71cf438237ae459fbfdc32b9bf3263f679d070cac071536fa27b0ed31fc5d459

Analysis

max time kernel
43s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-09-2024 21:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

redirect.html
Size

6KB
MD5

b2174f9bd0d3101ba07e3b59fbaf4185
SHA1

a7ee06c45a75935380bf1b2014446e5f24baf087
SHA256

71cf438237ae459fbfdc32b9bf3263f679d070cac071536fa27b0ed31fc5d459
SHA512

0323d482f9208877f2cb9d48409f41e3b22fc916fbd223c0575c50b9ce4c94fd00a53c8f65a1d5a379fe4ded6b7d6936446ebf07145fbcb2ca2f6bff85338be1
SSDEEP

192:dKHLxX7777/77QF7jyr80Lod4BYCIkGO4XIU:dKr5HYF0+CIkGO4Xr

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

Solara_Installer 3.0.2.exe

pid process

2472 Solara_Installer 3.0.2.exe
Loads dropped DLL 5 IoCs

Processes:

WerFault.exe

pid process

1604 WerFault.exe
1604 WerFault.exe
1604 WerFault.exe
1604 WerFault.exe
1604 WerFault.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

pid	process
2472	Solara_Installer 3.0.2.exe

pid	process
1604	WerFault.exe
1604	WerFault.exe
1604	WerFault.exe
1604	WerFault.exe
1604	WerFault.exe

Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1604	2472	WerFault.exe	Solara_Installer 3.0.2.exe
1444	1492	WerFault.exe	Solara_Installer 3.0.2 (1).exe
1660	1324	WerFault.exe	Solara_Installer 3.0.2 (2).exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Solara_Installer 3.0.2.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Solara_Installer 3.0.2.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Solara_Installer 3.0.2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2772 chrome.exe
2772 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

chrome.exe

pid	process
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2772 wrote to memory of 2816	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2816	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2816	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2580	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2672	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2672	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2672	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe
PID 2772 wrote to memory of 2368	2772	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\redirect.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7929758,0x7fef7929768,0x7fef7929778
2⤵
PID:2816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:2
2⤵
PID:2580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:2672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:2368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2088 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:1
2⤵
PID:1840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2096 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:1
2⤵
PID:540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1388 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:2
2⤵
PID:2208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3392 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:2292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2704 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:1
2⤵
PID:2524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3532 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:1
2⤵
PID:2556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3528 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:1
2⤵
PID:2908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3600 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:1
2⤵
PID:2308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3996 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:1580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4212 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4380 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:1040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:2872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3612 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:2900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4732 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:540

C:\Users\Admin\Downloads\Solara_Installer 3.0.2.exe
"C:\Users\Admin\Downloads\Solara_Installer 3.0.2.exe"
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 1116
3⤵
- Loads dropped DLL
- Program crash
PID:1604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4016 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4032 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:1812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4680 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4352 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:2660

C:\Users\Admin\Downloads\Solara_Installer 3.0.2 (1).exe
"C:\Users\Admin\Downloads\Solara_Installer 3.0.2 (1).exe"
2⤵
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 1120
3⤵
- Program crash
PID:1444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4272 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:2440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4564 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:1292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:2524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1012 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4272 --field-trial-handle=1356,i,13423695112022521215,7998017107535619122,131072 /prefetch:8
2⤵
PID:2092

C:\Users\Admin\Downloads\Solara_Installer 3.0.2 (2).exe
"C:\Users\Admin\Downloads\Solara_Installer 3.0.2 (2).exe"
2⤵
PID:1324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 1116
3⤵
- Program crash
PID:1660

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize
230B

MD5
b6badca173495ef81b898c11ab3cdb80

SHA1
948bcd5229cb473512148b6d0aa2228ea291efc1

SHA256
d511f3409750a8ca42ab7093fd86415db922f4f71d58919d8d0065eb37b656a3

SHA512
d619df0be100f1c7293f8be85497cd4b57c8f53f32a747d845b7787cc91b212f4236c8d29e7956c8660ddc0a00b50a3bd813847d87d113ce989c0562b6f6c866

