44caliber | 16cca0f0005d05175568adc4d1927ccf9a1775f51a67bf0e28e38df042d205d2

Analysis

max time kernel
149s
max time network
150s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30-06-2024 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Solara/SolaraB/SolaraBootstrapper.exe
Size

826KB
MD5

886d05ab350457e2ddde2f569dc0668a
SHA1

3448ca0ce7b2f279694f8a360348c0ade71b9322
SHA256

286b6d3aa77caa78854b3648d96d80a1f207d7b94fb54103b44600a6f72839b5
SHA512

31186e5e079389f820a026843340468cf183c31ee18d60537d48e83b4ecb08b86f2e1b41012b4fa25ebbbd33a4fbc833986815e71010b74df3e04fdaf49d7962
SSDEEP

12288:gCQjgAtAHM+vetZxF5EWry8AJGy03eJxZM6gMkIhS:g5ZWs+OZVEWry8AFL06gGS

Score

10^/10

44caliber evasion spyware stealer themida trojan

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/1169713279464120370/GUIw2wEmQMllUHEfRf3MNeS3DBNrZN-RuTQ9QbFfAqIZNVHtIlkj1yiD5QqgrIlv8gQi

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ cd57e4c171d6e8f5ea8b8f824a6a7316.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Executes dropped EXE 3 IoCs

Processes:

SolaraBootstrapper.execd57e4c171d6e8f5ea8b8f824a6a7316.exeInsidious.exe

pid process

5096 SolaraBootstrapper.exe
1436 cd57e4c171d6e8f5ea8b8f824a6a7316.exe
648 Insidious.exe

Loads dropped DLL 5 IoCs

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.exe

pid	process
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Themida packer 14 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral4/memory/1436-1511-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll	themida
behavioral4/memory/1436-1513-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral4/memory/1436-1512-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral4/memory/1436-1514-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral4/memory/1436-1521-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral4/memory/1436-1523-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral4/memory/1436-1525-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral4/memory/1436-1526-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral4/memory/1436-1528-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral4/memory/1436-1530-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral4/memory/1436-1532-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral4/memory/1436-1534-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral4/memory/1436-1538-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

20 raw.githubusercontent.com
3 raw.githubusercontent.com
4 raw.githubusercontent.com
15 raw.githubusercontent.com
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

7 freegeoip.app
8 freegeoip.app
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.exe

pid process

1436 cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
20	raw.githubusercontent.com
3	raw.githubusercontent.com
4	raw.githubusercontent.com
15	raw.githubusercontent.com

flow	ioc
7	freegeoip.app
8	freegeoip.app

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642252297502214"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

SolaraBootstrapper.exeInsidious.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

pid	process
5096	SolaraBootstrapper.exe
5096	SolaraBootstrapper.exe
648	Insidious.exe
648	Insidious.exe
648	Insidious.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

4552 chrome.exe
4552 chrome.exe
4552 chrome.exe
4552 chrome.exe
4552 chrome.exe
4552 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

SolaraBootstrapper.exeInsidious.execd57e4c171d6e8f5ea8b8f824a6a7316.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	5096	SolaraBootstrapper.exe
Token: SeDebugPrivilege	648	Insidious.exe
Token: SeDebugPrivilege	1436	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SolaraBootstrapper.exeSolaraBootstrapper.exechrome.exe

description	pid	process	target process
PID 4944 wrote to memory of 5096	4944	SolaraBootstrapper.exe	SolaraBootstrapper.exe
PID 4944 wrote to memory of 5096	4944	SolaraBootstrapper.exe	SolaraBootstrapper.exe
PID 4944 wrote to memory of 5096	4944	SolaraBootstrapper.exe	SolaraBootstrapper.exe
PID 5096 wrote to memory of 1436	5096	SolaraBootstrapper.exe	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
PID 5096 wrote to memory of 1436	5096	SolaraBootstrapper.exe	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
PID 4944 wrote to memory of 648	4944	SolaraBootstrapper.exe	Insidious.exe
PID 4944 wrote to memory of 648	4944	SolaraBootstrapper.exe	Insidious.exe
PID 4552 wrote to memory of 4348	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 4348	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3376	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 948	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 948	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3556	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3556	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3556	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3556	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3556	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3556	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3556	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3556	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3556	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3556	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3556	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3556	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3556	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3556	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3556	4552	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Solara\SolaraB\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Solara\SolaraB\SolaraBootstrapper.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4944

