Resubmissions

24-10-2024 19:59

241024-yqt7dsscpl 6

24-10-2024 19:55

241024-yndfvssclj 10

24-10-2024 19:54

241024-ymwk2ssckm 8

24-10-2024 12:40

241024-pwm6la1hmn 10

24-10-2024 12:34

241024-psafbs1gkr 10

24-10-2024 12:24

241024-pk4zza1drl 10

22-10-2024 13:05

241022-qbwsnsybrr 10

Analysis

  • max time kernel
    115s
  • max time network
    117s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    24-10-2024 19:55

General

  • Target

    https://raw.githubusercontent.com/ByterCode/Solara-Excutor/refs/heads/main/Solara%20NEW.zip

Score
8/10

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 38 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 49 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://raw.githubusercontent.com/ByterCode/Solara-Excutor/refs/heads/main/Solara%20NEW.zip
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3280
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa9dd43cb8,0x7ffa9dd43cc8,0x7ffa9dd43cd8
      2⤵
        PID:1776
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,13348274961938684565,130258922997257091,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
        2⤵
          PID:4128
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,13348274961938684565,130258922997257091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3760
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,13348274961938684565,130258922997257091,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
          2⤵
            PID:1140
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13348274961938684565,130258922997257091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
            2⤵
              PID:4256
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13348274961938684565,130258922997257091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
              2⤵
                PID:4956
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13348274961938684565,130258922997257091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
                2⤵
                  PID:3704
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13348274961938684565,130258922997257091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
                  2⤵
                    PID:2784
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13348274961938684565,130258922997257091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
                    2⤵
                      PID:2304
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13348274961938684565,130258922997257091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
                      2⤵
                        PID:1928
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,13348274961938684565,130258922997257091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:5088
                      • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,13348274961938684565,130258922997257091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:124
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1872,13348274961938684565,130258922997257091,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5336 /prefetch:8
                        2⤵
                          PID:3912
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13348274961938684565,130258922997257091,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
                          2⤵
                            PID:3328
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1872,13348274961938684565,130258922997257091,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6080 /prefetch:8
                            2⤵
                              PID:4040
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13348274961938684565,130258922997257091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
                              2⤵
                                PID:5056
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13348274961938684565,130258922997257091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
                                2⤵
                                  PID:5020
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,13348274961938684565,130258922997257091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:8
                                  2⤵
                                  • NTFS ADS
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4508
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4240
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:568
                                  • C:\Windows\System32\rundll32.exe
                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    1⤵
                                      PID:3664
                                    • C:\Users\Admin\Downloads\Solara NEW\Solara NEW.exe
                                      "C:\Users\Admin\Downloads\Solara NEW\Solara NEW.exe"
                                      1⤵
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of SetWindowsHookEx
                                      PID:240
                                      • C:\Program Files\Java\jre-1.8\bin\javaw.exe
                                        "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Solara NEW\Solara NEW.exe"
                                        2⤵
                                        • Drops startup file
                                        • Loads dropped DLL
                                        • Enumerates connected drives
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious use of AdjustPrivilegeToken
                                        • Suspicious use of SetWindowsHookEx
                                        PID:2884
                                        • C:\Windows\SYSTEM32\reg.exe
                                          reg query HKLM\HARDWARE\DESCRIPTION\System /v SystemBiosVersion
                                          3⤵
                                          • Checks BIOS information in registry
                                          • Modifies registry key
                                          PID:560
                                        • C:\Windows\System32\Wbem\wmic.exe
                                          wmic diskdrive get model
                                          3⤵
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:2792
                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:SystemDrive) -Force
                                          3⤵
                                          • Command and Scripting Interpreter: PowerShell
                                          • Suspicious behavior: EnumeratesProcesses
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:4240
                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:SystemDrive) -Force
                                          3⤵
                                          • Command and Scripting Interpreter: PowerShell
                                          • Suspicious behavior: EnumeratesProcesses
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:956
                                        • C:\Users\Admin\AppData\Roaming\WinSFXConnectDevicesPlatform\WinSFX.exe
                                          C:\Users\Admin\AppData\Roaming\WinSFXConnectDevicesPlatform\WinSFX.exe
                                          3⤵
                                          • Executes dropped EXE
                                          PID:4696

