Analysis
-
max time kernel
149s -
max time network
157s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
09-06-2024 17:15
Static task
static1
General
-
Target
SolaraBootstrapper.exe
-
Size
13KB
-
MD5
6557bd5240397f026e675afb78544a26
-
SHA1
839e683bf68703d373b6eac246f19386bb181713
-
SHA256
a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239
-
SHA512
f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97
-
SSDEEP
192:konexQO0FoAWyEfJkVIaqaLHmr/XKT0ifnTJ1jvVXctNjA:HnexHAWyEfJoIaqayzKAifd1LVEj
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Executes dropped EXE 1 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exepid process 3364 cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Loads dropped DLL 5 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exepid process 3364 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3364 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3364 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3364 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3364 cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll themida behavioral1/memory/3364-1493-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-1495-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-1496-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-1494-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-1659-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-1957-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-1994-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-1995-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-2036-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-2068-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-2098-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-2112-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-2174-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-2195-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-2228-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-2894-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-2942-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-2985-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3364-3024-0x0000000180000000-0x0000000180E54000-memory.dmp themida -
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
Processes:
flow ioc 1 raw.githubusercontent.com 3 raw.githubusercontent.com 5 raw.githubusercontent.com 18 raw.githubusercontent.com 34 raw.githubusercontent.com -
Drops file in System32 directory 2 IoCs
Processes:
chrome.exedescription ioc process File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF chrome.exe File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF chrome.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exepid process 3364 cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Drops file in Windows directory 1 IoCs
Processes:
chrome.exedescription ioc process File opened for modification C:\Windows\SystemTemp chrome.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
chrome.exemsedgewebview2.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedgewebview2.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133624269501748627" chrome.exe -
Modifies registry class 1 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{F2AEEE77-0B52-4613-B378-EBDB93AB3BB3} chrome.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
Processes:
SolaraBootstrapper.exemsedgewebview2.exechrome.exemsedgewebview2.execd57e4c171d6e8f5ea8b8f824a6a7316.exemsedgewebview2.exechrome.exepid process 5100 SolaraBootstrapper.exe 5100 SolaraBootstrapper.exe 2856 msedgewebview2.exe 2856 msedgewebview2.exe 1708 chrome.exe 1708 chrome.exe 1964 msedgewebview2.exe 1964 msedgewebview2.exe 3364 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3364 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 2020 msedgewebview2.exe 2020 msedgewebview2.exe 2020 msedgewebview2.exe 2020 msedgewebview2.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 3364 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3364 cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
