8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Resubmissions

26-12-2024 11:23

241226-nhhtaavjcj 8

26-12-2024 11:18

241226-nehdcatrfm 7

26-12-2024 11:16

241226-nc9ptatrdl 3

Analysis

max time kernel
398s
max time network
422s
platform
windows11-21h2_x64
resource
win11-20241007-es
resource tags

arch:x64arch:x86image:win11-20241007-eslocale:es-esos:windows11-21h2-x64systemwindows
submitted
26-12-2024 11:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

8^/10

defense_evasion discovery phishing

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 14 IoCs

pid	Process
3052	BootstrapperV2.05.exe
1188	Solara.exe
3844	BootstrapperNew.exe
5012	Bootstrapper_v2,05.exe
3376	Solara.exe
1068	Bootstrapper_v2,05.exe
3268	Solara.exe
796	Solara.exe
2372	Solara.exe
996	Solara.exe
1272	Solara.exe
4248	Solara.exe
1308	Solara.exe
3376	Solara.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs

Web Service

T1102

flow	ioc
130	pastebin.com
132	pastebin.com
3	pastebin.com
50	pastebin.com
124	pastebin.com
128	pastebin.com
134	pastebin.com
140	pastebin.com
9	pastebin.com
119	pastebin.com
122	pastebin.com
126	pastebin.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
23	api.ipify.org
70	api.ipify.org

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BootstrapperNew.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
4296	ipconfig.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133796858989423547"	chrome.exe