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
618af76b4d1953f49c836b11f6ef01f5

SHA1
c0d4bd443ca4645776258da1c5ffba94fd992bb9

SHA256
dd968d4d6c44c5ea0f11edc289154ea14fb95320e6130142885d92b2532dc468

SHA512
a9f2802f937e33a663afadada88dd2ed5e75d0f4f8b0b0cf4fe981dc57e91aecf74c416684267bcfc7cba9df644b642ccff3315149e50a5a8fc505a518391515

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
08093436d8906f653067a1554579aa28

SHA1
c42b9d8cee16d42919aa60a48462b26713c411dc

SHA256
2fd1bca117dc1cdfee0398e5e7659aafb6006d054afc812b44c2364fc7ac1e33

SHA512
d376fffdf5cb74ed6cb246cbfa01529c898eb79238caa23e81d2ea2ea9cc754107c927c4b3e2befd0f577e7eb7fdfbe28f62c8297b12d526d40d1a9fc1e3c493

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
2ee02314298c55fb1f44b1b99de6babf

SHA1
96c8d4ba1cb58dbca693963fc583909eeee17aa3

SHA256
e48a5984df35e411687f27511fc4cdcacc539b32090bc2f5763eb2945d7e9567

SHA512
9602f987affaac3bc1523dac7cd721c7b9db03d67843b03054af7d64507e306126d4bfc1a6e4750c7f2d95d1920699ac5cc41d1e198caa044f8b6caa8c9195c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e6330c4af1af22d1aade2e6404be5a73

SHA1
b861ddb6e92800910714bdcc4f8c2a32b4186658

SHA256
09ff25f864bb0f538bb31694470798d437461596a1db7de78be8b1e1a3c48427

SHA512
94f6b30d475c5856c8d687051ec4c5709195b1c27cc5bf5a5142dc2056a319efba6d9b61146b7847ca6bf884bb3efb0432307d0714cb2c385e81643f63c7ef4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
c2eab7c259032636f8f9b2700046ac6c

SHA1
2a4c02834eedf2fd588978fe2b85156f851e8c5c

SHA256
34e58cfa8ce257012ab5e0e2b982b917d1fb9eefc44a5a3b37e910487ecd133d

SHA512
033f8727339370887be2bd636a81d6a60fa9e76dcc51613b1908af3d253b942fcb1f6dfeca40a2b07cc68193e809fa4adee01b3237fc75b2ed773f35951278e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
df72f41c1926b75ebd8c62efba45bfe6

SHA1
98b17037b376e4a6911ec03643a7bb161ba76966

SHA256
075c254ee35d2bca95dd95ba13e1bb5433c1af788af4787beccd924d3067871b

SHA512
9454e6730435657443b4be5446a33ea509c019c36d85700e93d977053f2d2b2e7c2c4bea0586a46a1ab944fe90e0e9167d0eb2e9f1293dc57b5f201df242d71f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
7c98e194e9da58e3136340f3dc756c90

SHA1
82e82c6e72a96edbaf233aa1bcade3a42a778fb1

SHA256
797a8db95a16e29bf3fb0fb4d8198fcca0ec6883064d5a7913ea642054c5bd76

SHA512
239a3d06d2bdecb77636cefb5b19e6e26b59504c859efa5d12edf91cec8b2566cbfb856a151f118b4115a882b66a036f22a15d86d6e3cfe1c16bb7724a34daf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
d4ab5a60af8b50b135a0cc773ac75c22

SHA1
7672c69fe8d5b49214c886547279776e2ece6397

SHA256
c053883d07378a15452cbdf0616b35a6b099b80a96591617a2c5355a6f0d370e

SHA512
6fb608bb888b3d87a13206de8fffc433c8efdb36944893922c81bb62cd087654d9bdc4ed65c12da45c8976817f67c67e23362813467fd27b9bcd9b5e882f3609

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
a9cc445e17508bc00b955bc2f289a710

