001F2EC91A000-memory.dmp

memory/5084-1481-0x000001F2EA7A0000-0x000001F2EA7AE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll

MD5 34ec990ed346ec6a4f14841b12280c20
SHA1 6587164274a1ae7f47bdb9d71d066b83241576f0
SHA256 1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
SHA512 b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

memory/5084-1479-0x000001F2EC920000-0x000001F2EC99E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll

MD5 851fee9a41856b588847cf8272645f58
SHA1 ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA256 5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512 cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll

MD5 a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1 dd109ac34beb8289030e4ec0a026297b793f64a3
SHA256 79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA512 2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dll

MD5 7a2b8cfcd543f6e4ebca43162b67d610
SHA1 c1c45a326249bf0ccd2be2fbd412f1a62fb67024
SHA256 7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f
SHA512 e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll

MD5 75365924730b0b2c1a6ee9028ef07685
SHA1 a10687c37deb2ce5422140b541a64ac15534250f
SHA256 945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b
SHA512 c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

memory/5084-1492-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll

MD5 e31f5136d91bad0fcbce053aac798a30
SHA1 ee785d2546aec4803bcae08cdebfd5d168c42337
SHA256 ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
SHA512 a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll

MD5 c4ce570d3d045f1d2a5a279bdb4e79aa
SHA1 ecea98e2e66c0949c6e67df51c31cc13155316b2
SHA256 d9ece044d2d85392e78d7e75d378b66d6ce0f57e20c53a2a5fa69cf3798fcbcb
SHA512 30ae49c0ac9403374c5ae376c2f2fa224af62c55ffb0c4d2d0db209c87c445b7ac05628132242e8a3b0505dcb0488e6edf300a7accf18ec6bebc3149d45a0fb9

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll

MD5 cb21dd3353ec9d9b9b24d2736bd91317
SHA1 acf87c778072b55baecd0fc1018ba5df0cafc8bd
SHA256 79322cabf204a2bfb5fa1a1f622badf50756bb6d9619e9db515a0006f31602b2
SHA512 04ddbe1c5fb6c5b441b0173fe3b301990e554986ae419e08e3fc189c782fa6a2b5b0c1aed08d394c3b15c0026ada235fb3aa148e692b7cc3ff2b9c4359435256

memory/5084-1493-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt

MD5 6b09afc61af8884f2fc6204922e970be
SHA1 fe3da40f27e8dc2b8e2392c9590666982fff3398
SHA256 f99a87a0c9006940f0d9efa1331d253dcf56016c82f4e266b507c303bb8493a6
SHA512 69ac27dbd690d1919a5da98e5f427328147c18a338596a0cf7ccb2cd09594da388fc4bb5df660bb4ca5a630f3ffc3ee3783b24c262683d2c5992db2f1abca8ea

memory/5084-1495-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/5084-1494-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/5084-1497-0x000001F2F1280000-0x000001F2F1288000-memory.dmp

memory/5084-1499-0x000001F2F1830000-0x000001F2F183E000-memory.dmp

memory/5084-1498-0x000001F2F1860000-0x000001F2F1898000-memory.dmp

memory/5084-1500-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/5084-1501-0x00007FFA96E70000-0x00007FFA96E94000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs-1.js

MD5 1e16344bd24b516adf18665a9a8e5351
SHA1 d5615614ef532490076a3ecb043a959c2abfef5e
SHA256 cab22da46737828d06c31e221aaa95e5c9c3848d11edf94775fe67b4a15e578b
SHA512 b01fc5c81f348abffc56002ce38c76efa1e0b1ce5faa01e78b756bdc1e60a05df15fcd8d9ef3f9ca38d2d8c584215a6626717ed5c653dee515877eabfcefd7d8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\activity-stream.discovery_stream.json.tmp

MD5 6fc297a3e1fbd95386fd1cb287c7c1e4
SHA1 90a5d9eb2411ad4e9c2eef40fc155d5c192fd8da
SHA256 581b5c305d04efd05a333c9d72789bd8903c50bf6d0c0e3b00347e27f48ce228
SHA512 4453b57c454f2682f18ae804b9f5174b7e3bc90b2cd3bffc24b4ff63b9718c968c2a14b19f23b5828f0b793a826a3b478aa2972a2ed2fd8dad37d3d97a5612f8

memory/5084-1550-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/5084-1552-0x00007FFA87653000-0x00007FFA87655000-memory.dmp

memory/5084-1554-0x00007FFA87650000-0x00007FFA88111000-memory.dmp

memory/5084-1557-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/5084-1559-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 76ab0987ec505d828adc45088deb715f
SHA1 4805dcfb26dff2c1139c9af476c48da5211a2635
SHA256 58c9dc658af3cb1bc5781708d384b1d46feb577ea8aa76b35cfda23268e31ef1
SHA512 c65d477aea47763b7f949ba7ac45a5584cf1dce67f33683f24bbef8b9e380da19238899dcd01cdb712e8582789e8c17d094fb48124be89042693579274854992

memory/5084-1566-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs-1.js

MD5 a1d41a077d5d96850afebf92a77b7eae
SHA1 745b8b36630a554e4441e88bfbf999cf6c0f92a2
SHA256 626321f685bce132ba76481b412434290f46381d05617228c9098e8d9fbedf77
SHA512 63cbe54824e99180ccda661b054157f1890313192ed30a4f4251bd9709f3d1ccbfef23f3df1d35bc54327270398239a44aeeee75a3dcc6a27f387e67fe01abfb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 17359981162cb4a159bda50d1b207fe5
SHA1 ef1b560f9cfc1bb74cc392390417611dbb9b9e69
SHA256 4549729a353050d45a28e8b7e23c8038239b2d887a242fb149eb56fdc6d2b412
SHA512 8de8313a4fc519bfffee0f990d09cefb7174fc182e68f9c2ff37f272e9f0f0ea13f96d6b71d2cc139f30fe0992ae6dbea28bb5ff633cf3755c36f899e467a80b

memory/5084-1581-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/5084-1587-0x0000000180000000-0x0000000180E54000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 14:46

Reported

2024-06-09 14:50

Platform

win7-20240221-en

Max time kernel

14s

Max time network

18s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
GB 20.26.156.215:443 github.com tcp

Files

memory/2168-0-0x0000000074A4E000-0x0000000074A4F000-memory.dmp

memory/2168-1-0x00000000011F0000-0x00000000011FA000-memory.dmp

memory/2168-2-0x0000000074A40000-0x000000007512E000-memory.dmp

memory/2168-3-0x0000000074A40000-0x000000007512E000-memory.dmp