Modifies registry class 54 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	BootstrapperNew.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	BootstrapperNew.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	BootstrapperNew.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	BootstrapperNew.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	BootstrapperNew.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff	BootstrapperNew.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	BootstrapperNew.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	BootstrapperNew.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	BootstrapperNew.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	BootstrapperNew.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	BootstrapperNew.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	BootstrapperNew.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	BootstrapperNew.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e80922b16d365937a46956b92703aca08af0000	BootstrapperNew.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	BootstrapperNew.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	BootstrapperNew.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	BootstrapperNew.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	BootstrapperNew.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	BootstrapperNew.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	BootstrapperNew.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	BootstrapperNew.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	BootstrapperNew.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	BootstrapperNew.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3587106988-279496464-3440778474-1000\{F1A6F9FE-13C7-47D7-9004-CCC73D530148}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	BootstrapperNew.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Documents"	BootstrapperNew.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	BootstrapperNew.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	BootstrapperNew.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	BootstrapperNew.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	BootstrapperNew.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "6"	BootstrapperNew.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	BootstrapperNew.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	BootstrapperNew.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	BootstrapperNew.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	BootstrapperNew.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	BootstrapperNew.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	BootstrapperNew.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	BootstrapperNew.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	BootstrapperNew.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	BootstrapperNew.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	BootstrapperNew.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	BootstrapperNew.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	BootstrapperNew.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	BootstrapperNew.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	BootstrapperNew.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	BootstrapperNew.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000761c76aeaf18db01bef3ae98c218db019056b198c218db0114000000	BootstrapperNew.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	BootstrapperNew.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "7"	BootstrapperNew.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff	BootstrapperNew.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	BootstrapperNew.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	BootstrapperNew.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	BootstrapperNew.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	BootstrapperNew.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BootstrapperNew.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1188	Solara.exe
2500	chrome.exe
2500	chrome.exe
3376	Solara.exe
3268	Solara.exe
796	Solara.exe
2372	Solara.exe
996	Solara.exe
1272	Solara.exe
4248	Solara.exe
1308	Solara.exe
3376	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2220	WMIC.exe
Token: SeSecurityPrivilege	2220	WMIC.exe
Token: SeTakeOwnershipPrivilege	2220	WMIC.exe
Token: SeLoadDriverPrivilege	2220	WMIC.exe
Token: SeSystemProfilePrivilege	2220	WMIC.exe
Token: SeSystemtimePrivilege	2220	WMIC.exe
Token: SeProfSingleProcessPrivilege	2220	WMIC.exe
Token: SeIncBasePriorityPrivilege	2220	WMIC.exe
Token: SeCreatePagefilePrivilege	2220	WMIC.exe
Token: SeBackupPrivilege	2220	WMIC.exe
Token: SeRestorePrivilege	2220	WMIC.exe
Token: SeShutdownPrivilege	2220	WMIC.exe
Token: SeDebugPrivilege	2220	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2220	WMIC.exe
Token: SeRemoteShutdownPrivilege	2220	WMIC.exe
Token: SeUndockPrivilege	2220	WMIC.exe
Token: SeManageVolumePrivilege	2220	WMIC.exe
Token: 33	2220	WMIC.exe
Token: 34	2220	WMIC.exe
Token: 35	2220	WMIC.exe
Token: 36	2220	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2220	WMIC.exe
Token: SeSecurityPrivilege	2220	WMIC.exe
Token: SeTakeOwnershipPrivilege	2220	WMIC.exe
Token: SeLoadDriverPrivilege	2220	WMIC.exe
Token: SeSystemProfilePrivilege	2220	WMIC.exe
Token: SeSystemtimePrivilege	2220	WMIC.exe
Token: SeProfSingleProcessPrivilege	2220	WMIC.exe
Token: SeIncBasePriorityPrivilege	2220	WMIC.exe
Token: SeCreatePagefilePrivilege	2220	WMIC.exe
Token: SeBackupPrivilege	2220	WMIC.exe
Token: SeRestorePrivilege	2220	WMIC.exe
Token: SeShutdownPrivilege	2220	WMIC.exe
Token: SeDebugPrivilege	2220	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2220	WMIC.exe
Token: SeRemoteShutdownPrivilege	2220	WMIC.exe
Token: SeUndockPrivilege	2220	WMIC.exe
Token: SeManageVolumePrivilege	2220	WMIC.exe
Token: 33	2220	WMIC.exe
Token: 34	2220	WMIC.exe
Token: 35	2220	WMIC.exe
Token: 36	2220	WMIC.exe
Token: SeDebugPrivilege	2728	Bootstrapper.exe
Token: SeDebugPrivilege	3052	BootstrapperV2.05.exe
Token: SeDebugPrivilege	1188	Solara.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3844	BootstrapperNew.exe
3844	BootstrapperNew.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 3316	2728	Bootstrapper.exe	79
PID 2728 wrote to memory of 3316	2728	Bootstrapper.exe	79
PID 3316 wrote to memory of 4296	3316	cmd.exe	81
PID 3316 wrote to memory of 4296	3316	cmd.exe	81
PID 2728 wrote to memory of 2736	2728	Bootstrapper.exe	82
PID 2728 wrote to memory of 2736	2728	Bootstrapper.exe	82
PID 2736 wrote to memory of 2220	2736	cmd.exe	84
PID 2736 wrote to memory of 2220	2736	cmd.exe	84
PID 2728 wrote to memory of 3052	2728	Bootstrapper.exe	86
PID 2728 wrote to memory of 3052	2728	Bootstrapper.exe	86
PID 3052 wrote to memory of 1188	3052	BootstrapperV2.05.exe	87
PID 3052 wrote to memory of 1188	3052	BootstrapperV2.05.exe	87
PID 2500 wrote to memory of 2996	2500	chrome.exe	96
PID 2500 wrote to memory of 2996	2500	chrome.exe	96
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 2976	2500	chrome.exe	97
PID 2500 wrote to memory of 1068	2500	chrome.exe	98
PID 2500 wrote to memory of 1068	2500	chrome.exe	98
PID 2500 wrote to memory of 1748	2500	chrome.exe	99
PID 2500 wrote to memory of 1748	2500	chrome.exe	99
PID 2500 wrote to memory of 1748	2500	chrome.exe	99
PID 2500 wrote to memory of 1748	2500	chrome.exe	99
PID 2500 wrote to memory of 1748	2500	chrome.exe	99
PID 2500 wrote to memory of 1748	2500	chrome.exe	99
PID 2500 wrote to memory of 1748	2500	chrome.exe	99
PID 2500 wrote to memory of 1748	2500	chrome.exe	99
PID 2500 wrote to memory of 1748	2500	chrome.exe	99
PID 2500 wrote to memory of 1748	2500	chrome.exe	99
PID 2500 wrote to memory of 1748	2500	chrome.exe	99
PID 2500 wrote to memory of 1748	2500	chrome.exe	99
PID 2500 wrote to memory of 1748	2500	chrome.exe	99
PID 2500 wrote to memory of 1748	2500	chrome.exe	99
PID 2500 wrote to memory of 1748	2500	chrome.exe	99
PID 2500 wrote to memory of 1748	2500	chrome.exe	99
PID 2500 wrote to memory of 1748	2500	chrome.exe	99
PID 2500 wrote to memory of 1748	2500	chrome.exe	99