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

                                      Filesize

                                      2KB

                                      MD5

                                      627073ee3ca9676911bee35548eff2b8

                                      SHA1

                                      4c4b68c65e2cab9864b51167d710aa29ebdcff2e

                                      SHA256

                                      85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c

                                      SHA512

                                      3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      e1544690d41d950f9c1358068301cfb5

                                      SHA1

                                      ae3ff81363fcbe33c419e49cabef61fb6837bffa

                                      SHA256

                                      53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

                                      SHA512

                                      1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      9314124f4f0ad9f845a0d7906fd8dfd8

                                      SHA1

                                      0d4f67fb1a11453551514f230941bdd7ef95693c

                                      SHA256

                                      cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

                                      SHA512

                                      87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                      Filesize

                                      193B

                                      MD5

                                      62fc8758c85fb0d08cd24eeddafeda2c

                                      SHA1

                                      320fc202790b0ca6f65ff67e9397440c7d97eb20

                                      SHA256

                                      ee0d15dce841e092ad1a2d4346a612410f8f950fdb019bc7b768f6346f2b5248

                                      SHA512

                                      ca97e615bdcac137a936c10104a702e1529ed3470828f2c3a2f783345ebbef04cac8c051df636c714151671efea53a9b8912b6b0d0b5eafdac5fae1dfdc8f85d

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      b4a2c7fcd49b700710817f5799b96c88

                                      SHA1

                                      0877ee9c218e44637910e06d6f5e3d40d5f3e9a1

                                      SHA256

                                      8904142d61d15415f253410d96e4a388e12bb9e2f091833de9aa946ce598e4c7

                                      SHA512

                                      e75b5f98c675c518f12429dd1bb6570a974c3f9e801f8e75aa3f3c3c7341fee1f476058f2909ac12023b6ade14753f8475ddf503d7afe00a89d014d398e32a70

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      19661f2a2900abd88a15924d1f461142

                                      SHA1

                                      776d4df2701b5d3ac20d3335e454097ad66093c6

                                      SHA256

                                      c46fa13319ebfe42f6d33c5e88cac621180b7ae4efce542c2fc797c64a928c3f

                                      SHA512

                                      7e5d409cb65e40e84e57385bbf0a0560fe790a0ad9d2fcbbe5f648078d6e71463426b1ffc8a52234ada066963894e645616dfe1bf23f67765a8ecc19a2722030

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      206702161f94c5cd39fadd03f4014d98

                                      SHA1

                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                      SHA256

                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                      SHA512

                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      11KB

                                      MD5

                                      3fa0649b0cbff05a79e7cd271be05e8e

                                      SHA1

                                      495a2a32f3d3811c6ff4c687f4c3e948861b8c6b

                                      SHA256

                                      09fe544b30deb90369a64e22b613e43cb5cc7fe8d1ff075a93d361ae35b12af2

                                      SHA512

                                      01952740a66a162b913839d19ccd66f49838ed34b067783a96fcc38025eaadb740b9134a925da7089efb31abb53e378604b76e69db841c0aff55c13e433b0397

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      11KB

                                      MD5

                                      30508921c05740374b43218eb6871d0d

                                      SHA1

                                      921d88a53fb9e7c499492f5f7c39227fe3ed6e41

                                      SHA256

                                      0ede745d4ac3666adce3fc9891a44ece51ba4d7c2824ad150b50be361e3df0a4

                                      SHA512

                                      5de3f5e8011038129c87595732547ce86cd901af923c9ce7d7eb36e21a6dc7032112c37ba2e9840bfc6b19ab5288c7d2f70368c6e0fc7a90b988733f8106dbbe

                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                      Filesize

                                      944B

                                      MD5

                                      1a9fa92a4f2e2ec9e244d43a6a4f8fb9

                                      SHA1

                                      9910190edfaccece1dfcc1d92e357772f5dae8f7

                                      SHA256

                                      0ee052d5333fd5fd86bc84856fec98e045f077a7ac8051651bf7c521b9706888

                                      SHA512

                                      5d2361476fa22200e6f83883efe7dcb8c3fe7dae8d56e04e28a36e9ae1270c327b6aa161d92b239593da7661289d002c574446ecfd6bd19928209aae25e3ef64

                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hwgesp25.ypg.ps1

                                      Filesize

                                      60B

                                      MD5

                                      d17fe0a3f47be24a6453e9ef58c94641

                                      SHA1

                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                      SHA256