Processes:
msedgewebview2.exechrome.exepid process 4204 msedgewebview2.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
SolaraBootstrapper.exechrome.exedescription pid process Token: SeDebugPrivilege 5100 SolaraBootstrapper.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe Token: SeCreatePagefilePrivilege 1708 chrome.exe Token: SeShutdownPrivilege 1708 chrome.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
Processes:
msedgewebview2.exechrome.exepid process 4204 msedgewebview2.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
chrome.exepid process 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe 1708 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
SolaraBootstrapper.execd57e4c171d6e8f5ea8b8f824a6a7316.exemsedgewebview2.exedescription pid process target process PID 5100 wrote to memory of 3364 5100 SolaraBootstrapper.exe cd57e4c171d6e8f5ea8b8f824a6a7316.exe PID 5100 wrote to memory of 3364 5100 SolaraBootstrapper.exe cd57e4c171d6e8f5ea8b8f824a6a7316.exe PID 3364 wrote to memory of 4204 3364 cd57e4c171d6e8f5ea8b8f824a6a7316.exe msedgewebview2.exe PID 3364 wrote to memory of 4204 3364 cd57e4c171d6e8f5ea8b8f824a6a7316.exe msedgewebview2.exe PID 4204 wrote to memory of 2556 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 2556 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1072 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 2856 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 2856 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1124 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1124 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1124 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1124 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1124 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1124 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1124 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1124 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1124 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1124 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1124 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1124 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1124 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1124 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1124 4204 msedgewebview2.exe msedgewebview2.exe PID 4204 wrote to memory of 1124 4204 msedgewebview2.exe msedgewebview2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5100 -
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3364 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3364.3568.135428932421624994733⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4204 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b8,0x7fff0d883cb8,0x7fff0d883cc8,0x7fff0d883cd84⤵PID:2556
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1844,3980672132315084967,2857256052170351441,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:24⤵PID:1072
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,3980672132315084967,2857256052170351441,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2192 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:2856 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,3980672132315084967,2857256052170351441,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2488 /prefetch:84⤵PID:1124
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1844,3980672132315084967,2857256052170351441,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:14⤵PID:740
