2ccc312eea80e6b3c6e55a6ffdd27685a993389f1de973b20e2612e01a15432b

Analysis

max time kernel
1159s
max time network
1161s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
07/08/2024, 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8e3d7db3efaabe3.mp3
Size

997KB
MD5

4d83f388a1d3a0ff2ad5a66903a6b574
SHA1

8fa598526e7dd0f09ee8366f1a97ba6ca396fc38
SHA256

2ccc312eea80e6b3c6e55a6ffdd27685a993389f1de973b20e2612e01a15432b
SHA512

1765ec75f25651be1dbcc3002afb5f2373c5ad219858ff1657c101b590f5f77ea7c45bb2a24130ed5e6ddf9f1b19ea7c6778a16e5d320a1152284cf73128e4c8
SSDEEP

24576:pQr4vAZJuKawUEyxGqOYOuHz+sYlqx1XNn3xgqt+qC9:WrCqfUbxbfytQx1XF3NG

Score

9^/10

defense_evasion discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 6 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe

Executes dropped EXE 17 IoCs

pid	Process
692	Bootstrapper.exe
5288	Bootstrapper.exe
4740	Bootstrapper.exe
3068	Bootstrapper.exe
5892	node.exe
6008	Solara.exe
200	node.exe
5032	Bootstrapper.exe
4304	Bootstrapper.exe
5412	Bootstrapper.exe
4700	node.exe
2896	Solara.exe
5020	node.exe
5412	Bootstrapper.exe
5500	node.exe
5932	Solara.exe
2768	node.exe

Loads dropped DLL 17 IoCs

pid	Process
72	MsiExec.exe
72	MsiExec.exe
2804	MsiExec.exe
2804	MsiExec.exe
2804	MsiExec.exe
2804	MsiExec.exe
2804	MsiExec.exe
2996	MsiExec.exe
2996	MsiExec.exe
2996	MsiExec.exe
72	MsiExec.exe
6008	Solara.exe
6008	Solara.exe
2896	Solara.exe
2896	Solara.exe
5932	Solara.exe
5932	Solara.exe

Themida packer 22 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/6008-3068-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/6008-3069-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/6008-3071-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/6008-3070-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/6008-3182-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/6008-3238-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/6008-3307-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/2896-3610-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/2896-3611-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/2896-3612-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/2896-3609-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/2896-3643-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/2896-3662-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/2896-3673-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/2896-3675-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/2896-3695-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/2896-3745-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/5932-3779-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/5932-3781-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/5932-3778-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/5932-3780-0x0000000180000000-0x000000018100B000-memory.dmp	themida
behavioral1/memory/5932-3839-0x0000000180000000-0x000000018100B000-memory.dmp	themida

Blocklisted process makes network request 2 IoCs

flow	pid	Process
46	1172	msiexec.exe
47	1172	msiexec.exe

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Drops desktop.ini file(s) 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	wmplayer.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\B:	unregmp2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs

Web Service

T1102

flow	ioc
11	pastebin.com
41	pastebin.com
64	pastebin.com
100	pastebin.com
105	pastebin.com
49	pastebin.com
51	pastebin.com
56	pastebin.com
102	pastebin.com
121	pastebin.com
123	pastebin.com
127	pastebin.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
6008	Solara.exe
2896	Solara.exe
5932	Solara.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\reify-output.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-diff.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\util\cache-dir.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-diff.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\wide-align\align.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\utils\json.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\negotiator\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\sigstore_verification.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\promzard\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\lru-cache\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\.github\workflows\visual-studio.yml	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\lib\depth.js	msiexec.exe
File created	C:\Program Files\nodejs\install_tools.bat	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\gyp	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ip\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-deprecate.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\using-npm\logging.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\fs-minipass\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\prerelease.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\builtins\License	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-hook.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\event-target-shim\dist\event-target-shim.mjs.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\models\base.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\MSVSSettings.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\color-convert\route.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\lib\rm.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\https-proxy-agent\dist\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\example\basic.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\is-fullwidth-code-point\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\lib\set-immediate.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\dep-valid.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\events\tests\once.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\docs\examples\javascript\connectExample.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\addon.gypi	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\bin-target.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\typings\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man5\npm-json.5	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\events\tests\method-names.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\__init__.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\readable-stream\lib\internal\streams\async_iterator.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\name-from-folder\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\agent-base\dist\src\promisify.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pyproject.toml	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\promzard\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\validate.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\lib\verify.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-install.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\lib\type-description.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\lib\content\path.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\fastest-levenshtein\esm\mod.d.ts.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\audit-report.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-repo.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\MSVSNew.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\defaults\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\android.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\workspaces\get-workspaces.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\build\common\util.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\cmd-list.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-ls.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cssesc\cssesc.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tiny-relative-date\src\index.js	msiexec.exe

Drops file in Windows directory 28 IoCs

description	ioc	Process
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF6E5D1868403BCCE5.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF1A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\SystemTemp\~DF928B7025D04CAF46.TMP	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI11BB.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI297D.tmp	msiexec.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\Installer\e5a084e.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF09.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2814.tmp	msiexec.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\Installer\MSIE3D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI11AB.tmp	msiexec.exe
File created	C:\Windows\Installer\e5a084e.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\SystemTemp\~DF0C35342CEA692787.TMP	msiexec.exe
File created	C:\Windows\Installer\e5a0852.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB2D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI27C5.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFFF3CD317C04ED29F.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBBA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBCB.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2A87.tmp	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Bootstrapper.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Bootstrapper.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 5 IoCs

pid	pid_target	Process	procid_target
5032	5328	WerFault.exe	79
424	692	WerFault.exe	126
2372	5288	WerFault.exe	135
4956	5032	WerFault.exe	180
5964	4304	WerFault.exe	187

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 12 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1688	msedgewebview2.exe
5604	msedgewebview2.exe
4000	msedgewebview2.exe
2012	msedgewebview2.exe
4488	msedgewebview2.exe
5604	msedgewebview2.exe
4856	msedgewebview2.exe
4516	msedgewebview2.exe
6108	msedgewebview2.exe
5108	msedgewebview2.exe
4064	msedgewebview2.exe
1116	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674681571057415"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe

Modifies registry class 32 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-131918955-2378418313-883382443-1000\{9238B0D0-3C65-4D7F-B988-3882E8EEC1F5}	wmplayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Bootstrapper.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Bootstrapper.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4740	Bootstrapper.exe
4740	Bootstrapper.exe
4740	Bootstrapper.exe
1172	msiexec.exe
1172	msiexec.exe
3068	Bootstrapper.exe
3068	Bootstrapper.exe
3068	Bootstrapper.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
5140	msedgewebview2.exe
5140	msedgewebview2.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
5604	msedgewebview2.exe
5604	msedgewebview2.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
3088	chrome.exe
3088	chrome.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
3088	chrome.exe
3088	chrome.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe
6008	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
6116	msedgewebview2.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
5496	msedgewebview2.exe
3876	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5616	unregmp2.exe
Token: SeCreatePagefilePrivilege	5616	unregmp2.exe
Token: SeShutdownPrivilege	5328	wmplayer.exe
Token: SeCreatePagefilePrivilege	5328	wmplayer.exe
Token: 33	2836	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2836	AUDIODG.EXE
Token: SeShutdownPrivilege	5328	wmplayer.exe
Token: SeCreatePagefilePrivilege	5328	wmplayer.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeDebugPrivilege	692	Bootstrapper.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe
Token: SeCreatePagefilePrivilege	4808	chrome.exe
Token: SeShutdownPrivilege	4808	chrome.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
5328	wmplayer.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
6116	msedgewebview2.exe
6116	msedgewebview2.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
5496	msedgewebview2.exe
5496	msedgewebview2.exe
3876	msedgewebview2.exe
3876	msedgewebview2.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2376	MiniSearchHost.exe
5892	node.exe
200	node.exe
4700	node.exe
5020	node.exe
5500	node.exe
2768	node.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5328 wrote to memory of 1548	5328	wmplayer.exe	82
PID 5328 wrote to memory of 1548	5328	wmplayer.exe	82
PID 5328 wrote to memory of 1548	5328	wmplayer.exe	82
PID 1548 wrote to memory of 5616	1548	unregmp2.exe	83
PID 1548 wrote to memory of 5616	1548	unregmp2.exe	83
PID 4808 wrote to memory of 4480	4808	chrome.exe	110
PID 4808 wrote to memory of 4480	4808	chrome.exe	110
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 8	4808	chrome.exe	111
PID 4808 wrote to memory of 4792	4808	chrome.exe	112
PID 4808 wrote to memory of 4792	4808	chrome.exe	112
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113
PID 4808 wrote to memory of 1156	4808	chrome.exe	113

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\b8e3d7db3efaabe3.mp3"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5328
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1548
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:5616
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 1176
  2⤵
  - Program crash
  PID:5032

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:2280

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5328 -ip 5328
1⤵
PID:2144

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2941cc40,0x7fff2941cc4c,0x7fff2941cc58
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4996,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5060,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4620,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5276,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5264,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:5180
- C:\Users\Admin\Downloads\Bootstrapper.exe
  "C:\Users\Admin\Downloads\Bootstrapper.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:692
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 1640
    3⤵
    - Program crash
    PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3296 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4676,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4652,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3088,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4804,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3440,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3292,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5360,i,15546790879811960311,6827533163348125743,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:3016

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1376

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 692 -ip 692
1⤵
PID:2024

C:\Users\Admin\Desktop\New folder\Bootstrapper.exe
"C:\Users\Admin\Desktop\New folder\Bootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5288
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 1760
  2⤵
  - Program crash
  PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5288 -ip 5288
1⤵
PID:1716

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\Desktop\New folder\Bootstrapper.exe
"C:\Users\Admin\Desktop\New folder\Bootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4740
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2636

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1172
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 0CC9DA296E12A3EED0C5692C9769132B
  2⤵
  - Loads dropped DLL
  PID:72
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 627013ED6EC3919F1597F50BC8356275
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2804
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 249B002197F7C7CE679CAEFC239D1300 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2996
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:648
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:5348

C:\Users\Admin\Desktop\New folder\Bootstrapper.exe
"C:\Users\Admin\Desktop\New folder\Bootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3068
- C:\Program Files\nodejs\node.exe
  "node" -v
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5892
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  PID:6008
- - C:\Program Files\nodejs\node.exe
    "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" d0737e55ab6f4c55
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:200
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=6008.2948.10794591646001012484
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:6116
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x1cc,0x7fff21663cb8,0x7fff21663cc8,0x7fff21663cd8
      4⤵
      PID:5956
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1848,9705749061131840786,17359284756134200999,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4488
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,9705749061131840786,17359284756134200999,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2108 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5140
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,9705749061131840786,17359284756134200999,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2468 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4064
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1848,9705749061131840786,17359284756134200999,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:1116
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,9705749061131840786,17359284756134200999,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4528 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:5604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2480

C:\Users\Admin\Desktop\New folder\Bootstrapper.exe
"C:\Users\Admin\Desktop\New folder\Bootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5032
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 1752
  2⤵
  - Program crash
  PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5032 -ip 5032
1⤵
PID:4984

C:\Users\Admin\Desktop\New folder\Bootstrapper.exe
"C:\Users\Admin\Desktop\New folder\Bootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4304
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 1752
  2⤵
  - Program crash
  PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4304 -ip 4304
1⤵
PID:5480

C:\Users\Admin\Desktop\New folder\Bootstrapper.exe
"C:\Users\Admin\Desktop\New folder\Bootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5412
- C:\Program Files\nodejs\node.exe
  "node" -v
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4700
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2896
- - C:\Program Files\nodejs\node.exe
    "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 8f0ba5e911ce4ab6
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5020
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=2896.5228.16637239935127410338
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:5496
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0xc4,0x7fff21663cb8,0x7fff21663cc8,0x7fff21663cd8
      4⤵
      PID:1916
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1824,8168153405401842602,10999131522044049913,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4856
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,8168153405401842602,10999131522044049913,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2292 /prefetch:3
      4⤵
      PID:5396
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1824,8168153405401842602,10999131522044049913,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2836 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:1688
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1824,8168153405401842602,10999131522044049913,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:5604
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1824,8168153405401842602,10999131522044049913,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3056 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3760

C:\Users\Admin\Desktop\New folder\Bootstrapper.exe
"C:\Users\Admin\Desktop\New folder\Bootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5412
- C:\Program Files\nodejs\node.exe
  "node" -v
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5500
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:5932
- - C:\Program Files\nodejs\node.exe
    "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" efa35c0318e44f0d
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2768
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=5932.2052.13512245300441005600
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:3876
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x1d0,0x7fff21663cb8,0x7fff21663cc8,0x7fff21663cd8
      4⤵
      PID:4404
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1868,6785302610651027990,14914777150610776915,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:2012
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,6785302610651027990,14914777150610776915,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1908 /prefetch:3
      4⤵
      PID:3440
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,6785302610651027990,14914777150610776915,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2856 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4516
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1868,6785302610651027990,14914777150610776915,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:6108
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,6785302610651027990,14914777150610776915,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4480 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5a0851.rbs

Filesize
1.0MB

MD5
8dd87e3c4364e03beb3ec98628efacc4

SHA1
a40c32b5459294c5d01a975423eda7edb99f5f87

SHA256
d128e8e131585b6f563760775e6141a0bbae1b29ac713cb30cf8271b7e2f37ec

SHA512
7e4bb0036ec71d359299d9472fb7bb6b2561e39065e40f16d71ce3dfa86117ac567ae3e26c8cd031cb9571d16771993dd49428c9295a237f9c979f73f7c3e850

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
e1e558d696cfa9fe7a74c88b11be82e1

SHA1
1954f19b83de3cdeb74f1a13ea56b6da691f8a65

SHA256
f0d3c2f8e330f59a1b1cab2b60d5d5d0bf418281f2b01ac63479128d2cf7a54a

SHA512
5ab25f7319b8fd1d0efa703db5e51e51eb939696885d36ed73f90832b777292e10464fac26def5f7502f3daa54234b1a232c14033aeddba4636a56658d4f9068

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
f4d30be72a27756ae9d3d0eca0529838

SHA1
af5aec6fd845e8d709821596bbc4adea8056febb

SHA256
3cf3da8cfc0c8c7f0f57ceca3b533e967c3c07f8360b442d42afd2ef33a7be96

SHA512
657122d539afbc3bc22d5e1a0cc7b353c2612de0aa5dbb445902b917f0cb2ad5cf8d078e08e8184be99acc26874cb3d3f5ea849f0b5054789823c65f51717b53