                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                      SHA512

                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                    • C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna200918481818110607.dll

                                      Filesize

                                      248KB

                                      MD5

                                      719d6ba1946c25aa61ce82f90d77ffd5

                                      SHA1

                                      94d2191378cac5719daecc826fc116816284c406

                                      SHA256

                                      69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44

                                      SHA512

                                      119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b

                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinSFX.exe

                                      Filesize

                                      11.7MB

                                      MD5

                                      428ffde3328ba281229a03357c965547

                                      SHA1

                                      72c6432ca8b64ac848ed2e85deeeb5ad0caaea7a

                                      SHA256

                                      9c64fd58c0b9cace7bc05861965db2cb55017d24096eebb4d1569a3b556969d4

                                      SHA512

                                      1e0f5fb54d46a4bed2776fa7e7fbb44adb3267901fe99428947a32de8b914401084b080a913a6a1e20bfaf8d769df64c7d3d9ab039fdbd0aca9b5ec1ccb2822a

                                    • C:\Users\Admin\AppData\Roaming\WinSFXConnectDevicesPlatform\WinSFX.exe

                                      Filesize

                                      8.7MB

                                      MD5

                                      506777f1d2016f6cbd053caa8d5a9bc7

                                      SHA1

                                      c44d5eaf701a900982f51d0dfcb336c6eb507395

                                      SHA256

                                      582e5bb83b7cea2fb71a1b3bbefcf18d8dda8a719e31b4da14f886d2016c97bc

                                      SHA512

                                      6891eddd1218194378e762318fca8171465b2d663afae6c96a3092433c9bec911f87965dfa9ea932a0b32e31e8b7531328b89a4226ccbc98871e09367cfdb99d

                                    • C:\Users\Admin\Downloads\Solara NEW.zip:Zone.Identifier

                                      Filesize

                                      26B

                                      MD5

                                      fbccf14d504b7b2dbcb5a5bda75bd93b

                                      SHA1

                                      d59fc84cdd5217c6cf74785703655f78da6b582b

                                      SHA256

                                      eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                      SHA512

                                      aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                    • C:\Users\Admin\Downloads\Unconfirmed 414902.crdownload

                                      Filesize

                                      6.3MB

                                      MD5

                                      1ec1ed8bb2dcea1c3f9d9f7542dbe245

                                      SHA1

                                      d65d7a2fa1895d748194f560c757113ce903f088

                                      SHA256

                                      b48e4eab11480e04415e8f202a0efccbde9f3e841b19e9399e579b63f39b60c9

                                      SHA512

                                      ebe51a8074b884d44963b7bf82ed6206d15fda297fcaf530f1811c211771732c451e2b02d623031129cd8a27d569d667b04cdcca9acdef519c9862c5e374f3b2

                                    • \??\pipe\LOCAL\crashpad_3280_OLPNAYJCSOESPGUK

                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                    • memory/240-141-0x0000000000400000-0x000000000041E000-memory.dmp

                                      Filesize

                                      120KB

                                    • memory/956-291-0x0000020576630000-0x0000020576652000-memory.dmp

                                      Filesize

                                      136KB

                                    • memory/2884-275-0x000001B52DBF0000-0x000001B52DBF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2884-310-0x000001B52DBF0000-0x000001B52DBF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2884-270-0x000001B52DBF0000-0x000001B52DBF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2884-264-0x000001B52DBF0000-0x000001B52DBF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2884-263-0x000001B52DBF0000-0x000001B52DBF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2884-262-0x000001B52DBF0000-0x000001B52DBF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2884-254-0x000001B52DBF0000-0x000001B52DBF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2884-273-0x000001B52DBF0000-0x000001B52DBF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2884-314-0x000001B52DBF0000-0x000001B52DBF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2884-318-0x000001B52DBF0000-0x000001B52DBF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2884-332-0x000001B52DBF0000-0x000001B52DBF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2884-338-0x000001B52DBF0000-0x000001B52DBF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2884-348-0x000001B52DBF0000-0x000001B52DBF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2884-204-0x000001B52DBF0000-0x000001B52DBF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2884-175-0x000001B52DBF0000-0x000001B52DBF1000-memory.dmp

                                      Filesize

                                      4KB