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,3980672132315084967,2857256052170351441,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4612 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:1964 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1844,3980672132315084967,2857256052170351441,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3524 /prefetch:84⤵PID:1880
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1844,3980672132315084967,2857256052170351441,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4460 /prefetch:84⤵PID:1516
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1844,3980672132315084967,2857256052170351441,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1668 /prefetch:24⤵
- Suspicious behavior: EnumeratesProcesses
PID:2020 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1844,3980672132315084967,2857256052170351441,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=880 /prefetch:84⤵PID:4876
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2524
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4036
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1708 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff0b6acc40,0x7fff0b6acc4c,0x7fff0b6acc582⤵PID:3612
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1800 /prefetch:22⤵PID:4640
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2092 /prefetch:32⤵PID:3372
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2148 /prefetch:82⤵PID:3048
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:1936
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:3100
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4460 /prefetch:12⤵PID:3016
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4616,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3600 /prefetch:82⤵PID:2036
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4692 /prefetch:82⤵PID:1032
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4652,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4264 /prefetch:12⤵PID:4860
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3336,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4300 /prefetch:12⤵PID:3756
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5000,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5016 /prefetch:82⤵PID:3548
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5008,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5064 /prefetch:82⤵PID:4900
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4892,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:3900
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5028,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3252 /prefetch:82⤵PID:2000
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=224,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5280 /prefetch:82⤵
- Modifies registry class
PID:236 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3416,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3440 /prefetch:12⤵PID:2840
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4300,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4588 /prefetch:12⤵PID:2252
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5572,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:556
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5664,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:2040
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6004,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6044 /prefetch:82⤵PID:1912
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6032,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6176 /prefetch:82⤵PID:2148
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3304,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5892 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:1648 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6056,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4604 /prefetch:12⤵PID:3908