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
5d68cb9d07d32896b483b0f7e56e2099

SHA1
f67fdfa0b74196ea20b3c656c90babc9702c6e0b

SHA256
8c7ed8f6da2b609cfdd683562b1aa37e9ad9eb3b20283c442fc4a41fd92278e4

SHA512
2e30077d5b3d788b09ac3fdf08c23c5eb5ace18376be1ad0f31541eba3e7dccf11605ae186d1e32887ca29ea5580939736c7e5a2e0b7ddad6f1b8a7491156cd1

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
4fa3a3adbb7cd005d2c9f49edc75cdab

SHA1
8540736dc320161f3d8d4fcc0ef15b8067347113

SHA256
97d66eedd299fe2cb60c6e1abaa9b18e2c760fb9fbb8ea37ec6df5b5bfb7fa00

SHA512
f4f63f9778b7df25577a7250ff19e60ebb7ab0908af97998e2209678b540263e19e89ce5cb8a8829052149c7f66d0e64a23caee6c5e94734e93bb00573d06c3a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\3377d0a2-ae54-48e8-ab64-51cf93f8302a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Cache\data_0

Filesize
44KB

MD5
69dc2dd7000120470118b164d60ac648

SHA1
aac38280a75d83e2c429dbd5c1eb6a340942402f

SHA256
1ccb375e0b7f47ed1e897b65b4b9649325a0d573727d8df0718f7a588f885f95

SHA512
f9137e018f9677b08269ee427767841790b3109372b6ca9197a1e0beb3c8f2076581eb078eb6be21d34cc25fb07151339bd09c24c6909deb2f9b7216560dce22

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Cache\data_3

Filesize
4.0MB

MD5
55f639dc0ac927b16ff193999c901e23

SHA1
6b3e6220877e22343de64e9132f3d793af4ffee1

SHA256
5eda2e057a38fd58a0d8075817a1a344b6c176f3eba20680bf35e7f1e4e653e4

SHA512
dea8a41378aaf5be0460448828a60d421741a1189f0c28e926bad95a3f6315de1fe782f39454747e7d04129997d2dd4c9dde8be1755d0f3dff9808e4ec815e2c

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State

Filesize
930B

MD5
d21417720657f553b807b468c65857e4

SHA1
72fc4c86b7f94636e106c330f79ff82d294176fb

SHA256
63840d0f4c92c71225efb05a75df2a31889c49ca21a2117e465c0a2f95c8a609

SHA512
14bb9758096f422c1769286567f6252ec68628281f6455762f2fd1c6e055623701683c7dc48748c3a331db5a3d328262b4a580219b1b30fb3f73b88e24402ede

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State

Filesize
1KB

MD5
b60accf37e8e29e40b531965f3debc83

SHA1
8d8442e2b7f16fb6f24a684feb7e48f8de834940

SHA256
22c27ca72235e74eb33747b6e4cc56490f2e28e4d5978543d5eed25f7d9efc48

SHA512
31bdef1d3585b0de8226d531d84cb8f86cca23a117472fd96eef2468d06d589e746cfd9f6b4103ec0d01f92bf2b4b01add15bf1237518d8e327637488fa19266

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State

Filesize
1KB

MD5
1e83df413fd2bfa4f4d83d85c0015d6a

SHA1
946d4b9a77f04f1af3277b420323c061150f2bb7

SHA256
92776c93df24187db504eb6a2fe628ee19a580984aa871e7f74bccb6bf79e986

SHA512
502c3881d9cf843380bf9a504f05b788f2ff83fdc796e6fc09f4e6d3beed2edf5ebfa902540efae9d78e4eb1515ba6992cb34187401775cc8dcb0894c1e56d80

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State~RFe5af629.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
4KB

MD5
6c29f2268535a74083fc36f93b9fe857

SHA1
2ea155cae6175445247bffc10408dbfbba04c339

SHA256
de47a2373c74e69f3c824bde24deb3cdb4d98e95aaaf755f01c8c847e12043aa

SHA512
25003dc4d002fc04383ca91e01e39debcf460e72c4cb935fdeab0bb1b32a85201eaf5a5cb5ee3d52d115d9c1fc4594dc9616aa8a596f40326d13e87235c5016f

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
4KB

MD5
17067e7f444c5fec7d99445cb1538b94

SHA1
a364757a7bbfb36e51203f52369ceeb57438ca87

SHA256
3e4e2419d58c632666c8f710260ef1a5b53aeca08d42dea6ff749cc4c44cba13

SHA512
b77b92e9b60bc152b8d741b9cae065783b0b82c42c0d693f6ab803550c447237b99f9df52650605c3bdb69e5807d46f4e17aa7390e20b13c03674e78ad951405

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
4KB

MD5
63327dbdc916c0a7aff0dd30c5cfdf7e

SHA1
aa96ae13c92cd2f2c88c883126735cc82b59e512

SHA256
d3bb9014a43279eecd70cfaedb14d734345d69e6b2c97b87276aa590c3b3ae41

SHA512
c092eb8fd5cea18c249d39385bac53a72e1b8ad4a1601074db55be25e1da6f4700a13fa536b7dda4ede92bb8ef97ffb6ee16f3a68c8737259e7a1a982a2f0c02

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
4KB

MD5
a5fc1fbe4d89822bff38dbc8dc8c7973

SHA1
da7b90d730ec81cbd688d69eb442d78b16da3c84

SHA256
dae56b9359c7ed891339b861a7b97ef8942830f46842f3a42e37351bfaeb3a93

SHA512
5f22fd462cf4dc67182998f1f1666f31ef133b3e14c1d7ae775dae5817e174b1cfe75573e7789a79fce8f3166b159ee4aa15f89558cd919506978d371dbc3e4f

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
4KB

MD5
bda83c4234e00e73545a0c4c822da63a

SHA1
8dc7eb19bff1a1394dea55db2e02660aa9b3669e

SHA256
0cfd5f0f5e153526e92e4bf8fcc9936acd3155fb51cbf438631aca15a6a63be1

SHA512
d7a0d0c5d3beca1141f571cb5db12de0707f5c4bee08a5b2c376f165df6d2c358cb82e95f209f2da13d34ad9a765ed2fd17bc3f79737729dc779fc5ac2810e32

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences~RFe5af5ea.TMP

Filesize
3KB

MD5
643250f3a2db01f854bb6b862f8552ed

SHA1
f11de2ca1e4546660f99970382915f737b41c860

SHA256
467941022910032981e1be7b7a27664178d2f25d25a2fd282bb813f7b5e4e8fa

SHA512
ffcc2e870eaedda3598eec7adc96b3a53341d58b3da30880b54db8c5ad1d6abb8e155998225e3695800d13fe1032bfbf7d431830b06c9d8bd0e69a184bd440b9

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\TransportSecurity

Filesize
873B

MD5
d724d8c6a1256fb3ebd9464ea295c3f7

SHA1
7a83a9fc16226a93e917437c17b3a1bf9f4f32b3

SHA256
c143a76caff58a6e79c448639c60b5cf020e9a55a864142b474a98ec77accc83

SHA512
a00323c09451730e7253d99974f6687139e61c99fcdd481f88739cc69a9590252e12e4fdbd2c35e27dabdbde554ba847cc3a9a07e3eba3a1d8513b6d904e2e2a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
8KB