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3316
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:4296
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2220
- C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.05.exe
  "C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.05.exe" --oldBootstrapper "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe" --isUpdate true
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\ProgramData\Solara\Solara.exe
    "C:\ProgramData\Solara\Solara.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1188

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5d05cc40,0x7ffa5d05cc4c,0x7ffa5d05cc58
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1776,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1772 /prefetch:2
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4704,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5016,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4984,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4684,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:2
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4552,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3312,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5204,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4944,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5368,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5000,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4796,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5280,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3456,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:8
  2⤵
  PID:248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4644,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5908,i,6008692604933672409,12946029613664794824,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4684
- C:\Users\Admin\Downloads\BootstrapperNew.exe
  "C:\Users\Admin\Downloads\BootstrapperNew.exe"
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3844
- - C:\Users\Admin\Downloads\Bootstrapper_v2,05.exe
    "C:\Users\Admin\Downloads\Bootstrapper_v2,05.exe"
    3⤵
    - Executes dropped EXE
    PID:5012
  - - C:\Users\Admin\Desktop\solara\Solara\Solara.exe
      "C:\Users\Admin\Desktop\solara\Solara\Solara.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:3376

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:916

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2912

C:\Users\Admin\Downloads\Bootstrapper_v2,05.exe
"C:\Users\Admin\Downloads\Bootstrapper_v2,05.exe"
1⤵
- Executes dropped EXE
PID:1068
- C:\Users\Admin\Desktop\solara\Solara\Solara.exe
  "C:\Users\Admin\Desktop\solara\Solara\Solara.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3268

C:\Users\Admin\Desktop\solara\Solara\Solara.exe
"C:\Users\Admin\Desktop\solara\Solara\Solara.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:796

C:\Users\Admin\Desktop\solara\Solara\Solara.exe
"C:\Users\Admin\Desktop\solara\Solara\Solara.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2372

C:\Users\Admin\Desktop\solara\Solara\Solara.exe
"C:\Users\Admin\Desktop\solara\Solara\Solara.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:996

C:\Users\Admin\Desktop\solara\Solara\Solara.exe
"C:\Users\Admin\Desktop\solara\Solara\Solara.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1272

C:\Users\Admin\Desktop\solara\Solara\Solara.exe
"C:\Users\Admin\Desktop\solara\Solara\Solara.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4248

C:\Users\Admin\Desktop\solara\Solara\Solara.exe
"C:\Users\Admin\Desktop\solara\Solara\Solara.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1308

C:\Users\Admin\Desktop\solara\Solara\Solara.exe
"C:\Users\Admin\Desktop\solara\Solara\Solara.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9ea5f9e16769255ea41cf0a870f652e6

SHA1
fbd4ebe006e9d3e78d0291902d40b58f06eacc65

SHA256
60d6a684f3c2602f21207f21765649ad5d662b2410c8dd195253b735d3e1051b

SHA512
6da062e14664ee948a7dc16619bda43c30aeb27ad03069c4eef96c15f941dda9b1b9d8acb9c8b4c03dfb79351111562bd84574646689fa1b0fcbd1f836ffa3f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
2e56f1228541efc3d269d6428f498ac7

