516f60793ed593751f3f8bef379430e7f19682985dc798a7535c2bbc412399de

Analysis

max time kernel
178s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 04:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bus.wav
Size

21.6MB
MD5

e0f47a26ec369970094ee98e3c987e18
SHA1

699b7d42da4435f92aaa4270edd5ac3e89248635
SHA256

516f60793ed593751f3f8bef379430e7f19682985dc798a7535c2bbc412399de
SHA512

5660babc5bfbe91cdecd6403353b997abf5ee3e1e57933283436954532f39125d396467adf8cc084f443c24b5bf47792522e3df6fc7bd634f0447cd6e998b129
SSDEEP

393216:x8dNr8r9VJgVgkz0VAlkTGueYLLHl+CW1bW7V4+l8X+vZw6gvJcCHXGdMg0EQ:xE2VkgNAqTVLLHYCW1be428X+vP6JxHB

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

SolaraBootstrapper.exeSolaraBootstrapper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	SolaraBootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	SolaraBootstrapper.exe

Executes dropped EXE 4 IoCs

Processes:

SolaraBootstrapper.execd57e4c171d6e8f5ea8b8f824a6a7316.exeSolaraBootstrapper.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

pid process

1208 SolaraBootstrapper.exe
5024 cd57e4c171d6e8f5ea8b8f824a6a7316.exe
64 SolaraBootstrapper.exe
4924 cd57e4c171d6e8f5ea8b8f824a6a7316.exe

pid	process
1208	SolaraBootstrapper.exe
5024	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
64	SolaraBootstrapper.exe
4924	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Loads dropped DLL 10 IoCs

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

pid	process
5024	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5024	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5024	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5024	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5024	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
4924	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
4924	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
4924	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
4924	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
4924	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Themida packer 7 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll	themida
behavioral2/memory/5024-1972-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral2/memory/5024-1997-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral2/memory/4924-2017-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral2/memory/4924-2027-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral2/memory/4924-2028-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral2/memory/4924-2029-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

unregmp2.exe

description	ioc	process
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

Processes:

flow	ioc
98	raw.githubusercontent.com
127	raw.githubusercontent.com
122	raw.githubusercontent.com
125	raw.githubusercontent.com
128	raw.githubusercontent.com
93	raw.githubusercontent.com
94	raw.githubusercontent.com
97	raw.githubusercontent.com
120	raw.githubusercontent.com

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

pid process

5024 cd57e4c171d6e8f5ea8b8f824a6a7316.exe
4924 cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133641971183082444"	chrome.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

Processes:

chrome.exechrome.exeSolaraBootstrapper.execd57e4c171d6e8f5ea8b8f824a6a7316.exeSolaraBootstrapper.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

pid	process
4064	chrome.exe
4064	chrome.exe
1568	chrome.exe
1568	chrome.exe
1208	SolaraBootstrapper.exe
1208	SolaraBootstrapper.exe
5024	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5024	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5024	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5024	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5024	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5024	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5024	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5024	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
64	SolaraBootstrapper.exe
64	SolaraBootstrapper.exe
4924	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
4924	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
4924	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4064 chrome.exe
4064 chrome.exe
4064 chrome.exe
4064 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

unregmp2.exechrome.exe

description	pid	process
Token: SeShutdownPrivilege	2968	unregmp2.exe
Token: SeCreatePagefilePrivilege	2968	unregmp2.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

chrome.exe

pid	process
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

wmplayer.exeunregmp2.exechrome.exe

description	pid	process	target process
PID 4980 wrote to memory of 4704	4980	wmplayer.exe	setup_wm.exe
PID 4980 wrote to memory of 4704	4980	wmplayer.exe	setup_wm.exe
PID 4980 wrote to memory of 4704	4980	wmplayer.exe	setup_wm.exe
PID 4980 wrote to memory of 3340	4980	wmplayer.exe	unregmp2.exe
PID 4980 wrote to memory of 3340	4980	wmplayer.exe	unregmp2.exe
PID 4980 wrote to memory of 3340	4980	wmplayer.exe	unregmp2.exe
PID 3340 wrote to memory of 2968	3340	unregmp2.exe	unregmp2.exe
PID 3340 wrote to memory of 2968	3340	unregmp2.exe	unregmp2.exe
PID 4064 wrote to memory of 4100	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 4100	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 1040	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 4392	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 4392	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe
PID 4064 wrote to memory of 3488	4064	chrome.exe	chrome.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\bus.wav"
1⤵
- Suspicious use of WriteProcessMemory
PID:4980

