Overview
overview
9Static
static
7Solara.Dir...und.js
windows10-1703-x64
9Solara.Dir...dex.js
windows10-1703-x64
3Solara.Dir...DME.js
windows10-1703-x64
3Solara.Dir...dex.js
windows10-1703-x64
3Solara.Dir...DME.js
windows10-1703-x64
3Solara.Dir...dex.js
windows10-1703-x64
3Solara.Dir...dme.js
windows10-1703-x64
3Solara.Dir...dex.js
windows10-1703-x64
3Solara.Dir...DME.js
windows10-1703-x64
3Solara.Dir...dex.js
windows10-1703-x64
3Solara.Dir...DME.js
windows10-1703-x64
3Solara.Dir...onf.js
windows10-1703-x64
3Solara.Dir...ode.js
windows10-1703-x64
3Solara.Dir...ser.js
windows10-1703-x64
3Solara.Dir...bug.js
windows10-1703-x64
3Solara.Dir...dex.js
windows10-1703-x64
3Solara.Dir...log.js
windows10-1703-x64
3Solara.Dir...ode.js
windows10-1703-x64
3Solara.Dir...dme.js
windows10-1703-x64
3Solara.Dir...dex.js
windows10-1703-x64
3Solara.Dir...DME.js
windows10-1703-x64
3Solara.Dir...dex.js
windows10-1703-x64
3Solara.Dir...DME.js
windows10-1703-x64
3Solara.Dir...dex.js
windows10-1703-x64
3Solara.Dir...DME.js
windows10-1703-x64
3Solara.Dir...dex.js
windows10-1703-x64
3Solara.Dir...dex.js
windows10-1703-x64
3Solara.Dir...dex.js
windows10-1703-x64
3Solara.Dir...val.js
windows10-1703-x64
3Solara.Dir...dex.js
windows10-1703-x64
3Solara-mai...er.exe
windows10-1703-x64
9Solara-mai...ing.js
windows10-1703-x64
3Resubmissions
10-06-2024 21:47
240610-1nn9ga1hqa 910-06-2024 21:44
240610-1lmb4a1gqe 910-06-2024 21:40
240610-1jlmsascln 9Analysis
-
max time kernel
141s -
max time network
168s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
10-06-2024 21:44
Behavioral task
behavioral1
Sample
Solara.Dir/Monaco/fileaccess/node_modules/call-bind/test/callBound.js
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Solara.Dir/Monaco/fileaccess/node_modules/call-bind/test/index.js
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
Solara.Dir/Monaco/fileaccess/node_modules/content-disposition/README.js
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
Solara.Dir/Monaco/fileaccess/node_modules/content-disposition/index.js
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
Solara.Dir/Monaco/fileaccess/node_modules/content-type/README.js
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
Solara.Dir/Monaco/fileaccess/node_modules/content-type/index.js
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
Solara.Dir/Monaco/fileaccess/node_modules/cookie-signature/Readme.js
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
Solara.Dir/Monaco/fileaccess/node_modules/cookie-signature/index.js
Resource
win10-20240404-en
Behavioral task
behavioral9
Sample
Solara.Dir/Monaco/fileaccess/node_modules/cookie/README.js
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
Solara.Dir/Monaco/fileaccess/node_modules/cookie/index.js
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
Solara.Dir/Monaco/fileaccess/node_modules/debug/README.js
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
Solara.Dir/Monaco/fileaccess/node_modules/debug/karma.conf.js
Resource
win10-20240404-en
Behavioral task
behavioral13
Sample
Solara.Dir/Monaco/fileaccess/node_modules/debug/node.js
Resource
win10-20240404-en
Behavioral task
behavioral14
Sample
Solara.Dir/Monaco/fileaccess/node_modules/debug/src/browser.js
Resource
win10-20240404-en
Behavioral task
behavioral15
Sample
Solara.Dir/Monaco/fileaccess/node_modules/debug/src/debug.js
Resource
win10-20240404-en
Behavioral task
behavioral16
Sample
Solara.Dir/Monaco/fileaccess/node_modules/debug/src/index.js
Resource
win10-20240404-en
Behavioral task
behavioral17
Sample
Solara.Dir/Monaco/fileaccess/node_modules/debug/src/inspector-log.js
Resource
win10-20240404-en
Behavioral task
behavioral18
Sample
Solara.Dir/Monaco/fileaccess/node_modules/debug/src/node.js
Resource
win10-20240404-en
Behavioral task
behavioral19
Sample
Solara.Dir/Monaco/fileaccess/node_modules/depd/Readme.js
Resource
win10-20240404-en
Behavioral task
behavioral20
Sample
Solara.Dir/Monaco/fileaccess/node_modules/depd/index.js
Resource
win10-20240404-en
Behavioral task
behavioral21
Sample
Solara.Dir/Monaco/fileaccess/node_modules/destroy/README.js
Resource
win10-20240404-en
Behavioral task
behavioral22
Sample
Solara.Dir/Monaco/fileaccess/node_modules/destroy/index.js
Resource
win10-20240404-en
Behavioral task
behavioral23
Sample
Solara.Dir/Monaco/fileaccess/node_modules/ee-first/README.js
Resource
win10-20240404-en
Behavioral task
behavioral24
Sample
Solara.Dir/Monaco/fileaccess/node_modules/ee-first/index.js
Resource
win10-20240404-en
Behavioral task
behavioral25
Sample
Solara.Dir/Monaco/fileaccess/node_modules/encodeurl/README.js