C:\Users\Admin\AppData\Local\Temp\RarSFX0\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\SolaraBootstrapper.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5096

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1436

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Insidious.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Insidious.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffeefa79758,0x7ffeefa79768,0x7ffeefa79778
2⤵
PID:4348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1864,i,14479930569817660072,6005586462130499066,131072 /prefetch:2
2⤵
PID:3376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1864,i,14479930569817660072,6005586462130499066,131072 /prefetch:8
2⤵
PID:948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1864,i,14479930569817660072,6005586462130499066,131072 /prefetch:8
2⤵
PID:3556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1864,i,14479930569817660072,6005586462130499066,131072 /prefetch:1
2⤵
PID:3720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1864,i,14479930569817660072,6005586462130499066,131072 /prefetch:1
2⤵
PID:3960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4512 --field-trial-handle=1864,i,14479930569817660072,6005586462130499066,131072 /prefetch:1
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1864,i,14479930569817660072,6005586462130499066,131072 /prefetch:8
2⤵
PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1864,i,14479930569817660072,6005586462130499066,131072 /prefetch:8
2⤵
PID:200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1864,i,14479930569817660072,6005586462130499066,131072 /prefetch:8
2⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1864,i,14479930569817660072,6005586462130499066,131072 /prefetch:8
2⤵
PID:4684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1864,i,14479930569817660072,6005586462130499066,131072 /prefetch:8
2⤵
PID:964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3844 --field-trial-handle=1864,i,14479930569817660072,6005586462130499066,131072 /prefetch:1
2⤵
PID:4660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3812 --field-trial-handle=1864,i,14479930569817660072,6005586462130499066,131072 /prefetch:1
2⤵
PID:4028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2240 --field-trial-handle=1864,i,14479930569817660072,6005586462130499066,131072 /prefetch:1
2⤵
PID:3840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1864,i,14479930569817660072,6005586462130499066,131072 /prefetch:8
2⤵
PID:4536

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4140

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
1f8d819cec14602caaff16a67ec4a37f

SHA1
a82087f7e59f2402aec4e7f6c06fa0fa15314d82

SHA256
ac67547cf534d922a49cede29427a726af9d78a19886d244d14a1061362b5cb9

SHA512
a11b7b213aa89af08348248dc151f002f319e0143fac0564b2aebcf7bc61b0053d749f5d7516b1ba5073cf8333082b4cdc31275e046cf6c0feb9cff7b9157087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
4bca25fec3d2b980b2d2ca1d5c1cf4ab

SHA1
ded53ab6ea9ce179162344543d20da014825d5f8

SHA256
856e21963fd1f411dfc366849d3219b04e4570a503c956460ddda7e7cad62802

SHA512
f137f019bca4f5c4a58235429c036952108d130b1ec17d235b52113b328995ac0bdce53c8c0e79de1ba99a49f85c1d9691a92508674bc730acb81a68f7cbcacc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
a5baa8e30dfa73fbc297a35d4cffd2aa

SHA1
72ad19a33eeb6f54c31be1ac3599d6cd46422efe

SHA256
7a4311382db7a1f015e44cdd5283995bce8d3c35767df0536f35e452f3cffa02

SHA512
8f8fd4a5c0d651829e218b82cba31131f2e76477ac788b7ed8ec4f8e8333f619e89c4e65692ae7d64009036a05f2617e772eda9184ebac01301ef7c3dace54b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
6bd7a86fe0ed5f4555f351605a1b1548