C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\bus.wav"
2⤵
PID:4704

C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
2⤵
- Suspicious use of WriteProcessMemory
PID:3340

C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
3⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:2968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4092,i,14221647728265121051,6840906015709541562,262144 --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:8
1⤵
PID:456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff434bab58,0x7fff434bab68,0x7fff434bab78
2⤵
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:2
2⤵
PID:1040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:4392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:3488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:1
2⤵
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:1
2⤵
PID:4540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3616 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:1
2⤵
PID:4256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:2952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4768 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:2688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4684 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:1
2⤵
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:2376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3184 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:1688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3168 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:4380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4416 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:3588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4820 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:3476

C:\Users\Admin\Downloads\SolaraBootstrapper.exe
"C:\Users\Admin\Downloads\SolaraBootstrapper.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1208

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1136 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:4272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2004 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:1944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:1028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5060 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:4056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5556 --field-trial-handle=2120,i,13977566859641117413,9988947011963012608,131072 /prefetch:8
2⤵
PID:2884

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3340

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4880

C:\Users\Admin\Downloads\SolaraBootstrapper.exe
"C:\Users\Admin\Downloads\SolaraBootstrapper.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:64

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:4924

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
f3e688c30dd1c7ff94d713059b12791f

SHA1
90d98d3d442b924edb50b5df71f431bfb8ac5b40

SHA256
8a6b9b6ebfd286940c2b506ceb3010e95a4526f1398297294d354b20a8e31c8f

SHA512
437c4816b2942f037935a5e26a68d185b423e9206a5cd964ed49dcc310eca5e82e150248a309058d45887ac7c4dc83ab6898f6282f37b92d2bea833a9132a62f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
603967282324bc744340245491b995b4

SHA1
ce18685229d95c8b2ddd3a9abc8eead3e1f9f9cc

SHA256
a55521fbb3b1e9eb96e0c7dcb3bc2f5d0710e809ddcd718896364f3677e1e331

SHA512
34b2eaa95ac415789484b11e69d7e7e00c52c7c81a72e4ceadc78be15f9ffc2042b1b614667e60e2e9a840faa07fed2efbd877e7776783787693281d24c48529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
b8d5eece086bd2b457aa0269d7e94c3b

SHA1
bb940907d0d678a10e1b6ea93bbfa8d61557c8b2

SHA256
358996fd237a7c74db08f82d03da7e19592479b0b60daed1eb9c32602d604d89

SHA512
a2d53bca3d1a387a63376089212a8609b1f9866aeef26a021fc56560b09299ebaa6c431d3b4fbd5faba64af542db450512a46b666c4b3515ab926ce65a8bf618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
8fffb36140f92b5ccbeef810e3970c64

SHA1
de8ff634996a026df9d449f3525c3c731403de76

SHA256
22aa7a8d6217b2635c7e7d334f662e43284e77c0d3e7aabde0ec52defbffb6bb

SHA512
ba5a219437965953df0b9cfcbeb032bfaa82f1ee12a9cfa6c15c5af50d9ad6ff03ce2545a2224397fbeca3fef57b4c27336eb7052065001b703ede350349df50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
5d6b453632c425844f672d7025817588

SHA1
6de194ab8de86015b0db52e4da6ddf22db614562

SHA256
0d6ea5bb13154a05494088ddbe1cfdff3da4202818641df9259e62cbd3dbc25b

SHA512
d8d78db201b434a391b8172fced862767153f13eee6c9b56fc1ae223f257de06116c999e8500c951231f7bc1fd57359236c71fc273819ce0a8d968a02aa58886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
42678ce078a676b5e24ee9fc50b14f6b

SHA1
d22c6c25a179d352de5291d22926257a9d83dc86

SHA256
729af206fe284fc80d83a9828a5dd489a65367f8961b31bdd3a68ff7eafbc406

SHA512
498746e8a5d534f7613576f437e5798b2b8f4bf64162c27ddf244a5982d21b7eabd8fa65f31e5553273fbc6fcc36db7f6cf77fd3ad8a9bd5975b90d52f794865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
38c85ce0afd2275bca9eabceeb82771a