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5888,i,15888458019848125164,11045856044962084578,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2408 /prefetch:12⤵PID:2252
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:2276
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1716
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x000000000000049C 0x00000000000004E41⤵PID:4100
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5b5ad5caaaee00cb8cf445427975ae66c
SHA1dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA51292f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f
-
Filesize
4B
MD5f49655f856acb8884cc0ace29216f511
SHA1cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA2567852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8
-
Filesize
1008B
MD5d222b77a61527f2c177b0869e7babc24
SHA13f23acb984307a4aeba41ebbb70439c97ad1f268
SHA25680dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff
-
Filesize
78KB
MD59631508036bfb763ca015e866d069814
SHA115aa255e3ca593eab4028ea9e195432077201016
SHA2564b69877324147ea30e22ad4a914abdfcf8356901eb52cc6a88f4c8a47ce1705b
SHA5127c0c33a1bcf5294b833be4153fc255f9a982a31b2d52a132b0a216678395a5b2e5a67ef8c951541aad2d559dbe28cc81b53c6db4442522358ab7aa9483897d4c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0ae290b6-5b1e-4bdb-a49c-bdca8f7c1032.tmp
Filesize10KB
MD5872486fe7dd3c28b22f2329c7092ff9c
SHA145fdd433bcc62066a6126b36ab35ef44e59d2982
SHA256685edd7002f63ac1ae346d7fd9ca4d8df499e01ff099b4d1f688d6e2cdd8aa7f
SHA5120a70dc4c49a1a884539005f1f2a595115253b0400b69172e6e3828dab5c63d26f790ff47c50428a09c1c55e735e450fe215b8a746f72971f999fdcb8ed3e4abb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\61345d71-4e84-46e6-8704-a186229bf24b.tmp
Filesize649B
MD55a780ad7548199c8733976aef90f2d04
SHA1e072941c9c29aadef8796ea549b57cb44ebb59db
SHA2560857572f492760dec4e5e5705138e5ed8590d6d86de9e5ed0a4816e70c905e04
SHA5122aa1b3dac0f2fb8dfe047040a951ad88fb484215a4a2e459500b5827ce4282df7b27c184fe5db3679502c5419f9e40d7d5ea3d212b0895a3819e900101127700
-
Filesize
87KB
MD5d2895d96341b1d0c1eefec5fb110bbbd
SHA13e8cfcf221da48d743936a5acce94851d0a3a3b2
SHA256d389e6eb3728840e524e4aa67ea2e0cda842ba753df9390539fb3768651d27bd
SHA51215623935d525a08f663296543a43483551b4d888367147d7def69d5752b88a169ebfd96ef425a5cde9c1263a35c8059390ace0f94c79c390a936bf52e1e84c38
-
Filesize
51KB
MD5588ee33c26fe83cb97ca65e3c66b2e87
SHA1842429b803132c3e7827af42fe4dc7a66e736b37
SHA256bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA5126f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04
-
Filesize
5KB
MD5bf0e47d737b3e56cb0eeb6b77cc305c2
SHA1a1962e0a60f34f8902fa66b6a068464e93b9e5bb
SHA2560025a12198602d41f5699a26305e354cb0c027882d4efbf37abb4f53681c9895
SHA5124c600fe2f11cadeb72f7686e5e711e68955d85a7278465863c58e2376773d3b4097085294bd7a2767f9d6f5504a8a67c251da55bc44b619ffd74d16df844a747
-
Filesize
2KB
MD57bc0fa1f69e80bb428e3ac1ff94cbb49
SHA11140007fb5dc5c055bff5ce8df0ef3b1a05994f6
SHA256f8272ba0a5a176f69ec4bed6031bfab27939d50c6cc29d8af766fc7531c4fbe5
SHA5129f2c0beb5439252666b424bff5771baeca1cc5f2db28f33ecfc1bb7df11984b1e106c3c1c05842ee7cb76c41fe5ed582bb6e9f6a246a249f9bb79726ec604015
-
Filesize
6KB
MD59f5ccdcb45692ed7ad942cdd81b533cd
SHA1d4c3dbcac44033f72c757c236f3369b1097b8c31
SHA256cdcb5d295b6db19c9c612849a6752a43e7fa38f45721f47388cd52e18e4091e6
SHA51207ab17e438a9ce0b0b56a9f1cc635b4ac34fce17adf2c04a762199c7c5f895015c9863c396fcd06daf0d49df5bab8da8733fd646378572f5263b1c38728e3613
-
Filesize
16KB
MD5b9fc69d5413bd856907cd674dad0def0
SHA157c6445b87dae573bd19e606287e373d88a7a95e
SHA2561a883200b5042178fbc59ab19185f868ca4c9b14826731c9c86c56e077a1eb0d
SHA5124ebfc326eddbc68d5b66f8475377db7bdc60f4f46e0e9d8e644d341028880e951fda746e69154b1dce7077c9f5e3581130dac348b17e1e178aa5a38c06c5960c
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD507261b0a48dba679b6b31f4aa1c8f904
SHA1c67ba145c5e7378a6d9fc5f00aacb0160db50135
SHA25629ceb2232a838a1ffe17b593bb090193579c63da7bf06f584676f6463eba6d48