SHA1
b2b95ef87a834ab21c80bbf0f126587e89edbb0a

SHA256
e0237ee08a42af806d82246e06f89e63c027add822934d7112e41cb5257b60a4

SHA512
903d6d7eb4edebb1437c15df869cc6ba5198b699ea7c7a24b8984c02f927bf230171ffa80647a186c67ba5e4882656253a9726530a0e634395e5c45fd66eafea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
51abb0e9ba217cb0b3f2bc9482734e45

SHA1
9627fbc36482f3b09cd75b80a4c14a402b8545bd

SHA256
c14830e023874dc8b186bb976698d32e390d1b68218d08b8009e6a08ad5694fe

SHA512
dc6e2ae0d925a55d68bfa4b400e9e937ab8ebbc9988fc30d416ac46c05682976b6c09b2c62f32af21acbe7f39439f4c1bd0fdde327845045fabfd51cc8d59b29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e16ad2106cfafdc07f175980c7fdf5c6

SHA1
984f5dd08456106a6c64d6d9660c64614fc00d8d

SHA256
89c72e81a7e6ccd3e761968553de0f8b6338472f89a8a3fa6f417975f05bd59b

SHA512
c08b8e4de86761215270f36c4bfdc8e224debfbf3ac76b7d0b52c2cbd4458cdeb30ab426380ca24b2c99dae8d6e0d2c15762bc5b83c5e04b8e1d02a17eb02a5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
2356db0ef01a6522b0424bf2693f88ab

SHA1
d1c2237fe7e8b09c15ce680e65ec87d22725043b

SHA256
96efadbca3125ab1d6f8d11a62bf5eaea57b66d73e3700f7a5778caae7ca5147

SHA512
353a8a6d15735d1e7fd9dea747195727032ac13cd3a9d241a8f7c486a720613f2a21ce0ba2b36553234c2b051b28fc2f6b4e22b595d045947514112a8fe07a15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
3bb5010a1fdd6f4b024f71fef6288913

SHA1
40a6a3e0d4b84e7095c667d325bee833a635277c

SHA256
e101884fe8d1279b9e76f0f26183115ea4d2f2aca80e57f0246afbf4f00356bd

SHA512
e042129f4f1e2742581ec92d446b5dacd30c5e7ee467125bdd8af2fa0a4fd9cfd86b5e97030c83fd584880a2ed43179de4db9a391bbb2196ac0c1af143a0be0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
60a5a06d7ac7be6a601e10bf55aeadb5

SHA1
27002b3d8d34c7c37c5680ccf708623a495be4fc

SHA256
af05e40cd320917f12e145836cda431c3f318755929726251b4948b53473edb0

SHA512
84acad4cad957a8864ca315d90fe0190b7664a719ae81951c57d757dc3b33d2a855729ef63b44657309b2d4cc6c46a6c00545d8f0bc17228fc71a0ddce96c38e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
03d928a2481ee616277505c536af4da3

SHA1
357411ee0a06395017d9b0d2ad4edc35c37c91b7

SHA256
a06de2e530dd20655e527018933532580b2d58006b3c7f73fedfe35b6b76cf33

SHA512
6cd7e0b67d16e7ccfb92b5df23dda1fcf4017d62f4ce71d280950a103435201ce2ca68ebc6608f3cdf6ee3f0b50699bd8ec0d126565a1bd17119daaffa98eea4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
97c5cb699e03ac69928551aba99ec25b

SHA1
30f79d44b7a1697d812f362f42d867f2566eb2a8

SHA256
5a7185ec71c14093e884b7d1e139c002688e6eea474b9c0aad4ec7f9f446a26c

SHA512
f72f8211285b651f0257474d871a4fd3a68a2abc9ccbd373a0a0d890c27fd43de89c0ef69c0c67e55bc3e9bb0a1f3df2cd0b0ee2a733c3ac58ca0065ad57c064

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
7d95d34fcf30894c7624bab5cebb9371