SHA1
5f780a93be9f30603d5b5fb5090d287185c4cd2d

SHA256
be4ca454b4f890ac9932b2377746dcbf9cb26c6ae698bcf1928c8e9b53e26ff5

SHA512
e5803a5bc7b3f4e9fc79cee8a312ef4b3be56f241781e3c8388be95144ae1c6d81d26f6a2867c62c972ca707a3c386b48e282114aa4d77abd1cbc9a54ee3a7fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1eccec16ad6d93f9b19bc550290997ad

SHA1
434dd74b39f5a3ad22d9bcbb29924f403f260fe5

SHA256
5187912266bad8d19576ad62570985a41f3a25ca1fbda55687ed486884b899b0

SHA512
336d03f7160ca2bc045ca64624f18911cbb6c1ebfdab48886dbae41af61c023726e8e2e01308b89775956491afc7dd817a7ad89fb780fe12356f57f7cb9da6a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
bf3b28b5dc78a541dc092f9b6476c403

SHA1
892865cb38585e843f39906febfb39a95f1b42bc

SHA256
d534ed3f23cb91d1900dcdd147f1b87984013f3988b999cd1faec60a918d3a6c

SHA512
e71b3271efbcb97f5c8a3c6bdc864552e99578d501f61730f90144055564b878fc43acb5e2b357058ea8e1afd5cace97837aeeb1ccb5309c3fa740fce07aad61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1b7fe6f1d0968e0c11a664383d94478e

SHA1
c199f75066559186c40797450e3d2775efb53d04

SHA256
6e3f5373844f03e989e892d65a656de738b0103d96c7bed7af3c37d1fa7670c4

SHA512
99a6e0363b54cae7b107605d824552e700bd4dd7e86236a69f3d5a59a7695127eb0ed523071d6e60818cbdbb2a8fbf08178263d9ddc44198668f3c00d34787b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
2f12789c28b588680a1257043f11d220

SHA1
8e428ea3376ea0915d19474b257c201f4f37fe46

SHA256
b6bc914b6b4924a99e300708483cfa4b23db1658f7c8093228dae3396bb7c630

SHA512
362a99276ec62a415d219ece9a822c47693f182451a587f3720fb3f5f33564a2ae8ecb6d004632451a61f171091c9dc4cc856b94b09ec6bc01d2ba250ed9eee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
204141360ab078eb3798f650904557f0

SHA1
7ec96a5f335780443b9290a75f155ea1f8692e5c

SHA256
74bc5f3db20a5cc92b1eae292edada3c021ebcda80ea2bad41a696270bfd2444

SHA512
b59667137ddb2696ff492aaa2f78d5325ca46acdd0d80f3d7cd1fd436574c21b8ea58eed79733f91e2876d9e2c5981fdcfbdf01859210a28a3bcf4aacd807c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
272KB

MD5
a4291a442f624bc1b0536497230c1dd2

SHA1
64e4743b44d8f70410ccd6f56031ae65ffce8f99

SHA256
d04c4e34ec7dfcbbd56a4f28372ad925380f8dd37b8d583d6c577cb64f092584

SHA512
bda723603fa6231e6cdeadf713f166777bb09b8c88f8ee262cdb8818d279a2334a43f077ea35076adf3164c4db3d3ab72c589cb9485dff2f0f39be8da70111ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
e1c34045f28e9ad53c8d553a5c52fffa

SHA1
4ce19977c462bc0ba32268a98c128c74ff1c2827

SHA256
c8b0b012dbc78fc9a0aedfc503d365ed6bc4e37f82f147018aa7d11618274218

SHA512
8ed0468b53056220f9e7dc10746021d8fe7df1700bfaf29991a4ef2516a6f9808421688276fa8f87bf3a8ede4689b3977c7b0e0b7a49c5f74ec4745ffa998192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58ef2d.TMP
Filesize
89KB