MD5
64183767770b31c2c6b2ae8086f4141d

SHA1
72078302beaa99c9a176cfc70930986ae17e1802

SHA256
324fe2a0d7bbc646f5712e28344614c5dece09c5c7b6012c8551cbd44a5588cc

SHA512
bcf8d06d6ad9f89b47b540f7f0446cf309ca22617e31ccf114f3b1312551496af9e5f2a9c705f2f3a9b2ae2104bdd9a7bde661169034090476f494d9ca0fa613

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
8KB

MD5
98b3fba1e59f1426c5589d9b262b354e

SHA1
fdd565f4c2457a74a3dafd88bf69b918bb1e7d0b

SHA256
7b4c0bf0c21881a4b9057bc220e68a9372a7a21287a857dc374acee56426515c

SHA512
b80eea69d804d2c60de2f0b7822a9c002f3c44b62a033bda4d6e4ba6640328451fe9f9b0464001cb9222d11d4357933ab9171393b5de9887a592fcdab6cea05d

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
8KB

MD5
a23afce926e9b4f4d7cebf9507e42883

SHA1
53745a6b6741c9d082ebf949ab9573644e7da4b0

SHA256
8def8fcee5ea0c070afa6efcaf52188464a422797440c6fbee524d5aa001b849

SHA512
e19d13962d9c5329f1f0a7d6d180f97e7ca639c6726b8796914a35f50af360791292ee4047483da2b5893b1a4eb0437fb217f2f4d31bcfd3543366c1f0c7476c

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
8KB

MD5
eeccf93787496158ae68a826c5866241

SHA1
75efb1380d8fc1e8890a3ca9bd33b6c8b678790d

SHA256
fdd978ad985a4535c1fd956522e3deea44474eea739592063b0d6e17b5268845

SHA512
f374a28610259e5a94b2b787368132c864452763a7bf20a610efe749ca23f3ad5412f9bbc21f0de886abf7a85d3774df3cd211d59ad02b3010cc5cb88a43f7ea

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe5aecb3.TMP

Filesize
8KB

MD5
5cc33bd3335ea1ae0f10920ab157230e

SHA1
487788b33f08cfbc56e0a05fa6a2b61f3ba32758

SHA256
6f1b0e5a593e5eb8b8c9a9bc8b731d03d0bb19a2011a83ce37e993181393e198

SHA512
f3f82f4e5f0bf1ec804509c9125bcd5ccf692296db05e32648d4ae6e3c2ff021e5dd20d29cba5596046181db7de0d0ceb671544139c53d52353ebd5578fcb5cf

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
db6aafad59c6fe7b455c238f3d9dc195

SHA1
18839150f25a2c6d82e70f219ef72e9e9b7802e0

SHA256
6c4491f4ea50578d89bc48934de84aeed10212f5a145a6a3fc80867f0e02d89e

SHA512
281cd158be49d07d76ce3466fd610ed778ba41dd60e623daa6fa4d5e3adc9275726c357da6b197602bf85e63a6639d2062d4a8846c623eb99da8e752f0d33318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
34b4750f65542d2ac4d3842fe50a5284

SHA1
0cd9dc463b6be72fd4d063ccbb00a1527aad97d8

SHA256
7cf7938b60d3330e4eaedbc54273627e1f2673dc72874b0f435cb0e631eb6cd4

SHA512
5097836ea50ba83e396eff960d5ab19152de033a107c849c4366169f42a52c8f60c33dc55702070b9a51ddf458fa2f8a3b8af3f362eef2e7665a71c217e8e054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ca8622c126fcbbac455e1ba161fde81e

SHA1
5d67a83616c17b473bb2fc2f8df0bfcb20a00a76

SHA256
f175580e66e99e850a81d622f5b1e964cc869d336160be28486991ef1c616e78

SHA512
035f1368f23a156fee5aa0b99da9009290403841c57792edf8ee653148b81a90d31e415b5b60f3a00fce6bb09e0290d0381be7e7d36e5fe2d2ac95f1ceaef338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
38650e2d9f947d99bbf3c3d6e05204c0

SHA1
75c220df95c6c40a305e353d746402908901a611

SHA256
4b8df6d8340935c6b7149eff6ae3fbfde93f3cc2189358267ac4f7df2ed33d34

SHA512
b54f0d4bb64fa7cf0a5a0848efa42258489a0bf5eb1d76301b463af8b7e20f042c9447841191f3fab080718876d18e1e21bbf301458c9d7e049d10d0191355f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
02a09053610205d4da09745206a183d7

SHA1
c7362c83b310a5a8a4d7ce559916a051104c268f

SHA256
fdae5f1549debe2dbe9bf9efcee36066ade1b9c397b8d0b76054f0848e648f7a

SHA512
c5c7b20c9b7261d648bd59dcbb3dab4e37da3544ee5c8dc96df0b551337bfdd0fce742f6d4de6ac20fb0e46f7e83a1f7eeebf99284fa4ddbb8771586d301bde4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
e77c21bb16d1211d3304412b4b3c4184

SHA1
6deac7ed39a20c22b88fec425b75fa14895e9a67

SHA256
01ee98f7b89d1bb3c6c340a8608ed8e4960ca1ace94e3185dc1dfdfe85b68501

SHA512
d15b2c764cf09f8cf7f82d1156674d9d2946a20113e7d3ad13af9c69b50e11c3be272d23ab41c300796dc600515196a0962a80799b36ea5c884726810879e847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
deab9bc01b3054df9539a4c0aa2160ab

SHA1
f8b68ba9857ee54b52057a77f58c3436bd8dbe6c

SHA256
218dc0d320540f453c134274933400f36c4cd5194d9b2cf4bd72c9b842a5e534

SHA512
1c2ee6e567e2cb2603baaeb8431b7b133d3c315a054d99c66873e3c5c84d2d819874f65164fc0612c9465eecc72869cca6bef26cf729a8d2b0289587ef0826c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
84cf03d732a23d9f015b4a52dc154175

SHA1
e6c3b6f8e64b64000b70a3bf0393c59d40bd0071

SHA256
864f8b1dc190eb6760094b3a9de4072ea0e4c645aa2328e3457100af09d76821

SHA512
0230faa6e60c2beb11bde22e6a58aa884731cc4e36193d04cfb34cd85dfdeb7292b2b1fef14c60d255902a172fdf47da22cc29a7ea839391e278e1ecbe6f8cd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
841c3d5c5c2350d451f3ab5389e2d03e

SHA1
5152f8be61d040f962c9114d35535d7bc6fa94f1

SHA256
0251d1f134d398f4e137b5d10197bdd7f5991189c9e632e84dbc9d1422b51ee6

SHA512
5ff5f633d95415ed79148631e36f004c9d258c6101f7a1a771d7c3117c0d26bc0fca228beea1947729bce1fc99921359a02976bf94d413d75d6f760413e65d80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8e8fdf0e82a764d49e8d85baec0f64ad

SHA1
b96cfb28a3b5b06468ebe1db6a99f85d9e49117e

SHA256
b6a0232f60300dd73cab610f6aa43872cf7706c91ad729b3e12f9b7abc847230

SHA512
453fbcdedd6288cad0ccfae81e0ad866b408e7755acab322f6b7f11bf8922b560267d70b9f944e764eb820212e60480bfe91b2369018ab044e840c50e0b69838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b68f96e072e40904c8008ffeb1bbcde1