SHA512d389faad3f10133a33663a66d485f970cc6a333061dbf9c4c02b98606ee6245e2862995691575bfed0577ced24b7a05aa7373a8bd8ab0b5c505195b6af45e8ef
-
Filesize
1KB
MD5d3db3b782d742e1cdcc8978026bc32d1
SHA1bc3fc18a5a03a218b60a66bf4dfca6b97d63005b
SHA2564fa6d510d750653d50076504406aeef8e2344d10f15e2b585beaadda1efdcbd1
SHA512576271a55ada91f0ed89f8ced8faecc877d5bec4abd56bf2bc57ede17ccb4d2023f4d5205780c6aad58d4274ccbb2cf8e5c11ba6a91258a28151fc60755c5f95
-
Filesize
1KB
MD5f298ee5a07ab3982033cb9993eb13c92
SHA1b3ac293c270080c8b2168eb0d8b948260930589b
SHA256fef8ca29608fc142fda6a75ebdf648586e3544007e8d22e2b120d67b3be5f9f9
SHA5129d6d333297d22a155e1d56baba67ef116f704f74f00b1a99d4aff3a62a9a80cd0c2579f5128cbfe39aec56b7876a1c1190d0b7ede53965e2829d072fd67501f6
-
Filesize
2KB
MD5a4d6139cb6ffc02553dadf128702ced4
SHA1bdc61182f8b03c61cc352604c4a925477a4a6a91
SHA2566cdd2bd0dbb757356b16cad5b32022981c7c25efdadf0272ef2d5c2cce54826d
SHA5128a737fd8d7d73dc92a7dca73fde5fd5b7f6588c129d74623c06b07750130fd6e9f6e037d80c1ee0904179a0c2fd2d10cc7751d604b3aaefc52593f89a6710692
-
Filesize
1KB
MD5e69f236ae50799e4084381104c4edc75
SHA1a878fa4108b88f310a31fe00548fa2000fccc1c5
SHA2562c1d132f3497b6d0c2d7649ce640f103595f53aae947214233d3aac7a753dd84
SHA5126f60cc69b102afc10900218c56dafe4a54cf298b45e75bd47d68b82386b51f53278f2c37808886501b6c2a7fb906792627711d54e69f8aff81e686956a329ae8
-
Filesize
5KB
MD5e0dbe3ff340e4bdf795494a37f10aeb5
SHA139812f4e80dd819c9c39bdeaab30585a1e4fa8d1
SHA256cc56256e3c85c351165316936d84633c749c4c2b0b395f830230e4f432e1619d
SHA512660caf216b909ed6490901d1b830f48b476b55f853d45a5774b0a822d8901af81390e720ae890e9821388bca572ede1eb74af9ed7004566bd60ec7e52ec5f56f
-
Filesize
5KB
MD53e3c813264dd482ea1ce3db4b8460471
SHA1014c51417fb3422a33a2d857c8831bc66e576225
SHA256731a1c8e0f011dc7dc7368be10438ccfbd9971cdbc18a4d7a3d71e7fa7a457ed
SHA5129c044e86952cc4454e8102f6d700d48dc945c65ec395a48f8047f2c572d0d10f3ec81b72d24d4f725994cbd671e65b2f580a3cbae1ad4780bb97098a68417c82
-
Filesize
5KB
MD5fc452c2dd60c5cb89acbb38b494dd672
SHA17da3f46a3ecf43a106bcc84894dec8ec25795f90
SHA2565e443779e00fa6652697b7aa3f2fb1b64d868dcd49e937f7e606f4727084196a
SHA512265ba9bba56f18bc04453bdc84bd53bf5d60a4146006e6bb20a8f45edff39f4d996cc10ead20a6b44dec8e43810b52ea203f0cf41f3a5fd87ab194001a86e3f6
-
Filesize
1KB
MD58874d5b30ed1d08b128b001c4ba4c560
SHA1ffac0e76e6776644aa44e8f538c57955a1af8925
SHA2569e8e0e44843b5cad07e58a40f1f7af1b8e1232f14820cefb10d4cf26204597d1
SHA512ae9074c885a7c01a796beaa9ac915fc285a8d376c40132ad0e9a19e55267f889f8d75e95efbcb77ee1c1cb8ebcaf2b296618a84a0291eec4ae65d23fe5065238
-
Filesize
1KB
MD599106ec628122bf24b2acd67bdb059fa
SHA1d7ae496ff892fffe4d2995b830fcf6d475dca762
SHA256b4c165e2f8b301d6de7822413552aa9a7321b2342f78515c8b2f76e205ebb676
SHA5124a5b089ca3ae524e73b938186917527ce3737aeb7ea9a01102ad0880f07c6ccb8fadb331f40fd6d74ae411a8d36269fe88df9fd8a35a246dddb647c520b82e6d
-
Filesize
1KB
MD571c9b712b99052727474dac55430d4a5
SHA1498217a62e4d022c5e27286d12fcf39a3fdd17aa
SHA2564c77516c7c0c480fe6454c74cc92699ea651161d856a550326b8c178319eecf8
SHA51292fc1f736adf7873c439dbdee98619bc1ec83c1671d1b37169595a71952b8bb90a16b8a5758e15527ddc3dbf0b6237417cd3854be72e0eb48840d66d74679324
-
Filesize
5KB
MD5a5e0de8eb5884bde888200a90ad76ae5
SHA15ce42305f9ee4029c8c3929a30009485e703a620
SHA256449fc4b75d5ba8661c9bc21f40fd31f2d0233549e386f01e38a3f34ff0bc937b
SHA51295e39277b21d80eed1688a8ed135a76a720ef4dff628f47ab9f1a367e101e5bf824d774fffe350dee7f25d8668cf49b84aac18b82c5ac05173cdda356e2d4774
-
Filesize
10KB
MD5e3e7a8fe24a1a2fa9677c2a2c4246bd6
SHA1b0fcbb3d5c1f3405a5ff1d23b50b5567adef8ff0
SHA256e8187ff6652f08134e96fa55bb62d9ba1d40dd44090b10a4c6424caeea046f44
SHA512a69baf4bb49f2aa8eeb9bddf99d9aa4e8d81f12d0ed1714ecc42301a4fe81d4ad6b8a2c33fcb7fd550e56d20824b6cfc0a0fe11c558b9715f044aa92226a1625
-
Filesize
9KB
MD5bf5ed76efd7750984f41c43e1d93ce19
SHA1352ac721bf4fba1adc02111c6ec3c4af2e0643ee