Resource
win10-20240404-en
Behavioral task
behavioral26
Sample
Solara.Dir/Monaco/fileaccess/node_modules/encodeurl/index.js
Resource
win10-20240404-en
Behavioral task
behavioral27
Sample
Solara.Dir/Monaco/fileaccess/node_modules/es-define-property/index.js
Resource
win10-20240404-en
Behavioral task
behavioral28
Sample
Solara.Dir/Monaco/fileaccess/node_modules/es-define-property/test/index.js
Resource
win10-20240404-en
Behavioral task
behavioral29
Sample
Solara.Dir/Monaco/fileaccess/node_modules/es-errors/eval.js
Resource
win10-20240404-en
Behavioral task
behavioral30
Sample
Solara.Dir/Monaco/fileaccess/node_modules/es-errors/index.js
Resource
win10-20240404-en
Behavioral task
behavioral31
Sample
Solara-main/Files/SolaraBootstrapper.exe
Resource
win10-20240404-en
Behavioral task
behavioral32
Sample
Solara-main/Storage/Drawing.js
Resource
win10-20240404-en
General
-
Target
Solara.Dir/Monaco/fileaccess/node_modules/call-bind/test/callBound.js
-
Size
2KB
-
MD5
6c09da27d70f11be33c5bc1d70fe5860
-
SHA1
b21805be0c0db457d1364abe0103ba75a56fe66f
-
SHA256
67da6de7ea66108ea3f035648b367cb8bf7dac8148b798a54b5b9de8f7f6ef65
-
SHA512
8dd6654332b5660d787616252ca231283a6406dae97e8f07e88ffacc2f8a0b38c0bfe1aee5c5a734b4cb507ea51357cef2bfe226f4cab09d57c74d053f80c126
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Processes:
resource yara_rule behavioral1/memory/2408-402-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/2408-405-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/2408-404-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/2408-403-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/2408-410-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/2408-431-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/2408-433-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/2408-434-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/2408-436-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/2408-447-0x0000000180000000-0x0000000180E54000-memory.dmp themida -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
Processes:
flow ioc 127 raw.githubusercontent.com 128 raw.githubusercontent.com 129 raw.githubusercontent.com -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exepid process 2408 cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Drops file in Windows directory 3 IoCs
Processes:
taskmgr.exechrome.exedescription ioc process File created C:\Windows\rescache\_merged\4183903823\2290032291.pri taskmgr.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri chrome.exe File created C:\Windows\rescache\_merged\1601268389\715946058.pri taskmgr.exe -
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133625295462331444" chrome.exe -
Modifies registry class 36 IoCs
Processes:
chrome.exechrome.exetaskmgr.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" chrome.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell chrome.exe Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff chrome.exe Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 chrome.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193" chrome.exe Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic" chrome.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance chrome.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 chrome.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "8" chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" chrome.exe Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" chrome.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings chrome.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings taskmgr.exe Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" chrome.exe Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" chrome.exe Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff chrome.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8 chrome.exe Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 chrome.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9 chrome.exe Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" chrome.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings chrome.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU chrome.exe Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 chrome.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 chrome.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell chrome.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg chrome.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "9" chrome.exe -
Suspicious behavior: EnumeratesProcesses 40 IoCs
Processes:
chrome.exeSolaraBootstrapper.exetaskmgr.exepid process 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 2392 SolaraBootstrapper.exe 2392 SolaraBootstrapper.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
chrome.exepid process 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeCreatePagefilePrivilege 1348 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exetaskmgr.exepid process 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
chrome.exetaskmgr.exepid process 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe 4728 taskmgr.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
chrome.exepid process 1584 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 1348 wrote to memory of 4716 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4716 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1312 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1904 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 1904 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe PID 1348 wrote to memory of 4252 1348 chrome.exe chrome.exe
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\call-bind\test\callBound.js1⤵PID:3192
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.3.1951534795\1083395866" -childID 2 -isForBrowser -prefsHandle 1300 -prefMapHandle 1292 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4d71b2c-4d00-4db7-b8ad-533103ea304c} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 3180 17f2cb67858 tab1⤵PID:2984
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.4.1929205576\1757926441" -childID 3 -isForBrowser -prefsHandle 3772 -prefMapHandle 3768 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cad2b99-edd3-4bde-8243-7273c63f92b5} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 3748 17f3cb5b458 tab1⤵PID:3244
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.5.259881378\1439843055" -childID 4 -isForBrowser -prefsHandle 4380 -prefMapHandle 4376 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e17eeaa-3c8a-4e85-84c5-9cfca43919df} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 4392 17f3a384b58 tab1⤵PID:2464
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.6.301792139\1708896550" -childID 5 -isForBrowser -prefsHandle 4400 -prefMapHandle 4404 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09a326bc-ceb5-4227-b8e4-6de45c127a4f} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 4472 17f3c786b58 tab1⤵PID:1708
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.7.239480728\1892500372" -childID 6 -isForBrowser -prefsHandle 4780 -prefMapHandle 4708 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b6aab8b-44db-406d-885a-0864c38ee27a} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 4828 17f3c785958 tab1⤵PID:2100
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.8.1508080423\1092182627" -childID 7 -isForBrowser -prefsHandle 4276 -prefMapHandle 5164 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25d34f80-1e33-491a-8577-d2c597967de4} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 5152 17f2cb5fe58 tab1⤵PID:812
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1348 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff815e59758,0x7ff815e59768,0x7ff815e597782⤵PID:4716
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:22⤵PID:1312
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:82⤵PID:1904
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:82⤵PID:4252
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:12⤵PID:4496
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:12⤵PID:1616
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4504 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:12⤵PID:1088
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:82⤵PID:3132
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:82⤵PID:4204
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4944 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:82⤵PID:700
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4948 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:82⤵PID:2332
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:82⤵PID:688
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:82⤵PID:3184
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5000 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:12⤵PID:2752
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4728 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:12⤵PID:3124
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4724 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:12⤵PID:4424
