Malware Analysis Report

2024-10-10 08:09

Sample ID 240610-1nn9ga1hqa
Target Solara-main (2).zip
SHA256 bba9ee471147935cf964828b3b3c34baa045207b4fbe1c96743943f8cf71375c
Tags
execution themida evasion trojan
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

bba9ee471147935cf964828b3b3c34baa045207b4fbe1c96743943f8cf71375c

Threat Level: Likely malicious

The file Solara-main (2).zip was found to be: Likely malicious.

Malicious Activity Summary

execution themida evasion trojan

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Themida packer

Checks BIOS information in registry

Loads dropped DLL

Executes dropped EXE

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Command and Scripting Interpreter: JavaScript

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 21:48

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:46

Platform

win10-20240404-en

Max time kernel

611s

Max time network

1605s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\es-errors\eval.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\es-errors\eval.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:39

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1602s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\cookie\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\cookie\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 25.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:39

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1604s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\cookie\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\cookie\index.js

Network

Country Destination Domain Proto
US 52.111.227.14:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:41

Platform

win10-20240404-en

Max time kernel

314s

Max time network

1608s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\debug\src\debug.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\debug\src\debug.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 34.197.79.40.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.110.63.41.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:41

Platform

win10-20240404-en

Max time kernel

517s

Max time network

1588s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\debug\src\node.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\debug\src\node.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.110.63.41.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:42

Platform

win10-20240404-en

Max time kernel

872s

Max time network

1600s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\ee-first\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\ee-first\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp
US 8.8.8.8:53 48.110.63.41.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:42

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1576s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\ee-first\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\ee-first\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 235.17.178.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:43

Platform

win10-20240404-en

Max time kernel

524s

Max time network

1587s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\es-define-property\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\es-define-property\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:36

Platform

win10-20240404-en

Max time kernel

314s

Max time network

1588s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\content-disposition\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\content-disposition\README.js

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.73.50.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:36

Platform

win10-20240404-en

Max time kernel

486s

Max time network

1608s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\content-type\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\content-type\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:39

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1596s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\debug\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\debug\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:41

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1596s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\debug\src\inspector-log.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\debug\src\inspector-log.js

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:46

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1582s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\es-define-property\test\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\es-define-property\test\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 200.64.52.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:50

Platform

win10-20240404-en

Max time kernel

1796s

Max time network

1580s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Solara-main\Files\SolaraBootstrapper.exe"

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara-main\Files\SolaraBootstrapper.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Solara-main\Files\SolaraBootstrapper.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Solara-main\Files\SolaraBootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\Solara-main\Files\SolaraBootstrapper.exe"

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:51256 tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp
N/A 127.0.0.1:51333 tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:51396 tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:51459 tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:51522 tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:51585 tcp

Files

memory/1340-0-0x00000000733CE000-0x00000000733CF000-memory.dmp

memory/1340-1-0x0000000000A70000-0x0000000000A7A000-memory.dmp

memory/1340-2-0x0000000002CE0000-0x0000000002CEA000-memory.dmp

memory/1340-3-0x00000000733C0000-0x0000000073AAE000-memory.dmp

memory/1340-5-0x0000000005C10000-0x0000000005C22000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc

MD5 d0104f79f0b4f03bbcd3b287fa04cf8c
SHA1 54f9d7adf8943cb07f821435bb269eb4ba40ccc2
SHA256 997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a
SHA512 daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc

MD5 c2ab942102236f987048d0d84d73d960
SHA1 95462172699187ac02eaec6074024b26e6d71cff
SHA256 948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a
SHA512 e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc

MD5 c28b0fe9be6e306cc2ad30fe00e3db10
SHA1 af79c81bd61c9a937fca18425dd84cdf8317c8b9
SHA256 0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641
SHA512 e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE

MD5 13babc4f212ce635d68da544339c962b
SHA1 4881ad2ec8eb2470a7049421047c6d076f48f1de
SHA256 bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400
SHA512 40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

MD5 f8f4522d11178a26e97e2046f249dfa7
SHA1 8b591d9a37716e235260fb6b3f601e4ccbebf15d
SHA256 3c372a8919c28dc76414b2f30da423c3e1018b1a8444527949ce20cc3fc93ed0
SHA512 52ea881cad501cf1d5e8ac47355e862ac1bd39cb6e1ff3d362d392b6f2d676e74878832505d17a552aaa3bc8f3977da11fa3f9903722eedd23716fb46ddb7492

memory/4788-1465-0x00007FFAA4D43000-0x00007FFAA4D44000-memory.dmp

memory/4788-1466-0x00000292B7580000-0x00000292B759A000-memory.dmp

memory/1340-1467-0x00000000733C0000-0x0000000073AAE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll

MD5 aead90ab96e2853f59be27c4ec1e4853
SHA1 43cdedde26488d3209e17efff9a51e1f944eb35f
SHA256 46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512 f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

memory/4788-1469-0x00007FFAA4D40000-0x00007FFAA572C000-memory.dmp

memory/4788-1470-0x00000292D20F0000-0x00000292D262C000-memory.dmp

memory/4788-1471-0x00000292D1C70000-0x00000292D1D28000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll

MD5 851fee9a41856b588847cf8272645f58
SHA1 ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA256 5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512 cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

memory/4788-1473-0x00000292D1D30000-0x00000292D1DAE000-memory.dmp

memory/4788-1475-0x00000292D1B70000-0x00000292D1B7E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll

MD5 34ec990ed346ec6a4f14841b12280c20
SHA1 6587164274a1ae7f47bdb9d71d066b83241576f0
SHA256 1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
SHA512 b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll

MD5 a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1 dd109ac34beb8289030e4ec0a026297b793f64a3
SHA256 79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA512 2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

memory/4788-1478-0x00007FFAA4D40000-0x00007FFAA572C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll

MD5 987175c463ec9a5e76bab033cea9d859
SHA1 ceed36975f4583a34c26150e045a97f5f019e769
SHA256 24fca8dd76effd975d230f55eb107e1be6c03d658410274fe6340a2b3ec9075c
SHA512 9851d254fef3fdfcd7b188893a9a547ed3f08eee82a72c273f13beb7d075beecd32e3c5c51f9e3135d7060fca71a2bf79dbdbb1a136549a9e408a6214feaa000

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll

MD5 e31f5136d91bad0fcbce053aac798a30
SHA1 ee785d2546aec4803bcae08cdebfd5d168c42337
SHA256 ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
SHA512 a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\VCRUNTIME140.dll

MD5 7a2b8cfcd543f6e4ebca43162b67d610
SHA1 c1c45a326249bf0ccd2be2fbd412f1a62fb67024
SHA256 7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f
SHA512 e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

memory/4788-1487-0x0000000180000000-0x0000000180E54000-memory.dmp

\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll

MD5 75365924730b0b2c1a6ee9028ef07685
SHA1 a10687c37deb2ce5422140b541a64ac15534250f
SHA256 945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b
SHA512 c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

memory/4788-1488-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1490-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1489-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt

MD5 f5dded5b39ba125ea8835206bca22024
SHA1 6cb4116554cbfa0002214a0d8d01481fcfa5f8e1
SHA256 1a45ffff07247ec22a7009b946c71334bb6686f0142aae41c758267cf7c7a7a3
SHA512 cadf474cb8424c267324475706c3d95f36985c056ad460fb8c78a756f2d8ecb4287be2a411b7f48c80db222b11a2dc35d5addaf254403f70afb8845e994a7726

memory/4788-1492-0x00000292D69A0000-0x00000292D69A8000-memory.dmp

memory/4788-1493-0x00000292D6BB0000-0x00000292D6BE8000-memory.dmp

memory/4788-1494-0x00000292D6DB0000-0x00000292D6DBE000-memory.dmp

memory/4788-1496-0x00007FFAB4B20000-0x00007FFAB4B44000-memory.dmp

memory/4788-1495-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1499-0x00007FFAA4D43000-0x00007FFAA4D44000-memory.dmp

memory/4788-1497-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1500-0x00007FFAA4D40000-0x00007FFAA572C000-memory.dmp

memory/4788-1501-0x00007FFAA4D40000-0x00007FFAA572C000-memory.dmp

memory/4788-1502-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1503-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1505-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1507-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1509-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1511-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1513-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1515-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1517-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1519-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1521-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1523-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1525-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1527-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1529-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1531-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1533-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1535-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1537-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1539-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1541-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1543-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1545-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1547-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1549-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1551-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1553-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1555-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/4788-1557-0x0000000180000000-0x0000000180E54000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:18

Platform

win10-20240404-en

Max time kernel

1801s

Max time network

1807s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\call-bind\test\callBound.js

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A

Command and Scripting Interpreter: JavaScript

execution

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133625297324202768" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Solara-main.zip\Solara-main\Files\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Solara-main.zip\Solara-main\Files\SolaraBootstrapper.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4632 wrote to memory of 4152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4632 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\call-bind\test\callBound.js

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff967049758,0x7ff967049768,0x7ff967049778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5012 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4800 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5328 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5208 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5820 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3048 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6176 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6328 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6200 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6396 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6300 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6728 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6828 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6872 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_Solara-main.zip\Solara-main\Files\SolaraBootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Solara-main.zip\Solara-main\Files\SolaraBootstrapper.exe"