SHA25651208630eba1b3bcec38798041a9f6f70cfd0e5a1e6b36446953673724276945
SHA51205f6262e1249feb73e2a21d4fc29b99f059ea39c4cb67475f23d95433e1bf007072201fdcc64b71227eb0bc767efe3d1c3214719bb8c9fdc494311fe91e4606d
-
Filesize
10KB
MD51b11e1e22093cc121b8693795e3426ab
SHA1a5a17355ac65ff9eeedb9ee51c64f1b4cd8c846b
SHA25675047596c4c27a971ab87826b469d7b1d6f587cb73df906e37e3dcb27a5da426
SHA512ac0f07cec6216191ef54b4f44187aa7f9a46095c53871f9d934f9bc39bc87536720a7ae14a15d73d2bf9dac1a3165c28f161fe2241ade9cd3030586eaefcda98
-
Filesize
10KB
MD5de610f263319b89c1b9da8e112a9b6a5
SHA1d2192f495904048d1b4e0498d4f0ef513fbda681
SHA256e12a36fcde92355199bfbbde32643dd78225abc0cf37dab87edbde0d11b9742d
SHA512193e73f9749c72fd638d2f30733c163f080e2e9275ddb55a6050136599f4b23b3ab72e0b26191c5e4d09645c0d8603ff1e270b522b9348dac538d3f20e88e6ab
-
Filesize
10KB
MD5d018a68294fc9b2b24a84397b4357cfb
SHA1595149ab783f862d8b1db045d56576a470a0b618
SHA2564eb335278b15b0f93462b0b5b15b2868c7d506a22b23f60b6d8c40154afac850
SHA51217891fc88fb04bda4f9456ae8261e94e2563df58be0fa1d23187c0fceef217c0ad5c3a4f61af631ff1b5f8ad4d82ce7adad99bbb11b856d8c031b09c39d8d538
-
Filesize
10KB
MD5e2c15a3166823995e61210d1ae1d9ae6
SHA10ef5b5d3b7ab8ef74e01302d3853a4d9e18bf50b
SHA256d1e88ad69304fb6d6f1857f248a6e8b421ca251a057d8504e362b41c02146e6f
SHA512352c0419697cabab27839ac4f9053d5aee9b18b50a38427a21ca3ffc6009c5275460dc37eca307766ef7baea9144c022543131c7a0d3672d7eb8f659eccd92e5
-
Filesize
10KB
MD5e4bb4c985295cdd696b9150d070b759f
SHA1d5d4be6279fbd2a8c4770b7d3d7ed53cd3fb9cb9
SHA256ebd173e957ed9b96c43ea7435c4c65df67bb28638e2f825ed83a65b5b4a099f7
SHA512b1cb49f021f9ef7b825bda746aeb31cb5904cf260bc8490ee9bf8384090aea7760b8fed292cfa3e9330b749876cc3cb35e316aa7e4922ceddbd1b05391841934
-
Filesize
10KB
MD5c120856219c51ac7b0b457982998cdb8
SHA180e5f07d7d2b9df63e66a5acf945c9df3a897f58
SHA25665d6f51eca4f626f5abf24796ff9c63b3357c41499fbd585ecf6a7c4b0a5cd82
SHA51227ab443e8db5556804882744246f1fd579f13ca2992453fe3b3651b8dedb0ce3ae764a280816e20a6dbf32bf5ceb70e8849d1b36a73b53d9bb337fea7633411f
-
Filesize
15KB
MD5e9fdfb08af208883a504790f88103f24
SHA15af1c2440188ac5a6f3030c7e2e1862413b79fec
SHA256bba42df8eb0b5fb4884cefd31f1a4f6495bd27243e4172d0070ac43112961fd6
SHA5126ed519d5d8f4c08b088012b49844863fe6041bb2a96008e234cc2b5a32f2eed5c022ac653990ebb2345a0585482bc8b3f71ffae18f1de31ead2fe25deb584ceb
-
Filesize
94B
MD5cc5215204b9000a990b4ca6a06fa3513
SHA14736218add7a44f165e576faa4cf705c56ac5d37
SHA256e978c11ee9cc041b0d4b3325066d6cd6a7ae12cb553c454f96ba10e0209561d2
SHA512530436a5e8817c17265c6fde68ff8b773a3b008bb60887f600f47ade48365da197e27697c11f80c3b807614b2d374faf6d1d90c0d702519feec1d675a7a0fa1b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe59163d.TMP
Filesize158B
MD584ba297a33f958d551f20c27747cd2d3
SHA10fe13cb5cafd2263a0e5226e5ca8095a2860f0af
SHA256ae46456af275a70e1a5547553a2418677940676e2280f96890d97947daec9779
SHA512293ecf935d0bcb28369044f9f528f2919e5b2cd24e2b7c0f1c38fd3c334e6d1243ae03058a00ec79b79e8c02216bbe4a909617af53bcb7fc77fbaadf4be8b11d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
160KB
MD5da2366df91f4bd62338e7828554071e3
SHA19a35d8b6ac28d214042ae130d1cd1fbc86543bb8
SHA256180a98ed6069a57e5cff27fb4baa3cae7a930048752ce551132006826a7e010e
SHA512efcf000614d26574b9ed1b3f4a11309c5a8e2518679026e3bbb8d20784ea42cf6f4c9d3be13aab1d0f3f0bcd7cf464450560e71b10f5acf4a80533d82da38b59
-
Filesize
160KB
MD54edb5d347bdaa069d37d89f55c2dbb96
SHA1f84ca8ccea559f01efed27619e9a2214464a7354
SHA2565b81b487e2a472fb9416af7fa9cb5b5dce1cb34f09d28e2e3679446fb6b014f4
SHA512b4237461cad0ccfd5bf3f5ed65cfcf0e0ddaad23403816b321ff6a711746f96863d294f61cc803cbed74e1fb428199ca2bc72c1ca087a21633573d2b6ff951ec
-
Filesize
488KB
MD5851fee9a41856b588847cf8272645f58
SHA1ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA2565e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f
-
Filesize
43KB
MD534ec990ed346ec6a4f14841b12280c20