SHA1
5e0258c86fea4f4947477732a126848dccb4e573

SHA256
2680e814a73aecd5082a872e49416a51719ccad372c6eeac5ce75a7e2fde4a59

SHA512
59632d0174daec142742d25069b96c9c3263f2c9a52824358fa28d66f64157278d315c6946b1bbc8245f2f82385376a0156b9f522fbbb164e2bdad424482e83b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
42bcf8a9e7f3da730975c3038a1d065b

SHA1
67b35dd9707debaa75741cd43ba26c35f19be9b2

SHA256
e5183c1a66776488c93a141140b71448779a555dda6a031542b174319c56555e

SHA512
9acf78176fad714a2695a80a8fed7ac32d705f9cecacc429667a6b905db1d6687306adb0f516a99efe7f90037a6a6f3cc7b513aa226b1b6ab6d07d9916ba7b02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
a3babd9dbd4a5a4fef68b4349a31bffa

SHA1
650669c10f220d4ee37a4172516b7383528ab6f8

SHA256
b496fac1dbab5882480bf66da0b8c642c48f06b14c7f7d2ab8a7b75ed89aa8f4

SHA512
85547073e658966aff95f2d22d0a4dbd12f8b9d062cff0ebcbdb34a96a93ceffcd994f30d09b4d384abfeca7949391e736a8f29b2c18aefda85b51a983ab2e55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
803ae48067ce9c603499b7d304a6213f

SHA1
48cd09c3e9bdf0fc5367235b018f28747d58b856

SHA256
004f29458ba4e586a5473559f77cfb4fa12b2a60fa854b469d1241901316a4f2

SHA512
51cce3630bf83852277405069092e7c66e8eae91319005edb7bd0a788dac46b99041b4e9f851c451f68a08df72a5874361f8746a80b0eb10fa20852db55f244b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
5fc7d6815bc26c4a6a3777d29babae97

SHA1
5c0a1b9c0b0d4cd45c76138e4fcb977b5456a742

SHA256
dbade73e1e57fa2f70112ed6cca772f8949125e23a7a2c30e6c8140acd72ce48

SHA512
d49f7af4b7996c4306122407915eb583ae2db2c36c5cac6aa393d96a7c9a1bc532432cc1ddf0f18d98bc1c188489c8e83c2e565652cef4f20ecb545c2c8008fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
5bec65f4fa811916fda84fdaecea36e1

SHA1
cffa9c02ace87fff5697c6ab955814acd77417a4

SHA256
a66c2482bf60b4c152f0653635fb49a497541fac74b8e1e966f80482094c97ac

SHA512
ddde3c827d96ba736a8287d00243fe0e15fcf3b0387fd74d552f2b6b8b8b46a020792b593f8a3751d95b248edb5e917ff1ba7e809b85050ea2dfdec6b27148f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
6af0c4157a2c1355e213a68a16eb8862

SHA1
28fe7666d732327a9376eebe6ff107be546e8df0

SHA256
6aed9cacfd6275736f5b5a253f9ab43f077f275098c630a2853d182657989fe9

SHA512
b5eba81838717f1cdd537ff5ee38d0a3680a21c73944232bf8f764891f15701291d0c1b9b9b8a630977a642a1f6ad072cf8b62279138a8ca52ecf433bf2fa6b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
607c7920003bd6e7baa307e41f4dee10

SHA1
83d34145b563a12e2ac7e05b7e5ba5572bb2347d

SHA256
5717aee634b44ef9ee309a2a914265ac4641c202d5e11e645bf9e7ed702fba3a

SHA512
653cc72bdd9b70775b1b9134c03fec177a0bd8f6422cb31e7d1eeaa3aea5b5bf9fdd1dd374f28ed5e51d38eba0ec7dea23e718b4b416e0de787f5a403b125d60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
53be32cf4d3c49390e868dcc0b305b91