SHA1
89f926475d0529bac5efdc542bd0dae610e08f75

SHA256
e300c05e87dfe41c5b791d547a4c3836e42c43ea49bebc06757f77a9bca98fc6

SHA512
f2901f32c135609c022def10b690dc50f38cecda65f311a6aec5327acc1b848523c52dcbcfe04947cba93ddbf41231f54e4355eed683b1c9ed980935210fce2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e59429105da4600a1a0276514b1f6952

SHA1
9d00befa214ebc17c1f6b05ea2af25d99c5b09bb

SHA256
f178018a52df44c572a3cddb79fb26c212aeb70e004c6d3c3034431636a67292

SHA512
528c8280434357f134085fc1b42660269f125748887b68d5176c6e0cdeb50397a8987bdadac1b28c156663c9b58a752a5eb2d4b5f48d055c45c7f6a4a00f07d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9edf4726859c964228b60282799519c2

SHA1
cac7ea1934d98e3a0a05b2470f0cfc7e364eb197

SHA256
d6a1505eb8bca5ddbdcb5fe9f62f5018702a172743664b460be1a63b6f88e640

SHA512
dde8e2e6457bd2823e4f4f2336782c1c13b253cb2505d3486f4e2d5e3125ed25a022726fb614384bf67973fbb1644c75e2c3a889d77b0573a6f8e90e4a08c65e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
28235242d206b2a170b4583d2094b38d

SHA1
445925195fdf2c8e00ea5994ad1fd3cb8af42a28

SHA256
692a342cc922fe1b0437bc921814dc29f7791f9d66b114457d8b0584baa7df0e

SHA512
19859525cda292951a427d255c6b47af69c864ffe9b37f0310a31e61ce275d42a422414a161e9696c50330e0eb2929386a9312a15ca1b2e3feddff52886052e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c40e92fd5fae02384dc5580c49fe34bc

SHA1
ac1f1fe66e5be11beadab3c3669d39aad391b65e

SHA256
da5bd47d20ee3f049a7f44b7703c0c1ae304101c16b67aeacec8d549c8523330

SHA512
09b2c289a48ad0c0b24c5419e3167731acf6d7be6dd6bde08abf46358dfd57fc3e1692dec97fe981db8ba372ae6adadde311ced2150c4a80d7ea864bd6cc19cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7a58c36ac2085fcdda38c68be06836aa

SHA1
f3ab3da28adcfcf9502a58d938c0b7ff10376a8a

SHA256
51a152b73ce45760c9b0bd7f063b93e50234a88709e68d57113a13146117ea00

SHA512
0d682fb8fc313a46d8238d316fe94575e1c08d1cbc396b79a146ddf77ddb38b2ea55c2e48cf9a8c0af9e3496c7cacc9888b6e43bd90942b3bb3b7bb12becce4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e9aa513a6441cf71f6daa287574b910b

SHA1
d215eed00209d139cac118e7b86574d20ac1e779

SHA256
1c5257be96c20666b7e557cf4b724e7f8d23c392ca2860a90de7a4fddcb339c6

SHA512
8b3aebd7f3df1306c68a51227035841aec0643da65e482e318c26da1dca490e794637352e9ff01c726342eed8664b713f2f9853b52059c56c9eca59e0e468b0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
998f591063d0558885bfefc3544cda3e

SHA1
6851aec20660092e68e5aff3a57cfa64886fc735

SHA256
a20feef379a1e5f6c2af682d3932ba66c4d93f5a3916da028a3a5a3d52f4a5f5

SHA512
4660ae7f26c814111a8fc12b2e64c2df267bd8e19d6dc5587e73032d9a5ffcb232aa52392e7c70c3addd358f70fec269746f9a0eb5f7c15d1d4d8197399710ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
57a7552562a20d4ead88aed004e672a5

SHA1
c7dfdc1b35501c4a275d6ac1976e6245b4e721ba

SHA256
6c7cfcde7d96fb99cb919552e4fc8b073753cd646bae4c6876e39c1c86a0b86f

SHA512
50c7f30b6247d6b7568b25b622d7956b178fb6a238d740faa13f048bd94634c237db55fd794e8e7dce57dc714114318d7bd6f8eb5207787b70a9af75e8be65cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8d45a113701f44ad036360e5aeb99b12

SHA1
1a33eb032de5d2052e4027698f493f8dd568be6d

SHA256
7528b57677fc359a4b04a553abbf75a2c4c5f9df229b4497f3eff0fdf60b7d9a

SHA512
9fc32693244a91fe5256785ec2afc37cc9dea1529cc7bd4fa7de12373adbcea36dc56cd24b21644c15ab7fc805744cdf761a6b8c64edee9fbdbf7aaf781df7f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0bf5218dd0628a2e60e0f15354b960af

SHA1
75bc025fb0f10bcc304fb210acf2f33b04051919

SHA256
d659b88025f30db39de89c62f53bb9529600efebf126d9cf4822527ba8b6e7c8

SHA512
d748f024346d1b09100000fe501ef4cea37eaf4dfa79855b980341c664fa5c7674ce882042c03bc7f5f85c88a02d0f208ea0b51d4469f88d10327349d843bfbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
9ffdd2e536fc154be4ed01a01cce5374

SHA1
ca88c09a1c68acd30919718f885eb49e2ad96ea7

SHA256
5058f23c0a14d5721e6b3a8845d53d551b20a10341057df7954d53a65bd8687b

SHA512
fb5dc2b5926e75643409517322411c1729c2e9fada8f9a92e2b1292b8c1ca5b94c63c6d05c29fc4f5646f184f9580cf79daa4e1d5438ee522cb0c2683e1f38e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
98a755607c775db6abea5125fa0109ca

SHA1
66dc8779623f5f76e550a303ee0343d2c83242a9

SHA256
8771257435c1ec9749f1444e4a525f91acab05fab352d216500243f0d331dcb9

SHA512
1b1e1246932f1718e055bae109f20a36aa9aaa936de0aa37316dcdbc5121c471d4b100926163adaad309aed6d6d5b519906e5140b9f130e12e6e052143de5529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
8a41aa7c50ee2f0f13c76fc386fc8a6d

SHA1
62cd5424387ae4f298ca215e610b02b5021db1a0

SHA256
bead59522ca60ebbef4aa30904b3bde5b4316c1bffff4653db64fd65ec789f29

SHA512
b664033c84e25e3b9d4fd9ed88ff53eb15910feaaf1ae74b21c96999d795c0db143cfb32a3ee68d4ae329fc68383d8d08e90f494280a8e7dce801aee46e1c489

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
727ce9e65af2d0b5d20b8e801a3121d3

SHA1
45ffd4563734067d6560081c5b241dd7d3814295

SHA256
a36f7b9d9277ba19de72829ecb8f100f0e2b5ecb6b7a1b6363f44508d95de634

SHA512
25f0facee9cf5bb21415fc6078f28ead2ec509a1319aa6afd2e2d5b8759ecf5d78e78ea6674bd182128ce79075ae8fcb60fa00a6ad7e7e2f7de768df10bf6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
077924bbc4a36d6eef27d9197f3079bd