SHA16587164274a1ae7f47bdb9d71d066b83241576f0
SHA2561e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
SHA512b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0
-
Filesize
139B
MD5d0104f79f0b4f03bbcd3b287fa04cf8c
SHA154f9d7adf8943cb07f821435bb269eb4ba40ccc2
SHA256997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a
SHA512daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6
-
Filesize
43B
MD5c28b0fe9be6e306cc2ad30fe00e3db10
SHA1af79c81bd61c9a937fca18425dd84cdf8317c8b9
SHA2560694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641
SHA512e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9
-
Filesize
216B
MD5c2ab942102236f987048d0d84d73d960
SHA195462172699187ac02eaec6074024b26e6d71cff
SHA256948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a
SHA512e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479
-
Filesize
1KB
MD513babc4f212ce635d68da544339c962b
SHA14881ad2ec8eb2470a7049421047c6d076f48f1de
SHA256bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400
SHA51240e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182
-
Filesize
20KB
MD508d9ac1e35385587b0c3c8a73ea97234
SHA1d1db15b5e97152be999339d90630f68ed06a6b78
SHA256016cadaa9a8494b15efea920a5ea9c02b441e90dbc7c444e73db3b307f93a741
SHA5128061a5a92f828642ea2fcb319571efa406ed67a75b4d4da1aeb3da96391a72fcde670e3e52efef62d37ddc17f7eca5afa0d35aa02bfd1bcadd8e86240cb802a6
-
Filesize
5KB
MD58706d861294e09a1f2f7e63d19e5fcb7
SHA1fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23
SHA256fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42
SHA5121f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f
-
Filesize
171KB
MD5233217455a3ef3604bf4942024b94f98
SHA195cd3ce46f4ca65708ec25d59dddbfa3fc44e143
SHA2562ec118616a1370e7c37342da85834ca1819400c28f83abfcbbb1ef50b51f7701
SHA5126f4cb7b88673666b7dc1beab3ec2aec4d7d353e6da9f6f14ed2fee8848c7da34ee5060d9eb34ecbb5db71b5b98e3f8582c09ef3efe4f2d9d3135dea87d497455
-
Filesize
2.0MB
MD59399a8eaa741d04b0ae6566a5ebb8106
SHA15646a9d35b773d784ad914417ed861c5cba45e31
SHA25693d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18
SHA512d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8
-
Filesize
31KB
MD574dd2381ddbb5af80ce28aefed3068fc
SHA10996dc91842ab20387e08a46f3807a3f77958902
SHA256fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48
SHA5128841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e
-
Filesize
27KB
MD58a3086f6c6298f986bda09080dd003b1
SHA18c7d41c586bfa015fb5cc50a2fdc547711b57c3c
SHA2560512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9
SHA5129e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017
-
Filesize
133KB
MD5a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1dd109ac34beb8289030e4ec0a026297b793f64a3
SHA25679d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA5122a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50
-
Filesize
5.2MB
MD5aead90ab96e2853f59be27c4ec1e4853
SHA143cdedde26488d3209e17efff9a51e1f944eb35f
SHA25646cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d
-
Filesize
34B
MD50e2184f1c7464b6617329fb18f107b4f
SHA16f22f98471e33c9db10d6f6f1728e98852e25b8f
SHA256dbf5f44e1b84a298dbbcad3c31a617d2f6cfa08eb5d16e05a5c28726c574d4eb
SHA5128e745c0215d52e15702551f29efb882a5eba97b5f279ccc29293b1a9b1b8661bf71b548569f9a99fa35c35a15d1b6b288d3c381c1292418c36dc89e2fa0b3a37
-
Filesize
5.9MB
MD5987175c463ec9a5e76bab033cea9d859
SHA1ceed36975f4583a34c26150e045a97f5f019e769
SHA25624fca8dd76effd975d230f55eb107e1be6c03d658410274fe6340a2b3ec9075c
SHA5129851d254fef3fdfcd7b188893a9a547ed3f08eee82a72c273f13beb7d075beecd32e3c5c51f9e3135d7060fca71a2bf79dbdbb1a136549a9e408a6214feaa000
-
Filesize
85KB
MD5f8f4522d11178a26e97e2046f249dfa7
SHA18b591d9a37716e235260fb6b3f601e4ccbebf15d
SHA2563c372a8919c28dc76414b2f30da423c3e1018b1a8444527949ce20cc3fc93ed0
SHA51252ea881cad501cf1d5e8ac47355e862ac1bd39cb6e1ff3d362d392b6f2d676e74878832505d17a552aaa3bc8f3977da11fa3f9903722eedd23716fb46ddb7492