MD5
314919b186d296ca91b77ddf05abc49b

SHA1
f31766ab29f39a35647a9b5e59db33efd7df7b41

SHA256
38fef7ea1b6b6398f7059ce6f4c55d34deb14368811bffbfffe9e08969e1db5c

SHA512
64cb956dcc0247d1fb9401fa4f14bc6e3aff6599a6b629a0a5e2a69cd9be7c1ad2ccb40be599c404cb6123c0d897bd4ad08e834fece253f6f53accc9042b1a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SolaraBootstrapper.exe.log
Filesize
1KB

MD5
d76ce66bbfab518b30bcb3a830f64c43

SHA1
1b9b1bffa29afff9168964ea3ffdc7fbca1edd1d

SHA256
8b07738c3c9471baeb55c105c2b8a89af24192952930fe0335d939ec95d6db3e

SHA512
7edcc8e20a4fcce906ae2958594a7813b574cde139a37f4da1ee94fc2c81b9d32df63b9f73c1446bc4fb2cefea9069e6e3ff536305145844fac22214e9a0453c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
Filesize
64KB

MD5
987a07b978cfe12e4ce45e513ef86619

SHA1
22eec9a9b2e83ad33bedc59e3205f86590b7d40c

SHA256
f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8

SHA512
39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
Filesize
488KB

MD5
851fee9a41856b588847cf8272645f58

SHA1
ee185a1ff257c86eb19d30a191bf0695d5ac72a1

SHA256
5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

SHA512
cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dll
Filesize
37KB

MD5
4cf94ffa50fd9bdc0bb93cceaede0629

SHA1
3e30eca720f4c2a708ec53fd7f1ba9e778b4f95f

SHA256
50b2e46c99076f6fa9c33e0a98f0fe3a2809a7c647bb509066e58f4c7685d7e6

SHA512
dc400518ef2f68920d90f1ce66fbb8f4dde2294e0efeecd3d9329aa7a66e1ab53487b120e13e15f227ea51784f90208c72d7fbfa9330d9b71dd9a1a727d11f98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
Filesize
43KB

MD5
34ec990ed346ec6a4f14841b12280c20

SHA1
6587164274a1ae7f47bdb9d71d066b83241576f0

SHA256
1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

SHA512
b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
Filesize
139B

MD5
d0104f79f0b4f03bbcd3b287fa04cf8c

SHA1
54f9d7adf8943cb07f821435bb269eb4ba40ccc2

SHA256
997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

SHA512
daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
Filesize
43B

MD5
c28b0fe9be6e306cc2ad30fe00e3db10

SHA1
af79c81bd61c9a937fca18425dd84cdf8317c8b9

SHA256
0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

SHA512
e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
Filesize
1KB

MD5
13babc4f212ce635d68da544339c962b

SHA1
4881ad2ec8eb2470a7049421047c6d076f48f1de

SHA256
bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

SHA512
40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Newtonsoft.Json.dll
Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll
Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt
Filesize
25B

MD5
a07b495c4f2cf418c610f373e05cf3c5

SHA1
62440eae8c3749722a4a2d7a118b578fcd2bee62

SHA256
f0d93e3a408559e40649c7e367e1c51012b7caa80424ce8e9b46a17898de5586

SHA512
816f7466c11372ff6ce1da7331abca7e44af6a6bb67112c6600cfb0c29f4fd84102aa1ee18c5d79608ccea56ac672c8c86b01c4cfefeba5364d31212f8f3952b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\version.txt
Filesize
4B

MD5
cc66ef3d68ab434d32f6635d0e0d846a

SHA1
44763db1d213de8753f546e704e5b40f38999cd2

SHA256
232ce352d4b59dc102167a162462a8ea110bc7ce9b8b7bde5f13fd00992a970c

SHA512
39c1933219cbe892c83dbaf2d5db4233f805c06eb887a4b4f7ebb12501085fbcd5afbf5ad2e052d003202ad198051eb82c7fa7506210c57352a5f032f67399cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll
Filesize
4.2MB

MD5
f71b342220b8f8935abe5ea0b1e5f30c

SHA1
a70d41dbc456d548e790af717575b1f83e3f38b5

SHA256
dec8c51c89452b183201e58e4cfceffb0924c4c1f7729841a739086711ff021f

SHA512
d6ba2d0eecb2bd70ea727c7bd86cce75fe535e4a7688eb6fc6334e30f568d24d0b6661b8873ddb88c1bb75dbf772fae215b101545ff85e6461a2b05b85dfe05f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Filesize
90KB