SHA1
3f018eea9a8648f16deb9294955f9c71531d5943

SHA256
a6ed2440aed51cd471a44e498661a4bd671edfefacac951b2ff02b4645395ad7

SHA512
07defeb013e414a2de6576371df0d621d5b86c797bb7a6ba34479daef0637d5d1127478401a8d8f50cf07f3957b02059faa896305258e00af8e94706c5218bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
9632272a09c781ed852424d6790fd712

SHA1
568f915c5e1b5c364dc7dffa217f48a0ce184925

SHA256
75e65ebe191d7467822faf2cf359a0affbd2cb109cfb70156531e7fd0d86b564

SHA512
b4277745867331049a3860d4f8c20055571f39722a764c669f593076502f30ae9b2366d0a771fc0c1ea5e8dd2f226378962497ef1f1566bd31ad10dcc53494d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
25c6a084586b7d43d65079dbe8cc211d

SHA1
acbeb7ca75e194fc29f46447bd9e710e18e82a47

SHA256
7d292b7efab59a08d055af9e47dd3513be2684e654487950efde97455abf4538

SHA512
06a8502ecb8dba51502d636c3aa5d30860d2f07d44f636abab20383943767d6438e15fa18867155ff87da9f96b3a892bfbcc8e8154371c0bda9209997b54a8a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7c46b8a47f523c1c76ce9524ac4000bd

SHA1
0074e571f27e32d42136152adb0b653b17d8219e

SHA256
a453c7ac0e47ffbdeae151d15f28eb18e0b9569c75b1085c554475820f50ab1a

SHA512
46da7ce7a4658716a1dcd5fc6f6f0a0a86529136090db4cb19a7a391712314b6a125a78993cd717f30cf276828b19c78d0925a0094b683941ef01d52954634b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
e551c8556c26a2a1fd36d0547725dcf4

SHA1
6975bba2d8bad0a119eb48191aff386156560f8c

SHA256
7f54e043cac7899ab1e868a7f1230dee86e907821c144ff3b4e6c1199f9c249f

SHA512
565f58ac2a5f827a6ada910be6eae1691345afad560877265f00d8da7a199b26b2d747fa648427468d15fd730098d64fe4d32367efcea1973d54ab832906eff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
34b07718dfd4bc57eaed78a84a357183

SHA1
ddce4852fd295fb19067450ca866a5956517b3ab

SHA256
fcb014bd18f99beade9ff1df1a7d64df6842481eb95e3496649c0e54dce7480a

SHA512
dc4acc8946a19de37d1844432b52bc482f55dc2d5d1b292bd03eff9cb7d167769e1c6574d1f6e5bd36197af9104444f3ca4d07ddfd1fd28e14aa7a21bee9d23c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f11cd73f173bbc98f75f63c29325b7a

SHA1
337cbbba2b444ea689a55dae9a7740ecc84a12f4

SHA256
65cdd0d9f418d204f93fe430109cdb53c275801cc9d4282d1f14a2e1e18cda8d

SHA512
0ae082c2ece43ea1070bc38dece8b089a72f922aad554615bddc59b684147c695a1119149a2577eb8701941a11bcc01796d02e0aa2b4ac8d161e63ff3dd4c70a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
308a9ea61fde358211c60438df880fdf

SHA1
d96c3dc366c2272d1464c146c89009d4d6b617fe

SHA256
b778a084934dd3b77c9062a637f02a45aedb68fc62275220e8bed1c70cc06cf1

SHA512
149cf514d5ba327fe25a13d525d90034228e837a9dd690468ded1acedc8ac64b93c1f218ff4e8fa699459665ad6a8127591e5aab813b6723794026144c3beda7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab22d20b4c528db6064ef1259c2af4c7