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize152B
MD5e7f024f74e1d4b92e36d0aa6e3158521
SHA1bb00329602e5505135813c04a11e7fad2823280c
SHA2569aca9dfe6cb5944eafef2e4484f05704fa3c285238242093278c75ce70774737
SHA512404c43593c2252d2ed364b0d998e28ce76e7db3577ad44632c2ef8f963dcbcaf4cac42856ecae249d91236373b9640118e06b2f0065f9226c5b26f20d949c0f4
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize152B
MD50ce78fbe212e6f30cac70feed996f939
SHA17c3404bdcfde1229838f722249bff2657b116f9c
SHA256af3dc4c6ed78f6eac902dfc93b6d5d762b9b0df473c8fcf56a2e82a719188ddd
SHA5129c1783d98188599653253e9075a6497037254daba7f54a44f1d3ce37737eab0284fadfedea21ed625f3cfecfa679fd3c788279f10615919241d42b0190e68820
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\throttle_store.dat
Filesize20B
MD59e4e94633b73f4a7680240a0ffd6cd2c
SHA1e68e02453ce22736169a56fdb59043d33668368f
SHA25641c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Local Storage\leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State
Filesize935B
MD59f4222038605a61a5d7278232456a90e
SHA1f38b28abb9fa9520b3ffc7d0f52dea2e0a7a53df
SHA25649ecac248ce4046cabad5f2216e58c19b84b9b6f730357f3d61cadc615030ae7
SHA5126a78fcc89e5b72ec40192c4a580ad522cb6d512145b1b76304d4ee513b278cbd98eb3f38ffcd4a065717df21b5150c8a5f624d65d3fbc1c4e2c507a076c11339
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State
Filesize59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
Filesize3KB
MD57272f5cee7933a4e3f0d0abd3398a695
SHA1e485a169dfa0c2a3cae573c1abb39bd50b38b3ce
SHA256cc5e2e3303c0c47289145422f108c407ffed5147dec924808ea88f0797fd0774
SHA5126e018a857976264ad7c7f2cba960f20fad02ba5d35ca842eacf0cc2c1ffa3d2104e99ece7a2d1b95129af44f7e21aa89ac89d4c1081e9cd3cd1e734ef2b17f3b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences~RFe58878a.TMP
Filesize3KB
MD51a6551134c2a69f63137b8d5fbf69f7a
SHA1df195444ff211089b1da5c5e2b0a392b43752972
SHA256868cbfdfd2b2a72ea32eed4d5b452a178318989be67a346d67410bb85b1950bf
SHA51232cf596fb5f89f05c99d8d1ea5fdd081f5262faaca9a138b65a68a60ee17c3283dcda3dc5573acc65d1811af8c96a8b36e15f8430f00df5df86525633f91efa8
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT
Filesize16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize8KB
MD5144af9247b1aa7cc86753a6d450ef7d1
SHA1ae548dde26e8bf55bc2b1739971867a5b85b669c
SHA256ace00c10d79895303010c930d8dcdfbdaa528417ead3b901004c7331416de51c
SHA51221e5308a53a52163117b3c8681ab250bc245c2cc3314c25c77d47201339a813745dc941b9964ee618c5f318a5b1920ca6517b584db7b3b0b125512a2163c9726
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe57c1aa.TMP
Filesize8KB
MD52e8bfa199a8072710f1309c235a92df6
SHA11383493dfbadf7aef73a1509c7482742a0b3f33c
SHA25665425f9217007e83ef5a01426874305e55783a7d7707124bac19ac50aa0ad7b5
SHA51281aa2ff761b6a2618600d74977d6c6afce469fb35e9e607b72827addfcfd987c086e5219a523c40a353cd5ac3be0712e161d9281f3e67c10994270933090a1b6
-
Filesize
522KB
MD5e31f5136d91bad0fcbce053aac798a30
SHA1ee785d2546aec4803bcae08cdebfd5d168c42337
SHA256ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
SHA512a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6
-
Filesize
99KB
MD57a2b8cfcd543f6e4ebca43162b67d610
SHA1c1c45a326249bf0ccd2be2fbd412f1a62fb67024
SHA2567d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f
SHA512e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8
-
Filesize
113KB
MD575365924730b0b2c1a6ee9028ef07685
SHA1a10687c37deb2ce5422140b541a64ac15534250f
SHA256945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b
SHA512c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
5.4MB
MD584e67989f7ccd11c2b7db38f3d3443b8
SHA1c3e821de715aa7508b3273de16c9156014d81922
SHA2565eac06573fb9289a5ad1dfa8b88d2d7b79f1bd89e61c53247f8cae50143e7a2c
SHA512d0ea7235f591f31edeb7183c91fb0bb1347a9386c170c43b21e2c5fd93b7040e73e1a1a9f3ef6f83d097b1af0f9e2a9938dd59ae47588940491da25248eb7d99
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e