SHA1
0bc36a0d5a53ea2932c69e3b238df067858869b4

SHA256
ea6d745d951c39e3bd7b5ac025cf473046f8b81aac51c01d1fbb27adaa3cd77c

SHA512
05882948474a03e2d939cd5512816c133357de25144efdf7a54dd59dc4a9888721627f34b415e86fd2fc083777378ba309307c837028206618daa11f2ef8d34c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
dbc55d29eaa44af5336beeebc374a56f

SHA1
578a2595b9a55060c4d1594413503169607125ab

SHA256
b2498ae23f3d7adde30e23dd1c4fdb44b451a4ad1ba9b913eabe2b862a40e4b0

SHA512
9f837e74600eb12c65e5dedb8c828d124d89509b1e3a03894235375247377ff5d1f2a0d07e080ac12ab71c08ada11380740ccc17ea4ee05d54891ae5ea4da6f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
99122b8cef5e3d38b9d3c582f8818a07

SHA1
ec6111c27a3940a94e7443a30db4cfee5c00c678

SHA256
f7adb0f5581317795107b4a54b8d30eb008fe70511da55ab984a8df1e7548e2b

SHA512
e865cd8854689e1570fa5b74c76e4a8dc7e4a4f99f4fe568f8bf8e4d4515a7e4c836908394f67fbf7870f4103cdb363632a2c17e3cc1c0e5c21e86cf192c3f37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e835fc96df1e613ed82b2966234f52ee

SHA1
2106fcdc6365041ffb054fb862a083cfda089945

SHA256
7dec76b66c011c98d3d583ede41aa6b14322b203e11432ca0154cd2ae53440ca

SHA512
6c801053e532d3c23cb8e7f0660d6a4500dc415aff7432ef440db955abeac1214aae0a71edbb6573eeac67d365436f89cde970cfc2f2dc6a6c9f9df8f0455364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2e892f196d35a74b54f841eb61c64b07

SHA1
f513c7aec2acf4dd08fc02e7cb8126bcf8f49191

SHA256
5c3b02146e698f5cafef4275311742b4a98e14b6d8af819c73e01480b57d2d97

SHA512
176a6eb3c8a3d13b633a9c38fa91df464d46936e752efb4c88c2a1f5765c89ddf061b1115d279690f28e90475256e52c1282ab4e40125fa12faaa27a02ad0156

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
10aebf87742690ecbc47d14357518715

SHA1
1c1891affeed6c4139e8004db013dc5a7d8333c1

SHA256
04a70f10965b56ecf74361736e220ca5493a682a5f5212c7752dc3c657f2366b

SHA512
d412a972cb9f53bd208fe14c5e14ff8818ee62a96d41a7983e7489a870ce8d01739505eed2408099b061dc7da751206100faba5e20b342eefe33b83eae8b4eb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
289KB

MD5
85389a1626184273cbf20a1ac5b0d8ba

SHA1
a9fe99d1a309a969bcba874c8751a030d98964da

SHA256
0d9ad49b125d43c1dbf50d8e64a99e99436bb4ffe8b8e22577d71608b3e7ef1c

SHA512
eed878c533bd6138b9522c132b5e22bfa5caa1d80f25c1986c8cdfdfc4d5db78243bf3cecc88e260319ad929bedd497ba16e78e69a570d0f08d1e73fdd8a648b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
97KB

MD5
90efc0edbd2a60c82c3307c8757b3635

SHA1
afc7c4c9033fd6f4db4ceede4f557f55b8cf5cbe

SHA256
4422c57054d41ab1a743f456995ea9898798012f5b6ac8106d8f0fc2845fe7e2

SHA512
066a598c8dae16ea60a8b252dd7117db585c48667f19f6a30c92337268f7394012d00e3f1305150c71deafca809be977a5f9687fb3a24eaaa93e7ac11ec48470