SHA1
e24708286eab4493237f23fc8fe246baa67feff9

SHA256
3f9617420530a9142ee78005d181ea0c11956ef946525e0bb300a5ddf9375910

SHA512
3a2cba12e34410549a757b0ae41a7f4dfa35e2a135e97f7122c63feab107d1bc074c0ca381f69721558899a4450f4dab5737edd7eb89ff918452efc861ba0a66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
Filesize
242B

MD5
2abf3d6cb84f541fa03275b4b67689bb

SHA1
3bb39bfd2b01bf620919ea574997aec2af89b9a6

SHA256
f1f9ba63cf4252a374e2b89c0ceb01a8a85eb871bb60a0dcdb682727d7a2cb5e

SHA512
276090cc2f90fcdd3c1edac417d475a1cf99c2566ed71c241b008508524125cff14c425863f829265c16516ea9c900afac52c4de44850ce42baab3dbeb772755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\12bbd72f-848f-4427-9970-96b9f875a925.tmp
Filesize
6KB

MD5
c62d75326c91a82d7c0b4fbfb746256a

SHA1
1afa77c3e40be545411f923c68d2d232ddc7fbbc

SHA256
9a010331dfae6eccd432732f9bca2da8a739064286c91fd709f6c96847beca75

SHA512
81cf9e92e55a50041c6d489b6237d01e5e906e931ced67d300a5033691001b3e5fbaf900da42244fa8f7243f553184871f01d96909866d477ac8c88c59c1e8e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1ba49eb4-d3cb-4273-9c05-22b7df9b868b.tmp
Filesize
6KB

MD5
f17e6c2e291809822b89ec8c1707769f

SHA1
3d79cbdc140f93bda4ed427e40380f3f032e9e0f

SHA256
ee875a8dd285fb8ddb566f44a5055cd791a6500a8baa7b3bbe76e7ef4bfe71f2

SHA512
b513a46e550a32ff7b7018e702fd7af509c6bd608e6cf0eb4eb43a22c0038b388d030509f8feef93df6033b2890a22a01fce47fded7e1e3e479e7f2e0111e449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\81354129-1372-435e-b4a8-3a4717630372.tmp
Filesize
6KB

MD5
feed53a5614a2f8a02232a8891658b0d

SHA1
7b3432a8456ef181bc55548e619543ddb2015f70

SHA256
b76bf7d1a181163cd97f3e8a085db979a1c37f5acaf0af2190f81f46cb7e6936

SHA512
20f0c580541e1c031495646d1a625f7d0cf729c9d61cf45f97bf916775e58d9cc67a9717eacb302a86a86ccae67a0461301fc97c4517a22cb3e62b6ba640b780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\000002.dbtmp
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT~RFf771e69.TMP
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
a674d6f4f1ce4e4d3de2905c0ca36cd8

SHA1
c9731f879eada91d7e993140f1dd44b24f1ab5a6

SHA256
d6651f9b901dece682926a797fde8bf1173d26ac5b6f4c7468312b11c19adf36

SHA512
f7580be62fce39546f897a637809cc73d3676807dc5238f5ac55945fa722913823010bdf741c05f7a47d6278eda2712217ea972424f9a5e3170a23c029b56f5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1016B

MD5
38a08ad62b50b6bcfd6e2b3b8deed62b

SHA1
bd911d6c96434e1b68dd7426a85ebd33562f6ce5

SHA256
206a8b1497c4e1a6498251d24bb81a3ca7c4217a771d1382c48bdcd46939506d

SHA512
4caec145f96bd987838247cd3aaed0689d598928802293eadf990a87a78b8a92f9eba4587bcc39136d02e38d3a807b13bbc2f088065f22e2f8dfb794d567734b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
853B

MD5
f24d07c7b5879b205339acff541ca43a

SHA1
e18cca305c91c339bb6f25962e76ffe9aeb92b0d

SHA256
ff26a2735c384ee667b403bddd63bb27bc3960b7196366a683d67b9194805da5

SHA512
da5064c1fa2c7e9615cce19e1e6666736e178137eb11d1a0350c669b5c496b72f6569babd377243f146e387571b08a4effc3ad83ff7b38fbd810d0c56b0f555b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
631b640baea78e89d1137ed9fb0883ea