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4388 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6076 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3048 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6924 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3216 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1500 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5444 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=2248 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5744 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3216 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1880,i,10315407201461375504,17998767276393990301,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 id.google.com udp
GB 142.250.200.35:443 id.google.com tcp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 142.250.179.238:443 play.google.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
GB 142.250.200.35:443 id.google.com udp
US 8.8.8.8:53 gofile-co-uk.webpkgcache.com udp
GB 216.58.212.225:443 gofile-co-uk.webpkgcache.com tcp
GB 216.58.212.225:443 gofile-co-uk.webpkgcache.com udp
US 8.8.8.8:53 225.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 gofile.io udp
FR 51.38.43.18:443 gofile.io tcp
US 8.8.8.8:53 18.43.38.51.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
FR 151.80.29.83:443 api.gofile.io tcp
US 8.8.8.8:53 83.29.80.151.in-addr.arpa udp
US 8.8.8.8:53 s.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:50213 tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.69.250.142.in-addr.arpa udp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp
FR 151.80.29.83:443 api.gofile.io tcp
US 8.8.8.8:53 store9.gofile.io udp
US 8.8.8.8:53 store3.gofile.io udp
US 8.8.8.8:53 store1.gofile.io udp
US 8.8.8.8:53 store10.gofile.io udp
US 206.168.190.239:443 store9.gofile.io tcp
FR 31.14.70.252:443 store10.gofile.io tcp
FR 45.112.123.227:443 store1.gofile.io tcp
US 136.175.10.233:443 store3.gofile.io tcp
US 8.8.8.8:53 252.70.14.31.in-addr.arpa udp
US 8.8.8.8:53 227.123.112.45.in-addr.arpa udp
US 8.8.8.8:53 239.190.168.206.in-addr.arpa udp
US 8.8.8.8:53 233.10.175.136.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 mail.google.com udp
GB 142.250.187.229:443 mail.google.com tcp
GB 142.250.187.229:443 mail.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 229.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.212.241:443 csp.withgoogle.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 241.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 142.250.187.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
GB 142.250.187.238:443 clients2.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 lh3.google.com udp
GB 172.217.16.238:443 lh3.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 142.250.187.202:443 ogads-pa.clients6.google.com tcp
GB 216.58.213.10:443 waa-pa.clients6.google.com tcp
GB 142.250.187.202:443 ogads-pa.clients6.google.com udp
GB 216.58.213.10:443 waa-pa.clients6.google.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
GB 216.58.213.10:443 waa-pa.clients6.google.com udp
US 8.8.8.8:53 addons-pa.clients6.google.com udp
GB 172.217.16.234:443 addons-pa.clients6.google.com tcp
GB 172.217.16.234:443 addons-pa.clients6.google.com udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 mail-ads.google.com udp
GB 172.217.16.229:443 mail-ads.google.com tcp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
GB 172.217.16.229:443 mail-ads.google.com tcp
GB 142.250.200.42:443 peoplestackwebexperiments-pa.clients6.google.com tcp
US 8.8.8.8:53 people-pa.clients6.google.com udp
GB 142.250.200.42:443 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 contacts.google.com udp
GB 142.250.200.14:443 contacts.google.com tcp
US 8.8.8.8:53 229.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 taskassist-pa.clients6.google.com udp
US 8.8.8.8:53 subscriptionsfirstparty-pa.clients6.google.com udp
GB 142.250.179.234:443 subscriptionsfirstparty-pa.clients6.google.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
GB 142.250.187.229:443 mail.google.com tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
SG 74.125.130.94:443 beacons2.gvt2.com tcp
SG 74.125.130.94:443 beacons2.gvt2.com tcp
SG 74.125.130.94:443 beacons2.gvt2.com udp
US 8.8.8.8:53 94.130.125.74.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.238:443 ogs.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 142.250.179.238:443 play.google.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
N/A 127.0.0.1:51500 tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 192.178.49.195:443 beacons.gvt2.com tcp
US 192.178.49.195:443 beacons.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 195.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 142.250.179.234:443 waa-pa.clients6.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 142.250.178.10:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
GB 142.250.178.10:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 142.250.178.10:443 signaler-pa.clients6.google.com udp
US 216.239.32.116:443 beacons4.gvt2.com udp
N/A 127.0.0.1:51621 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
GB 142.250.178.10:443 signaler-pa.clients6.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 142.250.178.10:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 142.250.187.202:443 waa-pa.clients6.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 142.250.179.238:443 play.google.com udp
N/A 127.0.0.1:51740 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.200.42:443 waa-pa.clients6.google.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 142.250.178.10:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.10:443 signaler-pa.clients6.google.com udp
GB 142.250.178.14:443 google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 192.178.49.195:443 beacons.gvt2.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 142.250.178.10:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 mail.google.com udp
GB 142.250.187.229:443 mail.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.178.10:443 signaler-pa.clients6.google.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:51854 tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.178.10:443 signaler-pa.clients6.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.213.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 142.250.179.234:443 waa-pa.clients6.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 192.178.49.195:443 beacons.gvt2.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 142.250.179.234:443 signaler-pa.clients6.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.179.234:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
DE 142.250.181.195:443 beacons2.gvt2.com udp
US 8.8.8.8:53 195.181.250.142.in-addr.arpa udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
DE 142.250.181.195:443 beacons2.gvt2.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:51973 tcp
GB 142.250.179.234:443 signaler-pa.clients6.google.com udp
GB 142.250.179.234:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 142.250.200.10:443 waa-pa.clients6.google.com udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 216.58.212.234:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
GB 216.58.212.234:443 signaler-pa.clients6.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp

Files

\??\pipe\crashpad_4632_WUGAZOHPZNOWPNXM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ee7b1816b7184dd69091ab6f0e9ab730
SHA1 14a2f605fad8fc0c4630fb34932b60c19b15e029
SHA256 4703f4f157f063726e8873f13f21ad26257e0edf615256cc4277956d79286ad3
SHA512 bcff943784369db11261efbb13419f89ae2547af272cfb9bc042ff2f6341195f3aea100b6cc110734cd68bd1edae3fb592161b7a229cba8c0c15a70557e020dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5f9752e4701d139ab242f6bdf6948b25
SHA1 e76ccaa4db4242c232d02d9e8c2b307a6c2adca2
SHA256 5740351772c55183c08a90a5a0f87009e6ec2a3ccdd4304a19e2496fc1f2a905
SHA512 9d29c270cf995e80592939d9fa4caa87360fb3b05d27f0ead7b08f6f8456a934d820f61c04ce597b1f172abfcf4098eee8b4fb45d986338a718bf7837afbe185

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 86b88e5bf972e5b609b5b5ac3350b9a0
SHA1 a512a5d01f60339e8013e315b5704e4ae44459bb
SHA256 0c1724e6f981bbffe1bc72702c9b4e2c16e082aa8893289ad8174e43dcd0e568
SHA512 e1efdc6084fb0da31ccf64171272051fac6ca7a8674332105540344b75b3b37f719f43c02934aaa46d9b1b30b0d52d5d88daef3a85937489bd73e170797b68ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ccb0dd28177383a49e7fd2c5b8a3bac0
SHA1 7e92f46dd56fd59ed180e2de9be94f4323aa74ee
SHA256 29cf15421f36fa5bb17527611377bae317976087a4d210f1531d25033773fcc0
SHA512 30e648c87e802cdb1b524ee836efd5d3a88d2a599e86f39672193f82091dd85103c26a4eb3bdabde063f2a5790606bbc50ba935b7097e60762d095574c7d9177

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b500404aec2271c672c612890ab78c21
SHA1 c76e71558f0002b5f1c646bcd7a8c89eaa4f7316
SHA256 8af16e6d087b0441a4a6e4f0ff65dee0ed41f4f1101ac8b510d68350ef2aa84b
SHA512 51505b0b5365206ef4bdc9aa1f0b5bf89150ec06376cb5152528a6858262448d699a5f9bfcde79efffb6cd0ed956311ff6e334928f67479940d763734dc020a5