SHA1
dd747361a9c0b9168e17b3177375e2e598c884ce

SHA256
3e241be79906565d6c43da43947132f30f8481fc491c57489fcf30653e69f69f

SHA512
fdfb8d20cb38cd3ebddd0816ffcc7e52fed185883f60e61cef3f0ba67bf01afa001187d347942d325b71ab2bf463b7cc9a9aa731abcac6018e1f4e8b2e608061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
225KB

MD5
5483dd27d97f612dbf3ca1347c132336

SHA1
c339e6b2c7d99e390fcbcc3fb22c3369b7aba026

SHA256
633c73ad5439976beb68441dd1fa9d1f47f3a01e95e7e222e5a675e97d6ebc46

SHA512
a184eca40ef3e8da16a6756137d087e33083ff78969ee30fd948a1c74283166446546842ce4b0468b2634bd28dd3433241b603e7da239e30334383d464dd19d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
b76d5a45d2bb3ef039d1da687af6f938

SHA1
07cb3aeb853cbec88e4d516a528118f3de0a8c54

SHA256
796f72ef6f6dc499e95f0474d44b9dcb9ce80741e04cbb660915465dfa8ff38e

SHA512
da1456fd225113e823957dd8d68eb46e47fda5759f9bbec81b86977be72353a2323a43aedc9111b56a480500b1d9a15cbb25e80a7a25e053e9597bd6baa329da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
066f6e5acfff197d12b550ef7d452d41

SHA1
aaa8cfa5a56519594490d069f31a42a15ca515a2

SHA256
cac3a8354c7766b4ce0900bf4d8097bf372ec405a6af4bba63a6d92132932a30

SHA512
21c3985bdc883b7c0fcdfb660a577eb03870943d9e812a24726158b6c06cc36b00425fdeafddcb099fddd1488173280563f7241c9589e69d04d1eb1b5daa786b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
1c5dc09ee955dbe0c48b9751d74f3893

SHA1
6feaaef2aa095edb9c6591e7b526030986761e8d

SHA256
81e0471a9a3d3f39501ac3590ad1566d7dd2c70f3b09f6e75250ff4d04a110fd

SHA512
8d84ce468f6bcaefd90d8e1c098a40e81f60abdb69959207242bc6e0b6e85da78fff6d398796327cea90a8f173ee22590ad7e97e168f9469db129f81474609c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

Filesize
68KB

MD5
0305e226ed708ebf4b75eda15e9f36a0

SHA1
d60b975c4d985b85055def51370ea27f47b3823b

SHA256
2908be00ae235136c82439f243cad46d687f870edb194cf3290cfb2b6d117ea9

SHA512
f222887a2604164d3eed13d965762601893e42e84f628cf8995e83a4cc8afb82ba99e3639b924772e613c82a3ead7843d48889674f1842af5d7c9c85fda44fb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Filesize
498B

MD5
90be2701c8112bebc6bd58a7de19846e

SHA1
a95be407036982392e2e684fb9ff6602ecad6f1e

SHA256
644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

SHA512
d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
5433eab10c6b5c6d55b7cbd302426a39

SHA1
c5b1604b3350dab290d081eecd5389a895c58de5

SHA256
23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

SHA512
207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
27152171537c47796aa7194ac41383bc

SHA1
430c380ea885fce765a771cc40cbfe6358b4d04c

SHA256
28276ad4adb3f540918a28a722f10a63406037b96a14e05565e31ec90c605c22

SHA512
044ded8d45d2249f69ae617768398a33cf060618f1cb583aa9d9a34171de10bf3e23f6e49b3c0b8ca872f5ecbe98e841168fb3e94fdef2efbb299a3cbc01f616

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
99e50436e02400a9ca42f3a6714c7df5

SHA1
5d46bc448f989f831bea006a2c934afdd00d7a76

SHA256
c2388c9d2c449c450ce2cd10964d114ddec0511136880a826be43f39c16d5ff9

SHA512
957a91f6671dbe7463236105739588e045ed619b45b50ca3a561878180095bb9394987f40125be736d14fc41b4655c32a687dfcaf5802f630a1293b5cae4c1f7

Download Submit
C:\Users\Admin\Desktop\AssertSplit.mhtml

Filesize
700KB

MD5
93745b5c5a876f70b1940dd7e150c78e

SHA1
cb2ab9c25c47d698ab3cb6c96eebe8a08a50353f

SHA256
40cde3af2f1a625dcc2e7a3608d57dac055ba7e99e9bdefbac641020618aa7be

SHA512
904ad340e0a80fd68c26e617ef67d80b3118ac49ce679a273cfed3933e6cb1123bdaade870bd765294e60e5a60074b8c85b162a8dd43c01712e8341d032e263b

Download Submit
C:\Users\Admin\Desktop\AssertUnblock.vsx

Filesize
626KB

MD5
3051fb80cafc2ae7fff73114a32bb18f

SHA1
6456183cba713c352f188798b21e6d592ce73bbc

SHA256
a408d26b49cee48d5435254d329a37d34fa387ead79b435e1ccab0224ad72fa8

SHA512
df13f4210bfd7345291ec6b8eade424431e9ba370d7323caefef90d92849bd38bf8f88a951e00026d3baefacc0521f29a63df65a84cb5d6a871ce23bdbbeb61f

Download Submit
C:\Users\Admin\Desktop\CheckpointFind.dwg

Filesize
577KB

MD5
0760400fdc285b25752541f0dfaf403d

SHA1
964e818bdd39478cf4343a62c17dbfc061361e20

SHA256
08530cb0d6a194b449fd6cc4209684c47fd150daf2be9ad6625a2ba9238c8f6a

SHA512
3f8455cf130a9d3b0b0baee9aa6571c1ad07cbff340c1428f78ddb7792fb5713cef583592638a9cf6f35f12ef8f92915eb4788f70203131155835fb691d3f489

Download Submit
C:\Users\Admin\Desktop\CloseSearch.3gp

Filesize
331KB

MD5
f7693c7a91f0dbb1d6d13053567c743e

SHA1
f3fe3c6874cc485c94b5ddc14b14de86e9804c43

SHA256
55399cb1b2da400918369fff6016cec6cd98a283a1fd962ec9c398ad6d0ff2a9

SHA512
5480b3367863083ae1e5f764788763bd3c2e74f0d375ea2c252b01cc9e562fc38eba894d839a543861ce55f5aca1e4a49fa273b44e6c4439f586ba1bebf59436

Download Submit
C:\Users\Admin\Desktop\CompressClear.7z

Filesize
823KB

MD5
2196c6c9169956f77f18831a5e914586

SHA1
4aa44429709e68faa3f3669d63c8e9c2885b5bd0

SHA256
559211707e2991120edfb1be9b7c912213969cc7f8600767f9f894b74ea63dd9

SHA512
e67257e63a691e53a32d182f7c8ac15b5415d4e0e96ab63676ec1fc2ede952bed5d0db3dbd74c8b84879657ea383dc8cab230ef976b8c74e30a3599da6835151

Download Submit
C:\Users\Admin\Desktop\CompressPing.cab

Filesize
675KB

MD5
07223ea6494e6725c8e4dcc6d477fbc0

SHA1
a25ece39a2f41ddf69f9af82273c3441b05e2b82

SHA256
1e221255b0aa9dfdea448327e01962186859ed1e692cc7507ab0ef9e56c0f419

SHA512
ed6ca09a11abeaf13ad4f88b6e331fcaef5ae252bcb61768e989073ee871bed6ad50c63a8cd78a3c9e2733cff64174088337d4a2a217292b197c665551832c0d