SHA1
dec4be687e45f18224cdc981773cf5dbbe74d717

SHA256
fa12933c5217d3d6d2c157658216632b7f9766cab3a33583f04d2555332f2509

SHA512
d624e34e2d5957d5d7a223351b7dc5a3442826aec89c07d74bf3c87b0150f4374790fbf209cb08405c0f7a3cbaa015d0ab33ad00a7136047a2c45c454825980a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3cc71628a612125e19933cc835e32e6b

SHA1
aa6689777ab9e63384635533502d8582691604e6

SHA256
3e5805b9d8a75042eb97d0eac86048f7980b712714e68e808e49556c74000e40

SHA512
930b8536d6ca53f1d2bf043efa199c0b430a929105797caaf6c8bece2fec85f8cf1a341907202fb13e5b62b6ac5d0a26c108e280c221575834ba1eaf5d0c6493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5512d643d4cf013365a01eacb370f2c7

SHA1
a8f8089a9401270bfa3eee6ebb73370c7f7e4226

SHA256
48cdd49445da52271c826ccaf411f4aa152ab95e6d0772e03fdd1079301ba02d

SHA512
1ef6932e4b0f853b4b0621dbf1d5f6c777a635ca1b55a96c5c1382857f323128ed38615df328b53caf444a37d7f463cb3dea8ab03ad4bb24bd3d64c0b00ef5cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
dee32fe96d98ecf8bf3835bf6a2b4a83

SHA1
c84270742e0a4eda745e1fa8ac9e8cf1459e8973

SHA256
3a6215aaf4a7b1c203aa5ae1845d953689d2910d1cae8f2c16a95de708a5910d

SHA512
3667842daffeda73cb897159e9f746d42b146eef4c3053e9388856fdda81db52e2f6333c6a4f7a2a34ed4ef1e70a3276d4c8ede58f268ea787d282213c0a8a33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ac59321edbb755587280900d4fb90d77

SHA1
3a63dcd1214e48762049993288cfa62660f99886

SHA256
12fbb766700998a91aa438ab4d831e91710842305baaa0ace52cee2fdd9b77c3

SHA512
6fee94481d54afd3f96b3cefaeb671ba3a951a6e96b0ae6d6651c0bc6acb5974437c42be5bb8e1ba96874c036f110c2d4f73c7986d5fa148883f189acd42f97c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
aa26efb316e47648a8ede782d033c6d8

SHA1
2c1bb7c3442ec89b6492a69a19a4d9217f0f2ec0

SHA256
ee2daa7c901627b2402cce4f477507cd68f6d75572eb7dd82fba9c83f978b90f

SHA512
a37d2d4d7e68214ea3fcdf24239ab4f8d221ce8ce1961307107c903289c68eec87666eaf19dbc79d954ebba2a170cb3a48f12da25931f3a3c734c5d68eef6576

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
bb80b6e39639675b8f32eff74b3ba35f

SHA1
c8931818e0d343f8dcf28b46ce2500d2e1894357

SHA256
7fcbac3a3ce767b6b7ba8b342c6c2bb0ec5cd81495c7c52db18edc12d4673c73

SHA512
d74441d7f2bc244f09ed2ade168bf7894e91369ddc39155a520641fbbaa559fe0ba40678a6c33913a2ffdbde1ee294cc9178ed68c922de1070eb379cf21f7289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
ea24525eefc061c55d3a73b167fc71e3

SHA1
92fa53ade1a4f916063455a77351d03857c0d577

SHA256
76b4071cd3a8334430e3bcd919a95f46f15933d0cd76d6c58775ae486265f1fd

SHA512
b157aca23a3d177799bae59da43ce803456676f49ce385d6871bb4dc23ea40a8a101779688d291f836c17dc925859ccadc0117577bd1ff749994c9711738b0ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
cd472f863eb89aabe45615023eff528f