C:\Users\Admin\Downloads\Solara-main.zip.crdownload

MD5 6b1d4d347523de7994c30aafa136b758
SHA1 a900b7520ffabcd764293f15f0a31b5acf501368
SHA256 bba9ee471147935cf964828b3b3c34baa045207b4fbe1c96743943f8cf71375c
SHA512 e2c7d690856371c378827a986e80fc9c5cca951d1d8df7ab18956140f97b4bb7c255dac4c0da8b8f73a67c7572f15ac5cb0398054d9448febb36de61404aa5aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c664977c371f05ae78b2c19597f54bdc
SHA1 e482f071e7c5a29f61ff5d37b3a71f38f85b7974
SHA256 47b6003ae5712fc4d1fa0a24212791008c414c07b7b78434c0844e8a0706330b
SHA512 9bb897ba4ba5bbfc22b2e518c96cf0e8aece89e13009ac33be0083d961315b07dbd73eed83e29a73d4200161e97a5d150d214e936bb0c7d7b2695c12a7ecaa70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 476e76255b17674cd908377b0a213e88
SHA1 db741077d1a18d06b80e792e0410a285f5b66e23
SHA256 f06100a0c7c4529d44c73aeba68cddddd1fd0041dd10dc5bf7823cdbfb0c90e8
SHA512 4c2372705d34be05ad570d42fe575cceba23bdaff2106b9db3835cc4e834b2aa226d669ae3f1a66f91738b26694ef089e248fad5cfdabfd78421a6cf7d810a0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e99699612ed02bf27cb7e8adfe9c86f0
SHA1 551315652b0089a61cdef3134022e0eaf05533b3
SHA256 000e86f7a1bcbf9c79d14b92a265f5cde51a47475cc9f44203c83758276bf9bc
SHA512 bd0cef647d82fad3504c206ae58dd0757c3ddd4bc70b1dec438e7ba03797448fd9e9dae0b8700fede133520c01f379b2bb06b73eb97597916474ee41e98b7ff9

memory/4964-349-0x00000000007D0000-0x00000000007DA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58d79e.TMP

MD5 a999d87533d91c4a1f02c9e9f90bbdfb
SHA1 425c75fa35c8a87ccd1c5494edad3419a6ffc544
SHA256 775ada7eef7cf78e270e519a6f485157d62f1d08417ee0af8939973ee0e37013
SHA512 04d6ef18de1b8087a73a83104df4d3631c8eead80e73ec8a59a79de2d7a91acfcea12c135d0233a74561a63e8a644a04d3138604e0974860c945b57b06542da8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 48b8e976f804e0de2d041d91577ec8a9
SHA1 4131e8a1cd86812293f1a538a1479ef8f3093366
SHA256 e48a188ad1a1231c568ed650985305bca96e6a26013c2db4527b65ab635f6538
SHA512 4e755684322540bf50a76f25225cde7cd6c944be82caa78e8d9f711d5c9d3bbe6264b17d252048e016a1e32e2bba74e9cb79b7959c46c964e3c1286b92895699

memory/2304-361-0x00000187F53F0000-0x00000187F540A000-memory.dmp

memory/2304-362-0x00000187F7F30000-0x00000187F846C000-memory.dmp

memory/2304-363-0x00000187F7B70000-0x00000187F7C28000-memory.dmp

memory/2304-364-0x00000187F7AB0000-0x00000187F7B2E000-memory.dmp

memory/2304-365-0x00000187F7950000-0x00000187F795E000-memory.dmp

memory/2304-366-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-369-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-370-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt

MD5 cb160de810bf28a6d8c093b4d2896cc1
SHA1 1717c160e3e500a3a4b6440e5b437c6baa8e36fe
SHA256 6d821feaceabbbd4407dcf4cce233d34d89a4fb1b8b808d74a99a325eb6d2b44
SHA512 bfc42c3200d3186d605fe77f29bb5a0696fe10ddbda7609c5f1f1008ba35ee061dc92b3a5494ba3cde94da6e4fafc8e352f9a5e523cc8ce1088bb4d3ccb536ac

memory/2304-368-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-372-0x00000187F7EF0000-0x00000187F7EF8000-memory.dmp

memory/2304-373-0x00000187FCA10000-0x00000187FCA48000-memory.dmp

memory/2304-374-0x00000187FCC20000-0x00000187FCC2E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8fa120e6000b1741f5e00c97cb9fc1cd
SHA1 9307a6626cfd75675efe921bc801e4a4575a9aec
SHA256 570883cc4908b4e68517698409e7740674c8d16da84b8df2b8b0512290a00839
SHA512 b3629910164a513939bb0031890605193bc964b7a19abd5e21f707868b7e84367cbc662ec0fb5979b8a89488b41cf463a3b33096ed01a7d91f01258313d26f7b

memory/2304-381-0x00007FF968240000-0x00007FF968264000-memory.dmp

memory/2304-380-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7c0cc1e9ff69d5fd3e069f6a3e115ac7
SHA1 58b52706f97d87f018e48d9b54a55f6b818bf3f7
SHA256 734056bd9cfb346657bc277fbe8db7ce145669ce22fe15e7249de54b1f0c06f6
SHA512 3d46d32a524aa45c41225decd44394bc0021430940d899a55ad3de3f8b8ebd67203f2f2adb754d6fcc8da43afebd6d0aae077d0025ece9e387dc74d8b3dfaefb

memory/2304-403-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-405-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-406-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-409-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-411-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-413-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-417-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 744e9423abe94da3fe89215592557a5f
SHA1 fbc97c9d87e162ee9506062d7b81e66257350db0
SHA256 91d4417385bfd3327c8ea2f9c648e78914f548f070d00e540c65d7a8db1539c0
SHA512 ba27107680af0c29e9ba163a05ce3aeba2534585a980677887e015b145592d165b72a26a5f99b5f1f93322c2a26f231f82b1ab3e65aed7c63a27e2dbbb2544cc

memory/2304-429-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a268abb7e7038bd5bc44fd75ddce524c
SHA1 c032aa3769c5c9dcc34818cd061410edc0408c07
SHA256 85ad60feecbb6f91f90adfd9d833eec8b0f945d98743562961b9d1464a60d2ab
SHA512 59c8521faddd5050d092ea18ab8b07108bb2124dc8c0ded2829fc57a2f67d94c6eb1e248c6e664bae04ca16b4c6588abe40ac1a6d91915ec9170bed173de2ac4