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5380 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:12⤵PID:1528
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5584 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:82⤵PID:3132
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5728 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:12⤵PID:1516
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5864 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:82⤵PID:2700
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5376 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:82⤵PID:5072
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6164 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:82⤵PID:2448
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4632 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:12⤵PID:2940
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5992 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:12⤵PID:3296
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:82⤵PID:3860
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:82⤵PID:4800
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:82⤵PID:4792
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1816,i,2474755365009512961,2550021924900164269,131072 /prefetch:82⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1584
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2776
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1740
-
C:\Users\Admin\Downloads\Solara-main\Solara-main\Files\SolaraBootstrapper.exe"C:\Users\Admin\Downloads\Solara-main\Solara-main\Files\SolaraBootstrapper.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2392 -
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2408
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4728
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD510e4bf035a6037f98da98ee342cf2bc3
SHA199829c391e0bf8301edee688d4f3c4caaee57dd2
SHA25605bc81b0a812f37f74a2c5a97cc64e17db2f2687279cd6eaf7551e79c62b2f98
SHA51218b7d44a966c4ec537de306a1fecc8abca806a95ffd8e2ab91df80cfc946b69df5bbb214b3304c169065c9ab3dde0f56789f7d514f44537cdc095adbd7de038e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD5890b543278cf6a67edb786753e4d7c58
SHA13ec95367e4ef73891b8cebaae51b7006c96fea33
SHA2562142e4cc9db322f1e9207258df4cc502b775eb709d1f86ed0a689e479b42e627
SHA512a7ea37a63a6e6f441e705f57d495c67e32e344588c23416056aec121df95a95af3e7d3d1eafe99aa85c191bd82d62b11169242053e5497d8fd9c09fff2bf06f0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5d1652ae2a75085c2a115f1c92eea7712
SHA157707d445a8547863bc311941d0094afd799b419
SHA25662c6d0d3c8c779540ee265d59ec931e3c47cbe08dd213cacf7d2d7db095d9299
SHA512f955ff12d1f5e033430a1b90e9bbe0d574daf8dd5de3347ab6c67a5e48f21c021d617e90fb22b503a2e0ac6f8f6e139c81c2511cb02d1dc28ee5913035993342
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
705B
MD576b38491e25a2a61bca3ed823159bef9
SHA134e0e2d84591acb7d9776cb95a52a52ceae7b405
SHA256f228714396d5a0284154c4431b1037c183479aee2bdd945e7cf2b68f5396328d
SHA51269ebf1fd644b1dd94a9d583a1dae0066f50f1c9b8a25a422ed10cdccdb7bcdbba41ff3873077ab5762d118c3232048981135666e80fe5916e0e09eb945449e41
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
872B
MD5413e60626130259223e516e024d02a7c
SHA17a425678a76e3a75d33740818251dff94aac0e67
SHA2567debc1d89c284912efee7ae80c49fb935d798e9831f5367013d05a75de8745cf
SHA512f768a08d94a725c27af5dd771036815af59229feddc156b9f1cedbaa81a01166fb7772b3b681c59c399b6af8a00464594f9aa820f307b3b974c8b567369196e1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5f7f0d5393f488eaf56194cf39c83e70a
SHA137969f2897a1255ebe469ac6394cf03d91d59601
SHA2562cb72fb830ae76568a732d1a746f1f4deb25b5302bcc8e180619f12f94b928fc
SHA512cb3585007b9d83d32a432daad1a48956ce7d4097e3201cfed7649d9ce66aaa8678daf5012564b21c41e935dcb6906fc8f8f249c7796559e9b54fd64d742d32be
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD56d014d378a01a952e6be8a7f4bff22eb
SHA1f77d647e5c9334f8a7c3ebffa9bea20e2ca5126f
SHA2567e0c49971bcc608b86dc565e14b5260a0c8715d06897b8d7714bf8419932792a
SHA512feab9d116818bd7f742981a58def3e3c9aa9708d969d17d68ff6f972af37a18282b1d22f6f25710dd5c6239d1eaf12abe8196e0ad8222c90a23ae1ef048893ef
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5f8a7ca96ae09b174e74dfe14978b6fa4
SHA17c5f78d606015d7915f965035c6fe590713650b2
SHA25674ef1463e2dd2e174208ca87d311c48683acd0d8b71e625e39b3c1855f23d6a2
SHA5124b4fd06a3d4f2126f190ca602f0d7cc86d2475e69b67387a9e1e2e6be7766efa0d23d64b829fbd921c79b83831ae4a1f2393f7ee32e19ca7bf0cf2d303487ca1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD58839afc6ded7de4355ed5edac9f5eea5