SHA1
2d6fe256bdfc2587da26916da5b93b2f47789d0c

SHA256
272ed004119b1cc8a081fb2b222e6380d27b3b49cbfc2959f0c9e7cedc74febc

SHA512
16c5606bf560a67ed64165d5bddcdcf190de642fb5b7e6ce1c62bba09955b5d7ff295d86d9bdcec96e5bde661de6f29ef99e8199ba21db500137eabc26df1afd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Bootstrapper_v2,05.exe.log

Filesize
3KB

MD5
5733c3b9a719d2ded8760ccebeffd150

SHA1
971d77338f9745f1977f5593878cd74f70680a68

SHA256
5b18dcba1a77565d3d2fae4b2a5f5692dc12fa02844959ed93f7e5a0982824ab

SHA512
3fd0ccd54213024bdf945dd058a8cef0cb0291982a7248fb9f02acc31d4e1904ceb1eff1285a0a9f4608b578adf198e8209c201fa35f24461f05349a6b3a93a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.05.exe

Filesize
2.8MB

MD5
241706a4b2aa26c47eb1dbadf12eba14

SHA1
e46f254c6c29bf9371f04b7a27fb1569a7dbba23

SHA256
11b86e51f1f67bc7d59a881aa9cbbb5519c118ea74291476ff61fb9ddbff454e

SHA512
2e876573e2f44491bfe0cc915910f66d030c5e013f36d72e460603480f292bf6f4c5625cebeba47a9ea4fc564e776c656f74c5d7032ea0340de3840db8fe49ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2500_514937045\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2500_514937045\bc4fabe7-81f9-4703-9f88-bbb932dde15e.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\Desktop\solara\Solara\bin\path.txt

Filesize
25B

MD5
a07b495c4f2cf418c610f373e05cf3c5

SHA1
62440eae8c3749722a4a2d7a118b578fcd2bee62

SHA256
f0d93e3a408559e40649c7e367e1c51012b7caa80424ce8e9b46a17898de5586

SHA512
816f7466c11372ff6ce1da7331abca7e44af6a6bb67112c6600cfb0c29f4fd84102aa1ee18c5d79608ccea56ac672c8c86b01c4cfefeba5364d31212f8f3952b

Download Submit
C:\Users\Admin\Desktop\solara\Solara\bin\version.txt

Filesize
5B

MD5
37aa1f84af14327f56844e2a6e046b8e

SHA1
4ab41557ec631ee3866c62a76f31339f95da5c40

SHA256
800febbfd5e51c2df3529c3dbd5ac3216cb3485be40ec10c9f9168382c4bfcd9

SHA512
ef7237d3f954790262bd73f129fda3db2fa7c3b4f9eb827d46d38a033c3198ed1e4921374a9d66a523de7d13bc5754e462b69dab93d7e62827453b0d813ba7de

Download Submit
C:\Users\Admin\Downloads\BootstrapperNew.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\CONFIG

Filesize
127B

MD5
41aa26f4c1e5b7db80d9c86f07dbb66c

SHA1
9b524e1bf6cb6efa7631055b936a372b81c1ebed

SHA256
279fcba5d0c338d57b39a30f094d65af8c192e6c4f6edbb4ebfead159f07eff7

SHA512
49e7a59b8d1d6fbb262c25036e0d7596227bfe400f6fdbd949d6ec5f8a5c6bc213e083f27b07f743d661bbb7580eeb64862f9a7af40e85b04b4245d269616c40

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 583891.crdownload

Filesize
2.8MB

MD5
be4da425d9b7593e358ffbfca29f9c70

SHA1
dc98530aad9728d779866ae957a738c52b13a565

SHA256
c5277ddb6e51181d2b8bad59acf5f2badf5613b1e73384a84b793f720aa76c0d

SHA512
35790944f5855038f8357c0f6d11ea81b260632e590c26f9342e8beb1a8dfd2e3eb9efa11f8378f8542cad45e7675af3d29cf27424accf35aaa6aeb34487155b