Download Submit
C:\Users\Admin\Desktop\ConfirmStep.ps1

Filesize
454KB

MD5
b8bd6fa28e5cfe661d8109c8e32cd30b

SHA1
4544f4c2a7ee7c032fc872ff53549d27d3918f4e

SHA256
7c18000071d2c9b0803c8db2879acd58f037e221e72c8c59f30cb7498015b738

SHA512
abb4ab0c280c69058b16f0fa04bf98051f0645e10968d1e203f7c89e90f96c63debf2711e9ae3ea7c08d2a9bb745fe47eb9271b097300a103a7c6e1537bc5065

Download Submit
C:\Users\Admin\Desktop\ConvertFromDeny.rtf

Filesize
872KB

MD5
5b3c55eec57f3ceb97b1cd8424a36c9f

SHA1
656a8b79d08892c0c17319c5b386d7c796c2b430

SHA256
461f68358a73178ed1599cba511116ca153b8ecf2cc358e43b441c63eeba7ba8

SHA512
9ec706b61669305a61da55865c0b00177cc548cd3f7f3b94344eb2b9d36651dfeb2317bd8bcc06870129f28065be5a242b94bd48aaed9838e851d498ad95b8b6

Download Submit
C:\Users\Admin\Desktop\DenyJoin.vssx

Filesize
651KB

MD5
a6c961af840a7ab06821653da85dce16

SHA1
acfed94914ff9f0fb126a7036167a5690677bd99

SHA256
5d14027968cc0fb6336750d0a6e81fa5971a31f721bd50d73526bc4a7630a606

SHA512
e6deb157e3bea9e28f89fa07e46ea14ac836da04a74e2724ba84637023184c71c73f49245cf18dca57dc4d9e743f07bfa0579259af26310aec75d853932b4e8a

Download Submit
C:\Users\Admin\Desktop\DismountGet.vsdm

Filesize
405KB

MD5
363964cbd25817da176276a1e0da17a0

SHA1
f756c0f4297741dc098b4673cf4a30ec0e4369d8

SHA256
f1a6caafe29cd948f4c6b9d04ae67c550b9547a1cbd7a53b89b707478526d419

SHA512
e4e84234fcc373c7dd046c499913e80e14c50de107aea6eeffa9f0d3a16a3d536eca84a8d09827db77f3ce13eb1b08c4fbdca2e1462456a16557166297b81c9a

Download Submit
C:\Users\Admin\Desktop\EnterAdd.xlsb

Filesize
356KB

MD5
d0328aafa00af1e71e4c5d642ad38f94

SHA1
11406bbecde65922acbd48ca8cbd3f0dd0a62e1a

SHA256
85a829cc49baf4c8d486d66a19e62f2fc6d7bfbe0178690613aadebcb093bf0c

SHA512
3dd7b87803b152069f2a45f6f906e550acbf3f3914ccf07746268abccae345aa23a5a5fee2d84ffe6bb2d444e165f9393b31669e8329d8bce7038662aa4a51df

Download Submit
C:\Users\Admin\Desktop\InvokeExport.3gp

Filesize
430KB

MD5
f57ea83d1c71eec3170586e9bd8c716b

SHA1
1e225f0b5b445f1dc7d4be7e1f3dc5e4ab5adc1d

SHA256
3fbe1b238a3e4fa9b77d852fcde05a30c400fe6d65d4ae47e133c38c2fc67760

SHA512
99f1122c8bb440c354a9215d6fdd5401043e67f459ca905eacd9172f4260169c6ead11d3aaa37c5cdcf6ebfb592c478d853b6fe1176d72d6927e5998cadc961d

Download Submit
C:\Users\Admin\Desktop\JoinEnter.dib

Filesize
528KB

MD5
f4cf210af9d47dd6829eca8536b02941

SHA1
5250748e1195ad1ea4c517505c33f695f731f3c1

SHA256
b3b3bb153ea7e2bd8f8d6240f864c8bc0ded20aaeab51d8ae4c62cc99405ae5d

SHA512
e5490f65a1d8f995361cf73175d83e8318b023324cea8c52ae49c06bfaa656df0fbbc87824672334f321b7a34c843a6a9745c67fba1f91bc5beb7c495ca406eb

Download Submit
C:\Users\Admin\Desktop\MeasureApprove.xlsx

Filesize
14KB

MD5
0cc51678c97b748c6f735f4a18be5cc9

SHA1
e3a8c5f109e8fff3749d0fff39f066d92d9d06de

SHA256
48f7e9755c72af0c643dc00a0b9aae534032062f7a2172cd477d6f5cd05ff2d0

SHA512
3c641731be6b5942ed2e51c47abb862ff1178321b3ba0a7d1c69b37e4b9b5bc2b929fe3b3f9c734f625a3e3769f857a0b24f0966ce6bed24ba0bddea69754ec1

Download Submit
C:\Users\Admin\Desktop\MergeUndo.001

Filesize
1.2MB

MD5
15f8dc1f82e6f0b396d9beb1cd39f9ff

SHA1
6ab25f76d645edeaed864f0342070a1675366690

SHA256
36f80cd1c0a333258162d3d69923a1edb306a102d45e9db51a053080816af233

SHA512
0763ca8b7c86e238cff4f55e8f267674f7440008cbac44276bf33fb22322c754af653bab7a4941cf583d53051f85060eb9b14e1ebec7835fcd8a5dac22e028a5

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
ccb62d37c538fca319fc81198725c89b

SHA1
9d9f9c9f63781e66e4b1a1906932880dfb93923a

SHA256
1a2924a4b726920af1fba4d30910db7f6225d5211d084a65a11fe2ebb77588ee

SHA512
58fdb545255e55ec5c19fbb79fdd7c177d40576ebdb2b662df608cdf0367dcacfb55afff6d53c2cd7bb7c855a7aa1eedca1c38dbd66b53bafca6ebe1ebe2f48c

Download Submit
C:\Users\Admin\Desktop\MountPush.xlsx

Filesize
11KB

MD5
5ed637e6dd43237e1c9ed03d8f86fcf1

SHA1
cafa1397e5a42b0c932e6d5f62f11d01d32fd88b

SHA256
6e376e26e1d5b89112926e2f1dd0a70d101d4bce275c3c1eb5d1ab7f15ea72cd

SHA512
d03203d9a98b5a37170ebd83259af1d5f2f77f2cd3b5ee561e431a855ecc55a4873a1e3db49da2656dd68abd0c9081df2f9cbdf23bf015194f1855c66c1aa131

Download Submit
C:\Users\Admin\Desktop\MoveFormat.xlsx

Filesize
13KB

MD5
c6d90a529bac1f5eeeaf456717368504

SHA1
5b0f8d5bfd1e15c2cd4f54cd58ba51f1a3502a1d

SHA256
16903c8a5484435f6651012287014e1b7280a3578f984b610cd1b78ddae8b803

SHA512
e0162c412718a1c4d1b67cd38547351c6851cd3c028bc40ed1c447b7a0a3d95c1b1f3900a2b8d16560eb5c82718bb18b76cde5709e3125c429ec3742ca5dcfc9