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59813c.TMP
Filesize
92KB

MD5
8e93b8cc75dd97c1dae322b303411c21

SHA1
c2cbb2ed60c0e58aab64ce89b1808b7272ccd0f3

SHA256
75e7e1c70fbf9186426a4e05af500a2a83ee5944626465217208ba363e553f67

SHA512
35f0e47a3e5c846938c548d1040febb63a34e9dbf6f95db94f544ea97bc3e6ddff758746f08406991216d0558988eab679e459f495088e84c871a3c281191f90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Insidious.exe
Filesize
303KB

MD5
cf6fbbd85d69ed42107a937576028fc9

SHA1
d8f2ca741a8f0beb8e89a68407241c5332759303

SHA256
644455284cd1e2188564dcea09cc0d09448423c9bfdeb9d05a834600d593ec1a

SHA512
562f8004f6d406ed596ff2ad7487f616f1abb98d415d70d87c18f11f364b35a40b959800085966b1680737e6bc7e3793d3b8c60046ea680dc87a673badeab94e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\SolaraBootstrapper.exe
Filesize
13KB

MD5
6557bd5240397f026e675afb78544a26

SHA1
839e683bf68703d373b6eac246f19386bb181713

SHA256
a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239

SHA512
f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
Filesize
488KB

MD5
851fee9a41856b588847cf8272645f58

SHA1
ee185a1ff257c86eb19d30a191bf0695d5ac72a1

SHA256
5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

SHA512
cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dll
Filesize
37KB

MD5
4cf94ffa50fd9bdc0bb93cceaede0629

SHA1
3e30eca720f4c2a708ec53fd7f1ba9e778b4f95f

SHA256
50b2e46c99076f6fa9c33e0a98f0fe3a2809a7c647bb509066e58f4c7685d7e6

SHA512
dc400518ef2f68920d90f1ce66fbb8f4dde2294e0efeecd3d9329aa7a66e1ab53487b120e13e15f227ea51784f90208c72d7fbfa9330d9b71dd9a1a727d11f98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
Filesize
43KB

MD5
34ec990ed346ec6a4f14841b12280c20

SHA1
6587164274a1ae7f47bdb9d71d066b83241576f0

SHA256
1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

SHA512
b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
Filesize
139B

MD5
d0104f79f0b4f03bbcd3b287fa04cf8c

SHA1
54f9d7adf8943cb07f821435bb269eb4ba40ccc2

SHA256
997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

SHA512
daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
Filesize
43B

MD5
c28b0fe9be6e306cc2ad30fe00e3db10

SHA1
af79c81bd61c9a937fca18425dd84cdf8317c8b9

SHA256
0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

SHA512
e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
Filesize
1KB

MD5
13babc4f212ce635d68da544339c962b

SHA1
4881ad2ec8eb2470a7049421047c6d076f48f1de

SHA256
bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

SHA512
40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Newtonsoft.Json.dll
Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\VCRUNTIME140.dll
Filesize
99KB

MD5
7a2b8cfcd543f6e4ebca43162b67d610

SHA1
c1c45a326249bf0ccd2be2fbd412f1a62fb67024

SHA256
7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

SHA512
e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll
Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt
Filesize
42B

MD5
ed3b419c94386a952da318b60459a509

SHA1
211feef90b099197ea5f08a165eb254beb9bb7ae

SHA256
6cbf238518719c6a42f379cac879e942a726de67e9ecafed8132db82e700404d

SHA512
2e571b88165a45d545f0fc8698448257b5dead91165bd6756627d1bce1188c47ed6cea07f0bf80e12a975b5a92194d76ee68cb915ad3f8e132051ceb000a63be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Filesize
90KB