SHA19e0392aeb79bbad84b2fa486a6ddd60370296370
SHA2566bbd35cf19e9dc9f9b39b47edcb991c3f9b4b91affc48197f94a09ff1ad59b63
SHA51203914b88af060854a65d3c251285f076fa76d52be7cba8e23a75cf437004cba98c429f172fc60f7c820444476de3f2a59a7978a3654cf088001c4f764faf6dbf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD55d0ccbcd72ae5bca651fa058d0c48405
SHA1f4eb919e1569380acfbd87d16b68d1865e3d5e97
SHA256f887231af48e0689b72fac2c40b92f6bb44537d09b5502a3dae2bb4a1f5ef274
SHA5120b9581288e5a7facfb25a169a2d52c0ed1c874dabb85b244f39138ce9e2fd9b3f24764cdc71bb7a9ec60255cbe19246a075021c24dec2dd67e7b733a23a18f93
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD57e39b5ff02694467584bc934174fe2a2
SHA15071bad1c7441ee3bee5ffc13551921d4fcd3a9a
SHA2563051b04ecd232985881ec9c452bbc008b1d0e1cbbf61ef5b865c9f0408a47883
SHA512c972e7d7f9afa398899deebd18d5dba1c3263f02968923cb54eabec647d7a65927df61fd50231fdb5ddd2a125f26d6a2ab4de90e5d9c8cb9d15e0bf5a7ab70fe
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
280KB
MD54c31159602f2db4fa41d0c162c103a88
SHA1c8110041f219722b5f6ce3de3b88503dc2044e1a
SHA2562cbc99ae36650631374a5b69e8d4c296eaa97d1d79b9c744760536906795d89a
SHA512914ac0c692679d78f10bdb5d1db13870a4c839bbcf65d33f2221d3387608ef00ad0c8e1cea66980cf58cff9e51c4a3cfd632d3ec4b7505d8b0f28e6f62dd8cf6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
280KB
MD5fe84c35e06dcd97d8032f1b60602d3a5
SHA1e802e7d88da53365abda1c844f1efbaaaab4e39b
SHA256ee48f62335d9a7d2ce7b1511d64d7d1ee269040135eb636433e005f94a37a9b3
SHA512155404a0509158fc479ba4ee71ab18e502420fddc815269e40556323307b820646ebae756bdbbb876acdd6bc63eac9c2b2e6a62b9ce155612e590b31b8bfcaa2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
108KB
MD548b8e976f804e0de2d041d91577ec8a9
SHA14131e8a1cd86812293f1a538a1479ef8f3093366
SHA256e48a188ad1a1231c568ed650985305bca96e6a26013c2db4527b65ab635f6538
SHA5124e755684322540bf50a76f25225cde7cd6c944be82caa78e8d9f711d5c9d3bbe6264b17d252048e016a1e32e2bba74e9cb79b7959c46c964e3c1286b92895699
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe591f17.TMPFilesize
92KB
MD5a999d87533d91c4a1f02c9e9f90bbdfb
SHA1425c75fa35c8a87ccd1c5494edad3419a6ffc544
SHA256775ada7eef7cf78e270e519a6f485157d62f1d08417ee0af8939973ee0e37013
SHA51204d6ef18de1b8087a73a83104df4d3631c8eead80e73ec8a59a79de2d7a91acfcea12c135d0233a74561a63e8a644a04d3138604e0974860c945b57b06542da8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txtFilesize
55B
MD5207dfbf4b0c00c10469fb451fb3a4ff5
SHA1a238d43038b0d157de0788ea2111c3e01ea870dc
SHA25699a77b9eea94ffcdb497d1446269cb51264a1e1fa94d26875281e1142b44176f
SHA512bb3042b260c30c8901ad9ec85fc1b87f0d3f37dd1e656fe8bfe477dd7b07bf31e38eb67bb6b632af39d3b13277d3795ef578dcfeaee2406dc846aefd5478cbc0
-
C:\Users\Admin\Downloads\Solara-main.zipFilesize
14.6MB
MD56b1d4d347523de7994c30aafa136b758
SHA1a900b7520ffabcd764293f15f0a31b5acf501368
SHA256bba9ee471147935cf964828b3b3c34baa045207b4fbe1c96743943f8cf71375c
SHA512e2c7d690856371c378827a986e80fc9c5cca951d1d8df7ab18956140f97b4bb7c255dac4c0da8b8f73a67c7572f15ac5cb0398054d9448febb36de61404aa5aa
-
\??\pipe\crashpad_1348_MKUUPKRTNSONXGMHMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2392-392-0x0000000000A30000-0x0000000000A3A000-memory.dmpFilesize
40KB
-
memory/2408-397-0x000001BF77600000-0x000001BF776B8000-memory.dmpFilesize
736KB
-
memory/2408-402-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/2408-405-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/2408-404-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/2408-403-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/2408-399-0x000001BF77540000-0x000001BF7754E000-memory.dmpFilesize
56KB
-
memory/2408-407-0x000001BF77B10000-0x000001BF77B18000-memory.dmpFilesize
32KB
-
memory/2408-408-0x000001BF77BE0000-0x000001BF77C18000-memory.dmpFilesize
224KB
-
memory/2408-409-0x000001BF77BC0000-0x000001BF77BCE000-memory.dmpFilesize
56KB
-
memory/2408-411-0x00007FF8133F0000-0x00007FF813414000-memory.dmpFilesize
144KB
-
memory/2408-410-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/2408-398-0x000001BF77730000-0x000001BF777AE000-memory.dmpFilesize
504KB
-
memory/2408-431-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/2408-433-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/2408-434-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/2408-436-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/2408-396-0x000001BF77C70000-0x000001BF781AC000-memory.dmpFilesize
5.2MB
-
memory/2408-447-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/2408-395-0x000001BF5CF10000-0x000001BF5CF2A000-memory.dmpFilesize
104KB