memory/2304-440-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

MD5 fac49e161e404a2a94033d91245077d8
SHA1 fcdd095a60d94e7fedb86bf29c784007b4d7e9c7
SHA256 782fae8642551618ba67e354c7335e274ffeb931ca0c02698e5cd8ca5931a349
SHA512 0a3e34ab9bc45b40f7c2b2c26896ced8869a78992e1a8fae4d0dffd7815216a0168c19661de536b6174f168f88563185ed87929c04a7d8238250960bcf562bb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 aa12ea792026e66caab5841d4d0b9bab
SHA1 47beeba1239050999e8c98ded40f02ce82a78d3f
SHA256 65fe153a832452e97f5d484440a7047e314d3a83cb61ad2508fed48a820e1de1
SHA512 0b2b1bb8851c60c9d4ab1d039b990a4de5799c97c50b45f64e36a21849c14e785f69196f674ac225b1419d7f501338054074cab6203d041361a4fa1ed8802b27

memory/2304-539-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8fc2e249edb47428d88cc3368e68bf05
SHA1 0f972f10f2093c226c6c290d72086d75df8ec269
SHA256 d46f580935aeb42b45c5c23d74dba87e7fdb4ae481f81c20def8e9be01f04165
SHA512 ec67d90a060a50e636a1e228a6f477c15893d19c0fcb27b4737d5d044a4c1952ff3dbaef2b2177e9bb9c88231d134ed61d40113582b2b3d3ce3213c62b8f2bcc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3b15ebc25fda08983eee9b76a261992d
SHA1 1e23d0a8b452da63067be5b764c9e5e214869869
SHA256 6e983dc801568e0d30ca92e216a24d1f4fc4ba12a3ba3d2a2bbf049cba94ac2f
SHA512 a8cf31c587c183596f174fcfa304f17843fc962fe4c5f07d56d890160e9c67de3eba16f7215078d3ccaeb0ccee19fae3a7456533861deec90351229415466b75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bea372ab1bb37f2e794ae0b9c65bc655
SHA1 e9d1df65ca0a985b08aaacf954886572fc81dc60
SHA256 baf7bffbc4d740ff9703e15d44d1c9f7c27b38e386345c976cb9344d02ff86b7
SHA512 8309ec0d9dece06453c21cd7b2a3a8e76394f7cf4aa246b9853e6f847ecbf5c4a751d4abe60e57dc6f9649b467209358f61f8a5c44fc91121c88fb363e7ff9f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 93d2a4113f9870889eb313e0fbdf85b5
SHA1 45c4310cd94127d635f26c6640d39cbf179c9185
SHA256 fbe8f1242d658cc90aaff03919d812380d4418b2dc7e0e8a7530696053ffc4d3
SHA512 d226bed0bbc1b173f4545f96afc6402b1c6b0cf8ef72256cd370a6ba0b6664b9f5c1bd67cff89b88c7be5fc2acd9dc3ff44214602dd2fbd9f8a8b1aa0d2be54f

memory/2304-589-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5afd776c1fac3121e36b676be9ab05bd
SHA1 0aae3bcc149afcfd7b9993ea2ff417b449eca95c
SHA256 9ff86b9259debbb8a34c7c7976a5d40c473f1a9ff313a6c9ee10dc7fd3b1c9ec
SHA512 946afd008a55f771b5fa482ea48905e7184df447b1817d9f7b1adade3ee13ec96f9cf0ded1dccb7b87ae652e638ef2b3cd4cea725dba772f561ebffd95ee41cd

memory/2304-658-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4632_1560041193\Icons\128.png

MD5 3c32acef7f02a6b39f1225a25f0c5b6f
SHA1 01d6dab09e215c282e4b938110088edc4ef1aed4
SHA256 3049129afe676d733813472acdb588247fbe1a52ea03f5d71780233e0693b33a
SHA512 69378979b736f6b2a023480d45450b4f4b3c9127cbd0f421cda1dd0e90e4691fbdeac92fe161c3b4e758777909f84658f47eab2cda35dde06e52c5c26423d8c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d71b6163967ce8607f3a456087f9ef23
SHA1 98801ed6cf35a62182b870f14f4079080b68d95b
SHA256 e22abeab176b2906e30ec3fcc210fe4c54c9dd111ae86c89c6a4b66053ff0bb3
SHA512 802970088d65f8c3110a427b4d3555fffc12b71cd4c5226dbe40c69ac415a360736cd33e691e8b9f98bf678b2897159f4f661eaca4583027387182b9892c2ab5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 93380ce48b61ec1516487a67715bdbb4
SHA1 49d5253d9763af9381ed473bdae864f1d27b8a33
SHA256 5cd303340965f21992572a57810691ce73d7d47fe73fbf60a8861c178e451774
SHA512 21c2d2945de3e9bf0375cafd1727e62126c66a39a62718e5c5a3595cc15f5dcabe7979fc2c169bffa3a05b5e79277fc6722d580e6f3207e0ed6cc2106f466d5c

memory/2304-773-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mail.google.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 225d4e49f60a7247d7425b90b52aba55
SHA1 f07455d854957c8196c59dc78e3e70382a907586
SHA256 1b085f28d382b4381cabf3c4d56083b6ba254cc4d473e82e6bdca384271cc8eb
SHA512 646617ead5d16b1d14a08e8fdaa6f34b71b08024595c6d5cc01dfb808cc2611d83d278a93ac4b8855e1c169ed06312c6aef62e7cc86645647005cfafed5f6089

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt~RFe5aeb2c.TMP

MD5 017393496dcc308ba3111c7da58dcff1
SHA1 642bd8df456b87f5cac8bf35101ac60684eac78a
SHA256 2acd878e4a39a465a616e67a2f3b2f171b7c51bb8f094655577edea9b9b6edc2
SHA512 f9ff3f1ac96d6ae30e9b608e1efffd8c489faddcd210993f26517699e3473d651544a7d3986eeb3a54e28fde23ca2f6a8dec79f8c7250ff92a26024d5ace95db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