MD5
d84e7f79f4f0d7074802d2d6e6f3579e

SHA1
494937256229ef022ff05855c3d410ac3e7df721

SHA256
dcfc2b4fa3185df415855ec54395d9c36612f68100d046d8c69659da01f7d227

SHA512
ed7b0ac098c8184b611b83158eaa86619001e74dba079d398b34ac694ce404ba133c2baf43051840132d6a3a089a375550072543b9fab2549d57320d13502260

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
Filesize
522KB

MD5
e31f5136d91bad0fcbce053aac798a30

SHA1
ee785d2546aec4803bcae08cdebfd5d168c42337

SHA256
ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

SHA512
a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dll
Filesize
99KB

MD5
7a2b8cfcd543f6e4ebca43162b67d610

SHA1
c1c45a326249bf0ccd2be2fbd412f1a62fb67024

SHA256
7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

SHA512
e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
Filesize
113KB

MD5
75365924730b0b2c1a6ee9028ef07685

SHA1
a10687c37deb2ce5422140b541a64ac15534250f

SHA256
945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

SHA512
c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
Filesize
1KB

MD5
d97ccf2a057716ff5291d97a213d1cd8

SHA1
95c0da601e1cdb9464967f09abb149afb9b675fe

SHA256
7d517a469f6b94d93f3cc5f5356d87d45f4903c16353810844ff78f6eceb6f84

SHA512
98beecbeeebf772a5845545ff4c86d5c11aa3bc14a16140d14bf7d995c3ac507f4c5825c9817f9b98536439d1c9a0a565a4e5c1cf1485a7e4dc0527b8760f115

Download Submit
C:\Users\Admin\Downloads\SolaraBootstrapper.exe
Filesize
13KB

MD5
0cc81729f4bd4a6eac95cc442bc8df2a

SHA1
5d5f367e720684dd64cfb5340d9911ec0782fdac

SHA256
92960ae4a38d896418a14a1db5ba1547aa273443790e858d00dac4ce64550c2a

SHA512
f6fc1fca47e4620e24652d8dc2aa88cdd7363172b31122c05d262349aeec88407a2b3fbbc4e4834c359960d4981fb9f674cfbfd9d5743dc917df72a3ebfb3c90

Download Submit
\??\pipe\crashpad_4064_CLKBORBLRBBFXAHW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1208-421-0x0000000004F20000-0x0000000004F2A000-memory.dmp

Filesize
40KB

Download
memory/1208-423-0x0000000005A20000-0x0000000005A32000-memory.dmp

Filesize
72KB

Download
memory/1208-420-0x0000000000650000-0x000000000065A000-memory.dmp

Filesize
40KB

Download
memory/4924-2029-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/4924-2028-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/4924-2027-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/4924-2017-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/5024-1952-0x0000023F5C310000-0x0000023F5C3C2000-memory.dmp

Filesize
712KB

Download
memory/5024-1977-0x0000023F61300000-0x0000023F61338000-memory.dmp

Filesize
224KB

Download
memory/5024-1978-0x0000023F5C750000-0x0000023F5C75E000-memory.dmp

Filesize
56KB

Download
memory/5024-1947-0x0000023F5C760000-0x0000023F5CC9C000-memory.dmp

Filesize
5.2MB

Download
memory/5024-1997-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/5024-1945-0x0000023F41A40000-0x0000023F41A5A000-memory.dmp

Filesize
104KB

Download
memory/5024-1976-0x0000023F43830000-0x0000023F43838000-memory.dmp

Filesize
32KB

Download
memory/5024-1950-0x0000023F5C030000-0x0000023F5C0EA000-memory.dmp

Filesize
744KB

Download
memory/5024-1961-0x0000023F5C690000-0x0000023F5C70E000-memory.dmp

Filesize
504KB

Download
memory/5024-1972-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/5024-1957-0x0000023F437C0000-0x0000023F437E2000-memory.dmp

Filesize
136KB

Download
memory/5024-1959-0x0000023F437B0000-0x0000023F437BE000-memory.dmp

Filesize
56KB

Download