Download Submit
memory/1188-461-0x0000019AB8690000-0x0000019AB8742000-memory.dmp

Filesize
712KB

Download
memory/1188-459-0x0000019AB85D0000-0x0000019AB868A000-memory.dmp

Filesize
744KB

Download
memory/1188-458-0x0000019AB8A50000-0x0000019AB8F8C000-memory.dmp

Filesize
5.2MB

Download
memory/1188-456-0x0000019A9DD00000-0x0000019A9DD24000-memory.dmp

Filesize
144KB

Download
memory/1188-462-0x0000019A9FBA0000-0x0000019A9FBB4000-memory.dmp

Filesize
80KB

Download
memory/2728-19-0x00007FFA5C860000-0x00007FFA5D322000-memory.dmp

Filesize
10.8MB

Download
memory/2728-0-0x00007FFA5C863000-0x00007FFA5C865000-memory.dmp

Filesize
8KB

Download
memory/2728-1-0x000002CBEB820000-0x000002CBEB8EE000-memory.dmp

Filesize
824KB

Download
memory/2728-2-0x00007FFA5C860000-0x00007FFA5D322000-memory.dmp

Filesize
10.8MB

Download
memory/2728-4-0x000002CBEDDF0000-0x000002CBEDE30000-memory.dmp

Filesize
256KB

Download
memory/2728-5-0x000002CBEDE30000-0x000002CBEDE52000-memory.dmp

Filesize
136KB

Download
memory/3052-36-0x00000245AFAE0000-0x00000245AFAFE000-memory.dmp

Filesize
120KB

Download
memory/3052-22-0x00000245E3DD0000-0x00000245E3DF0000-memory.dmp

Filesize
128KB

Download
memory/3052-30-0x00000245E4400000-0x00000245E440A000-memory.dmp

Filesize
40KB

Download
memory/3052-29-0x00000245E4420000-0x00000245E4436000-memory.dmp

Filesize
88KB

Download
memory/3052-28-0x00000245E4410000-0x00000245E4418000-memory.dmp

Filesize
32KB

Download
memory/3052-27-0x00000245E4390000-0x00000245E43B8000-memory.dmp

Filesize
160KB

Download
memory/3052-26-0x00000245E3DF0000-0x00000245E3DFA000-memory.dmp

Filesize
40KB

Download
memory/3052-25-0x00000245E4A50000-0x00000245E4B50000-memory.dmp

Filesize
1024KB

Download
memory/3052-24-0x00000245E3DC0000-0x00000245E3DCE000-memory.dmp

Filesize
56KB

Download
memory/3052-23-0x00000245E43C0000-0x00000245E43F8000-memory.dmp

Filesize
224KB

Download
memory/3052-40-0x0000024600080000-0x0000024600092000-memory.dmp

Filesize
72KB

Download
memory/3052-31-0x00000245E4380000-0x00000245E438A000-memory.dmp

Filesize
40KB

Download
memory/3052-21-0x00000245E3DA0000-0x00000245E3DA8000-memory.dmp

Filesize
32KB

Download
memory/3052-20-0x00000245C7AA0000-0x00000245C7AB0000-memory.dmp

Filesize
64KB

Download
memory/3052-32-0x00000245E4B50000-0x00000245E4B58000-memory.dmp

Filesize
32KB

Download
memory/3052-18-0x00000245C5990000-0x00000245C5C6A000-memory.dmp

Filesize
2.9MB

Download
memory/3052-39-0x0000024600170000-0x0000024600272000-memory.dmp

Filesize
1.0MB

Download
memory/3052-37-0x0000024600010000-0x000002460001A000-memory.dmp

Filesize
40KB

Download
memory/3052-34-0x00000245B7E20000-0x00000245B7ED2000-memory.dmp

Filesize
712KB

Download
memory/3844-1308-0x00000200E6E60000-0x00000200E6E80000-memory.dmp

Filesize
128KB

Download
memory/3844-1307-0x00000200DEC10000-0x00000200DEC9A000-memory.dmp

Filesize
552KB

Download
memory/3844-1171-0x00000200F48C0000-0x00000200F4B9A000-memory.dmp

Filesize
2.9MB

Download