MD5 40cea3ae11a740496b7cae94111d57d0
SHA1 d7794af7c5b2caa9e171be44c015fc729d9a4e1a
SHA256 317fdd0b9f10708b23523a03a9fb05af227952e4a17853646b2209c65969b0a3
SHA512 0e72decef4d8c7cdbead66e065420e15a6567a3a1bb160c6fe72217986b3de23967465c6ac2c098eb770712e977c0c56dc4c15465cd1c107280873c525427ad0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 e64928be28672ec7a95f306fd86780ca
SHA1 51e0c0fde1051d27e660d9148f025bd24425463c
SHA256 fd41d5fd7c68e7d9afd93c4e2e74af69fb4c9e10b42cf8c718d9dd19b58f4d23
SHA512 71b63164e6c27e662ab2583c476d474f0f4e1028d078f9af69761a37784f9067f8e3365ed4127331ce4b2269cd3ff6015fdd402aa14a778581ac0a9f2657983f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 ed90cd2bef2748a084522a6a10a977ca
SHA1 8bbed28c703d4568f28ddf186493f379df14f0a1
SHA256 26ecb50745d41dac0166051526bfa38c30b4db9be30fb20365ef0a1d548a4a99
SHA512 43b84809c54bf0d778e5647d9de500d7c0679e8de11076db6c3e153e8c04f2c56ec14fb2ca12873cdee3cd0277fdab9e8e8611c0922e0b176b47b3d0cbc88258

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\865fcde9-844d-4c0d-944d-77559824a05a\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

memory/2304-939-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8b8f363137cb44f254ddec098953cde6
SHA1 5520cc435794a57426ffd42c1aa184b77cb72fb5
SHA256 3a3607be30279903462075940c797c38aabd4b044961bd4ad1d23ca3fa3839e2
SHA512 b91ab5d8b4225e7e74dc90400154e1843df4b1c0aa791aff5303f0d1a37a9df9448bf6a2964a7164f36047a9cdf76d5e948dc0b79a0a2b74d8b551ce5dd2545d

memory/2304-1106-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 60aa54c54d4b4ab841247b83312f8c2f
SHA1 22f61c8c9e83f9af269e27c53c930a5e82f5937a
SHA256 d89c653354387c1ce2cfea7932ae0eb5f8bb98962edd3309544dd80441fdebd1
SHA512 4ae95de485386fb48fd46dbe83d4b0c7cba86b77b7af4705300cfb1cad90cefbe2fa55ed723f21fb16b2e2892e30d797652da7f9948ed389415864d2a06ffed5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b3555.TMP

MD5 33cac73cc13299b267ae168dc1601d33
SHA1 e85e0461262d037f23d4d61c60e552f71b4f5400
SHA256 22f720bf19d592d6b380dd92c55d3d7c388c0b9c7298f91c133d0e74f674d717
SHA512 76c56068362fd067ea9ebed299329dc16cb6128919231cc181b5104e3b6e70d615dc03fdd82e881ab84da03965cc8c60ce61c621c4a08a59f502a52cfc5383e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\68a9c35a-b16e-4c37-97c5-191837ff5105\index-dir\the-real-index~RFe5b390e.TMP

MD5 e1bddcee65941f4a2c3644ce0e860fce
SHA1 b5655705d1ddf388d4d87ae377826c0c180782fb
SHA256 4889e3b29952e44afa2327d0c41428560b33ed160cb409ec0d8622aecf057929
SHA512 e42cfd2f5c5116c8e00bbc4a33ec505e365c2a1d73ba34e1e9b482cdbeae6993829b6ad11e6ff2ee970df21fc05827fa3afb29338d692641964632444a6565b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\68a9c35a-b16e-4c37-97c5-191837ff5105\index-dir\the-real-index

MD5 ae416d8fd0c395518912dedd39a2e721
SHA1 dae77f2488a57c039d76dd191ad9c290be9f2aa8
SHA256 470ecb26d9f211431107ee85184e49302177cbe1f7699b7107899523b80847d6
SHA512 1ba210d05a1a3e22299ad74f511975207e335a7de73944fd4e009b8dc8e17750dcda4ca8daab1cd6dce0ad7aaf389c69dbfeca18b880421d09883ded3f5bfcf4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\861eba53-8a2b-4ba0-be95-2e65033766b6\index-dir\the-real-index~RFe5b3b11.TMP

MD5 ee8de577f8f025e1a55ec387de66033a
SHA1 0ec897d7bc703122a7adab9ae2354bf348833adf
SHA256 d8af39db9f56d4c7d5b7770cf6ec77af9cb0d68138f984d4824d69a553756a12
SHA512 b7faccac0170bbb424f6ff18a638075bb3aa95bbf70cb7ab74ffe3bce35f25d0d17f02562bf9218ab89be0d79564a3e08cd96ac6d6a4019bb6234619f9e9803b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\861eba53-8a2b-4ba0-be95-2e65033766b6\index-dir\the-real-index

MD5 d75a06dfc8b9d7e788214b1842eb5ee0
SHA1 3c70853df662403393115f84241585cbb45f17ca
SHA256 db2077bb1fb214470290c4b1e44f78a10cc8171b2147b948d63375a9d3e28230
SHA512 59ab6cfa075d68b10aa044a93551f2528cdd859f29e48df540f1555b594f2699c1ffdeea3ea365eda16fac867d913c7d2bd5c924127f586fbc04cf4d178967a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\f76e416e-5889-4d37-849f-4ee2a01b7a86\index-dir\the-real-index~RFe5b3b50.TMP