MD5
d84e7f79f4f0d7074802d2d6e6f3579e

SHA1
494937256229ef022ff05855c3d410ac3e7df721

SHA256
dcfc2b4fa3185df415855ec54395d9c36612f68100d046d8c69659da01f7d227

SHA512
ed7b0ac098c8184b611b83158eaa86619001e74dba079d398b34ac694ce404ba133c2baf43051840132d6a3a089a375550072543b9fab2549d57320d13502260

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
Filesize
113KB

MD5
75365924730b0b2c1a6ee9028ef07685

SHA1
a10687c37deb2ce5422140b541a64ac15534250f

SHA256
945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

SHA512
c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

Download Submit
\??\pipe\crashpad_4552_RUOIZHLNVKYMPEWI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll
Filesize
4.2MB

MD5
f71b342220b8f8935abe5ea0b1e5f30c

SHA1
a70d41dbc456d548e790af717575b1f83e3f38b5

SHA256
dec8c51c89452b183201e58e4cfceffb0924c4c1f7729841a739086711ff021f

SHA512
d6ba2d0eecb2bd70ea727c7bd86cce75fe535e4a7688eb6fc6334e30f568d24d0b6661b8873ddb88c1bb75dbf772fae215b101545ff85e6461a2b05b85dfe05f

Download Submit
\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
Filesize
522KB

MD5
e31f5136d91bad0fcbce053aac798a30

SHA1
ee785d2546aec4803bcae08cdebfd5d168c42337

SHA256
ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

SHA512
a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

Download Submit
memory/648-1473-0x000001D532D10000-0x000001D532D62000-memory.dmp

Filesize
328KB

Download
memory/1436-1534-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/1436-1513-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/1436-1538-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/1436-1518-0x000002ADFAA50000-0x000002ADFAA58000-memory.dmp

Filesize
32KB

Download
memory/1436-1519-0x000002ADFB7D0000-0x000002ADFB808000-memory.dmp

Filesize
224KB

Download
memory/1436-1520-0x000002ADFB8C0000-0x000002ADFB8CE000-memory.dmp

Filesize
56KB

Download
memory/1436-1522-0x00007FFEF8FA0000-0x00007FFEF8FC4000-memory.dmp

Filesize
144KB

Download
memory/1436-1521-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/1436-1523-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/1436-1525-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/1436-1526-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/1436-1528-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/1436-1530-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/1436-1532-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/1436-1514-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/1436-1512-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/1436-1511-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/1436-1500-0x000002ADFB570000-0x000002ADFB5EE000-memory.dmp

Filesize
504KB

Download
memory/1436-1498-0x000002ADFA0C0000-0x000002ADFA0CE000-memory.dmp

Filesize
56KB

Download
memory/1436-1496-0x000002ADFA0F0000-0x000002ADFA112000-memory.dmp

Filesize
136KB

Download
memory/1436-1495-0x000002ADFAB30000-0x000002ADFABE2000-memory.dmp

Filesize
712KB

Download
memory/1436-1493-0x000002ADFAA70000-0x000002ADFAB28000-memory.dmp

Filesize
736KB

Download
memory/1436-1492-0x000002ADFAD30000-0x000002ADFB26C000-memory.dmp

Filesize
5.2MB

Download
memory/1436-1467-0x000002ADF8270000-0x000002ADF828A000-memory.dmp

Filesize
104KB

Download
memory/5096-1468-0x0000000073400000-0x0000000073AEE000-memory.dmp

Filesize
6.9MB

Download
memory/5096-15-0x0000000005D40000-0x0000000005D52000-memory.dmp

Filesize
72KB

Download
memory/5096-13-0x0000000073400000-0x0000000073AEE000-memory.dmp

Filesize
6.9MB

Download
memory/5096-12-0x00000000015D0000-0x00000000015DA000-memory.dmp

Filesize
40KB

Download
memory/5096-11-0x0000000000A90000-0x0000000000A9A000-memory.dmp

Filesize
40KB

Download
memory/5096-10-0x000000007340E000-0x000000007340F000-memory.dmp

Filesize
4KB

Download