SHA1
ab51a9fbdf918f67e498ab6f631457f541962dcd

SHA256
39945860a94d34a344183f2d972f14f52e8fff05a499cb0f7b8f333034951cdf

SHA512
73a428b63dec577d19d247e2233dd219fb45285aceb31062fea18ac8e51034dc90fd7c88433b2891d1829ddb34d653be7484a715eb103a2a4f19b5cc579fefc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
de27c7f5860e29740deddbfd6e990c44

SHA1
534f67f2547fb6b136e09ae5ea0cbdcfb7168cae

SHA256
e24fcece48bc5e9a8faa0ef789d0d519b872899e66c7854163de0d501102e4b0

SHA512
dddd57547d121a7d20460aca3c54aa3b9f91fc97cf853585c5134e60ac840f5e71ab0426645997ed154c12ac13cbeb0dab4743e6f76b5c4670a0cb439c0ca369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
1af39fd2fc71c876a7ce2990eefbf7ff

SHA1
7bcdbc9b8e9408df98e3f39610ddaca987b05381

SHA256
2eea662e0484884bfcbcb7b83d54372d66d421a9a28c67224134e6029cd47eaa

SHA512
96656dfec1fd60e07777c3887e118882fadce0d5116189bfa6fa35d4a0558692779060e512c0080db3fb3b1cea13067803fa88e8b8774af3e81242d2278864c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
168KB

MD5
dcf708a248267dfc34192344a06ddc0f

SHA1
ef3cf5f83ba988195a3e1a9b468abe5dfda799cc

SHA256
39735b0dd18547ed43fbb85464270522995ac63b4122b4d724326e2c01d4fb74

SHA512
d2b574cce1191108eb5a2fec54bdcdefde9a528c060e155c776e1dcc67d410560aadf83118cc030b812acc1395dd32249c14fb0216708dae138aa214f06026a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab74B5.tmp
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar74D7.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Downloads\Solara_Installer 3.0.2.exe
Filesize
208KB

MD5
a528edc512d8a5359d4f3729df3da2aa

SHA1
1453b1b879429c8e17f795ed7f7d181658fc883c

SHA256
636e06dee0e3ba0c630b5dbe5d8c3ec1839f067098aaf9a3c083a2123c425099

SHA512
009dff6f5c19cd73b313d77bf770efebf8d69d8c85c17fb4b4556d80f70d04727719687e1c808c7d127a8f5a2d9debaa88ea5e9a4bf768033cb60af81b1b933e

Download Submit
\??\pipe\crashpad_2772_QNBCAUCQUCCYQMJI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1324-2340-0x0000000001320000-0x000000000135A000-memory.dmp

Filesize
232KB

Download
memory/1492-2291-0x0000000073ED0000-0x00000000745BE000-memory.dmp

Filesize
6.9MB

Download
memory/1492-2281-0x0000000073EDE000-0x0000000073EDF000-memory.dmp

Filesize
4KB

Download
memory/1492-2282-0x0000000001280000-0x00000000012BA000-memory.dmp

Filesize
232KB

Download
memory/1492-2283-0x0000000073ED0000-0x00000000745BE000-memory.dmp

Filesize
6.9MB

Download
memory/2472-2207-0x00000000745CE000-0x00000000745CF000-memory.dmp

Filesize
4KB

Download
memory/2472-2209-0x00000000745C0000-0x0000000074CAE000-memory.dmp

Filesize
6.9MB

Download
memory/2472-2208-0x00000000003E0000-0x000000000041A000-memory.dmp

Filesize
232KB

Download
memory/2472-2233-0x00000000745C0000-0x0000000074CAE000-memory.dmp

Filesize
6.9MB

Download
memory/2472-2232-0x00000000745C0000-0x0000000074CAE000-memory.dmp

Filesize
6.9MB

Download
memory/2472-2231-0x00000000745CE000-0x00000000745CF000-memory.dmp

Filesize
4KB

Download