MD5 2a2490e7e30e9903760945373999e6fa
SHA1 d29b9434151a57f6b6337aded59435f3349564ce
SHA256 ec09c8469492d8c72249b447ca84c1e4fc2fa4ed7209908b4665551b997b380b
SHA512 e8aa848d9cb92af3e3471c765dfcc8013f56f89e1e22bd9e3693698fd3aa189109541830f5cec2e5391cf2e1463dca81456485c0ab3bb244c3e5556de69f286d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\f76e416e-5889-4d37-849f-4ee2a01b7a86\index-dir\the-real-index

MD5 f779a80f22346b142c950c2fe48ef884
SHA1 26b4150637458c3dba0854cd36ef4c5ec8185a1b
SHA256 1ecf8b2eee924569871e07d83b7d9887927831e890fa5dcca8f5144d74f0d7a8
SHA512 c47e8c9b12dce780d10b19b016172bdf3afa0aed318016daec0204dac31e19d92fc9ce0404a5eb9e4df957abb8278127e5af709b4c00d6951c1f7e511b08a6aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c073908da357dbd369ae372d1fde6e1c
SHA1 d92b098d8fa3c4ce6f7aba7d7169785a9cee8fc8
SHA256 62cce5de3ccbaa889ff3f481565915f562eda81dfd88eb5cacdd4bf9204f448f
SHA512 5efe49f47b66a4c67fe2df5713cbfba2c267734cea2b28783d3486e70b5e7b1a9cc5ed2a161115c533244946b19322099899f5f1f765c08abef0c2cde82bf30a

memory/2304-1348-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2a21988f-63fe-4926-9695-dbecd1a6e225.tmp

MD5 e879390524602b796e4ad34c57d5ef6f
SHA1 38eb0570c6480fbf11dfdcb0441a5c0963db0bf0
SHA256 367492ced78382b8eb966060d8a507fff3e0c820261132afc667846ad91bc873
SHA512 2908e67390ddc64adb71b42bae555e101aa601d6b990ecedd8f2147c73a3081e7b64b84f07981226870307b7a464175d7a1333104c6c168df5549b98ce4f56e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 04a9adc760ffb883b8af6e9d9ae962c0
SHA1 eeaf0c4beb6d8cd1d457d6be447c194dcb08e8e8
SHA256 703d8d702c7bee263e2a15934be97051160edde2dfe009469cabcdc006f33a5c
SHA512 e8401585055b78c039988f49e7336681b458e5f236af92f62bcb536a44526d1e8c58063396240236cdaf1d200c6b643aa00d17b4a8a0f4345a0842355ab89a05

memory/2304-1516-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 faf94e6a64a96ad96ea9c5813d0586af
SHA1 68d62c7e172beeda893e57d214ec5e007f99ca5a
SHA256 023cad616ce47d42c1036e5390afb178357721f0d3b281b602a8aaead19e77eb
SHA512 f240312412f591ecc120f351cfe1c88a69414784bb9c7b4b5715e64f48d1a34ec6182531994fdce5a255a8654fa980f1e33ac65437215fd4e65471a601aae091

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 88e54ec88d422c185a1d1349f6d08485
SHA1 32cf42e4ed1789441072f4f59d97f753f42904d1
SHA256 ed5b96f17fa9703e0fa46781e7501c8acc9969b62c46305750b26da430a2e3ef
SHA512 b1056a27f6e3b1593df6fadb74a20f39c688259988a3200baa7132f8065e568aacd637011ddd63b8ab5428f9914a2ccbb46cfcb711ede02273cfedd8fa9359cc

memory/2304-1538-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\865fcde9-844d-4c0d-944d-77559824a05a\index-dir\the-real-index~RFe5bb9d7.TMP

MD5 d357dae654995a1db8a3bdafb2e560af
SHA1 5c9b524fb06c4476f4f953f05784508b6d6b09e6
SHA256 232e4aecc96b58ea1306ed074cfa342232467f0480af836ccd2b35e74979d6ef
SHA512 a23e07d80e64fd2a925bb0c7a9733928ffe44cc64c861b1800ad48add133dc6db814e25d1193648aa12f49b71570eaa8bff38237c14c6298ff3a5b4f09e06f3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\865fcde9-844d-4c0d-944d-77559824a05a\index-dir\the-real-index

MD5 3411aed96601912a7d5126b6ef6f5513
SHA1 f3f39dc174cbee85dff11994e586fea34f0c9928
SHA256 fd080d8d76472e71f16c016c7ed3f3a89e2f151307823900d8f93e1612543ea6
SHA512 08dd1c6d771dd194fc1aedf1fcac811e6606416c9bdf9e955ddb0bc3f22a43d44ad50fc365812f93511da6fb8663d0fb810c158d8dfa170c72aee09f6abbdf9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

MD5 bfb267a15fec05983884f1713c97b6d8
SHA1 d7821966ac33cad354be989610c31ff70275c67a
SHA256 944d319d56ca1a5af23f83ba4621d9d7e6d9123161629b15ab3ffda7604aae57
SHA512 8a0d9dc87dbb53395d2904997120d51bf9d10ca4c28e78eb4a7b2cf176a537bb91c2ad8bf73b09bc0293f0af72910054f6c974cf3c49175c82855bf12179f3a4

memory/2304-1558-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-1560-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-1562-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-1564-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-1566-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 51410b80b4689bf8f54bbe1e2f8de160
SHA1 3863a05d122a731a21e7ed713c2497172b9adb0a
SHA256 3e19bb5634ea212f66da9ee6463ba9dbb26d7cdf9dea4d8555652ade5386d6d4
SHA512 e3e3b5d3400cabba13736d7231088136282744213535e95dc9fbf27751f8d2a44c9761a0956fc76c2122a500bf08a215990bcba724f2af1faad917df1033be76

memory/2304-1577-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-1579-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-1581-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-1583-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-1589-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2ba3b95f3a3d8a6775d4857683c83a50
SHA1 a640f07763c5ea5ef34ba0bdaf0d41c1f7ec6bb2
SHA256 2c3d61ba800663a989f9c3e02a28af357e50a48e0d873d2b81c32e8c458d3b8d
SHA512 7b5d4b7c6284fd599d954168bbf8737c70a1097cc331efb687bc301d39e93886107e94573979a72eca5ca8ea5920bfe9b5435c50285619de51186672a511dc06

memory/2304-1600-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/2304-1602-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dbd12851451e5712fe3ff93ca857c956
SHA1 609ffc2272f348fa2209a954b592dbd0e575a30e
SHA256 2a26e625aee7ae88e238abc9a4464de6f314d71cf48fe4500eb2d66cca798f40
SHA512 034b1e7f0cd80b95b7778b44025ed2c7a48423f7dfb92078a7169e6121a78902b10dd555b5badf2b3576215a1ee78dc261db7ef6c77fbb5089fcb33e8fefd364

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 67c613618424b82cd0b9d2643904fa7c
SHA1 d2af7f75c37833ac7422e290e7397b73a64a1ca0
SHA256 fc36f625617e4091648d9d2d317ca0cb48de4c916aa13b92e2da334d57d41562
SHA512 3a90d9fdbab63bbec19716a3bca5b5e4343d4beec2f48b354170921ee2d6c98852c409767d59db30c9f034d182bb38d7076a8e2bdc882296380b8ba13f88ad12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\882c03dc-c340-4dbc-9947-7cbc43413dbe.tmp

MD5 15990a316c4bd50c29d3bfef0c9de70e
SHA1 85da4ea4f13abdb7a499cd1307cbd4f96b680137
SHA256 3e9585f1976c7c7cd7947a0210b4d1e779003795e36c4e52f0864e6a7b5f4fee
SHA512 0cf06566f4a02f636ed5891a20b39e3e84a07328ae832813eb2158915102848f244688018c018911932d74bd0d3fe9bff58403adb0aeb188772607ca353154cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f135c5f6d8eb4449cbd08a3423192453
SHA1 d8d1988a8dcfa6d3b5fab500c5c9729f21f29e89
SHA256 de86c16ee691a89af93f985bad6716b4e4dac5f89369b14a80efca5824ae5c5b
SHA512 19edec3ee56a7bc9be03cbe30fcc4931077b1b5c071e6040a8edbeeb3de3448ac0dadd29ebcb1c26a829e8c90226cc5c02db9db8d9aeca2127c3c60dcd3880f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 12212f3d623b5b71beef59ae4a3c2f94
SHA1 c6861af9a89714ae88ae1317bb6439decdbb8304
SHA256 7a7dbe6773e457965aedd01dbc60f091117b8c87bee59da9be7bdf10ccbeca8b
SHA512 b90b5bbc56e7f480023af89b71f6ddc4127388958ab4ea545da284722e1ca7fb0ec544c692cbd32ee40d2ef24e840b4e452909b56c4d207d3eada1d1deb7d4ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ea1b9b67eda9d83bf1ca8a80de4f335b
SHA1 da78b0d24276a91297abb5b1dbdf023c0abe7480
SHA256 47bcd156f8dc9b408bf99cb8b6f777901dc302f111277a9ab3d9b075158faa80
SHA512 ea772b8a7e15b2f73f2ec57cc1b6adb6a0b779416ae1f71bec5a07974b4dad25b429c97e30710e264134578a75b1f5f4f9381e43a90a97dc52954c802f8f5bca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7cf137ee2458674adf83984ed4a6cb7e
SHA1 e07c2c541a54a54211beb5b16602fa3d008ef524
SHA256 efc30fe2d73da7ccad3304aeb989ef7da47187f98bb151b13a1c938c5b2b3aa7
SHA512 98b19f10cfd1093d4ff0601221553fd78d6a980b44eb510c13c672ffe2943bc17322ae18c60c5aa83de8958b19095d796faea87af1c44ce4c171820d4eb903f8

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:40

Platform

win10-20240404-en

Max time kernel

495s

Max time network

1596s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\debug\node.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\debug\node.js

Network

Country Destination Domain Proto
US 52.111.229.48:443 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 34.197.79.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 48.110.63.41.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:41

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1576s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\debug\src\browser.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\debug\src\browser.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 169.253.116.51.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.110.63.41.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:42

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1593s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\destroy\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\destroy\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:18

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1608s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\call-bind\test\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\call-bind\test\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:40

Platform

win10-20240404-en

Max time kernel

312s

Max time network

1592s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\debug\karma.conf.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\debug\karma.conf.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:42

Platform

win10-20240404-en

Max time kernel

498s

Max time network

1587s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\destroy\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\destroy\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:59

Platform

win10-20240404-en

Max time kernel

499s

Max time network

1588s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara-main\Storage\Drawing.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara-main\Storage\Drawing.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 17.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:41

Platform

win10-20240404-en

Max time kernel

377s

Max time network

1597s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\debug\src\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\debug\src\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 48.110.63.41.in-addr.arpa udp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:41

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1587s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\depd\Readme.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\depd\Readme.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:39

Platform

win10-20240404-en

Max time kernel

314s

Max time network

1587s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\cookie-signature\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\cookie-signature\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:43

Platform

win10-20240404-en

Max time kernel

362s

Max time network

1613s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\encodeurl\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\encodeurl\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:43

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1608s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\encodeurl\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\encodeurl\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 f.f.f.f.d.b.b.8.0.9.8.2.0.9.0.8.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:48

Platform

win10-20240404-en

Max time kernel

615s

Max time network

1579s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\es-errors\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\es-errors\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:36

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1608s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\content-disposition\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\content-disposition\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:36

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1596s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\content-type\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\content-type\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:37

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1608s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\cookie-signature\Readme.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\cookie-signature\Readme.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-10 21:47

Reported

2024-06-10 22:41

Platform

win10-20240404-en

Max time kernel

498s

Max time network

1593s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\depd\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\depd\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 94.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 107.211.222.173.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp

Files

N/A