Download Submit
C:\Users\Admin\Desktop\RedoInvoke.m1v

Filesize
774KB

MD5
0ed53b55dbc190687292e126f4dbc382

SHA1
bbfb3bcdcb519e8c5d317d8012a0395c5258933a

SHA256
68421126500d9ab7c5bc85202d0da8a8206b5ae7903ef41bdc195381d592b9aa

SHA512
06f9b98131318fb67c31ce366230d374451f3ca1dadc65d9a7b08acdfaa0f9a10a3d341484659498b657466f70213c8654be743c5d28d56b70cd0d4133ec1e6e

Download Submit
C:\Users\Admin\Desktop\RegisterOpen.docm

Filesize
749KB

MD5
3c0c37b71151272e081861d45119a7c0

SHA1
eaabccc8f5a78950fcfce25f08ee66611c080d51

SHA256
ce7a0403373cc7f4af331e7d3edbd7d99cb6f4c05c8d3344046164706dcc3058

SHA512
7d3bc037908e42ea1ae3579f64bd91e03b2efaea07d7c67e15480e54bb4f35b397c5e26431ee7481f8eaece74cd2f0c30985dc25f64ebf18db4dcde0f356a3b6

Download Submit
C:\Users\Admin\Desktop\RegisterWrite.rm

Filesize
798KB

MD5
901f2509b4b04a7c7c4f2c30e0bb5798

SHA1
4e359e81df7d5294c87c1a72c5ec15b5d20bf223

SHA256
521ea4be95f43931fe333d955ac7520cc7509007e65bb3b40cd165153e1e45bb

SHA512
5fee6fd09a63967b69189eb685a6bf0bb731ae96ff61117e6dba026307813485ab8221ecc142f326513ed0d3af79c6240f0a436ec55b0f25b246b3f098f09548

Download Submit
C:\Users\Admin\Desktop\RequestLock.wmf

Filesize
307KB

MD5
64fad12df05dd569fa8be532d38c1822

SHA1
83ca25807b4f5f5b912d068c70346ad9534e431d

SHA256
eeb1293aaeb3b6f62458d205f6490a564a8d3041a4a18b1c4fb83e5fca2130fd

SHA512
e2451b611d608972a39b8523e063943e366f6fd122e3b6a1240429088b970e8286876bcb6083415802abc0ae0efe782ae5030b712fd4f34cbf51d57d4c17824f

Download Submit
C:\Users\Admin\Desktop\ResolveHide.xlsx

Filesize
13KB

MD5
eeb121f9f72e807e9df29f0c5956740d

SHA1
650cbdbaa20406e90a67c2b8eda790dc075cd3a2

SHA256
8106fb4c775e9884d1eb6e627942da2192d15597025cf3d65c227f9222e77cdc

SHA512
311812b82db0525407b5053e3b17b768485aca90264861052c6bb4339a4b7323694a4c3a2d8ede9cb66513967a9ec6fe5617296bee682a39c17178c60c109bc7

Download Submit
C:\Users\Admin\Desktop\RestoreSubmit.snd

Filesize
602KB

MD5
0bf682608fabc43775c0219fd2300595

SHA1
c397a94df6ff39e90c964f7dafe85a63d7612dff

SHA256
b6232ce288357cd586608d05e772e77694342be064d92a1a1688b19f8a1086f1

SHA512
f6489820d820f9932df984a84d71eb034e8cb3864cbeec3ae2405f171d3b875caa039ee2cf242bbe96d0961f3ad186db2a7d0f7e9aacf32a87b742083c8c4a39

Download Submit
C:\Users\Admin\Desktop\ResumeBackup.pub

Filesize
503KB

MD5
a6845923c0ed41727577bac7be44ea92

SHA1
54ad75b774243412655f48285ec54ce785868f7c

SHA256
e9de5e7d76879c21da1a6ca3ef7b9bc84b65744a41ddf3c2a3eb6effb6d57e23

SHA512
76bd3ac33c04893a4b8ade50d7d08f9192851f3a768571518d1492fc41bdcf01b58283814b13a7fcf3c3e6e39cbe7c779c0b243e33cfe27c95379ebe1bcfd5ae

Download Submit
C:\Users\Admin\Desktop\RevokeConvert.pdf

Filesize
479KB

MD5
22446724824c334b7f54e29106843275

SHA1
45079f2739820c8b706ba1a5441492680cfd5680

SHA256
9a0540df58cdfeb5e4271eae421530011f00ce5ce5740d800c8628da002ce1fb

SHA512
e63368cff291a006a6fb55af366e35cc645cd15d491c502d9a92fe0a23c22fa83da520ef30d6fa140682ae5dd3c57feb25fa50f23cb41d495a24daa949a6df82

Download Submit
C:\Users\Admin\Desktop\SplitAdd.docx

Filesize
13KB

MD5
b4c66f15866c2dc7cc246105146832a5

SHA1
1f86e85d3b2464036102fda1149ee5359cfe0e8c

SHA256
30322d225c272bfdb6096af33bf3f209602899e706d549a8a67505b0a1d4e4f0

SHA512
095f81e2ba460b84724d0c03f4fd5a46b53acc78b8f7c338f654565d9f2879f241f8a8ad33f3eb586356d9e27c10ea45e111d2152d77e5fbb2b4d7029077793e

Download Submit
C:\Users\Admin\Desktop\StepRead.jpe

Filesize
380KB

MD5
400f288cf5e7b289ee40e8366c7543c0

SHA1
17d8b449cb23111fa8f13128189027064c19b452

SHA256
92a277206dcbbce5a8ffacd371ce4f59ec43241623da8f2c43de3a226d969700

SHA512
cb5a0e2cfbdce4708c5985f65854a7e82f77087badfaba8938aed5fa2d376ef5a906e6f8c713e3fb661c99b958a1181079f432401e255a7fb0999c5bb2ab2235

Download Submit
C:\Users\Admin\Desktop\SuspendLock.docx

Filesize
724KB

MD5
1cbed0bc2ac8b2f2c5f15ec3fa833fbe

SHA1
3ff56e68da61d77d7c380db5dc2a55dea90af5c9

SHA256
7a59c48f2fa992646fc764d7f148ddb17bda0016bd8caa92ed12f69d49e028c0

SHA512
beaa22fa2e7b17c4e91671afd99cd2293c1abb52dc63d2d8dc65922e9e6cfc248120a31f199db787e1d9b7559c4dcacb3b671513947b81ea0937678fd4cf5689

Download Submit
C:\Users\Admin\Desktop\SuspendSkip.wmf

Filesize
552KB

MD5
f00ed35ffaa904756a8536b9f732bde9

SHA1
25f0b7b93f52741547c849736a54c9fe3d03510c

SHA256
c662db8b51ba5b6ee65da681d44276fa337ae6cd9a43b4088489a13463f2b6f5

SHA512
c3443a0ebdf7089502e5bcf2d07b0224b136e6a515fdb376b454aaefe7d3c8afed6b0bddee39aea3131af4c8fa2618e290957bd6b82fcacd817b5a7394d1ef6d

Download Submit
C:\Users\Admin\Desktop\SwitchApprove.mpeg3

Filesize
847KB

MD5
4d61fa1bdbfb58a339ff69da3caf0706

SHA1
3b9dd17ba23f83b04ee2f6d487362412d630a2b6

SHA256
1838fdbea648517afae7195e8174c47af0b1236787b603e972f120c3eb30b9c5

SHA512
b43057fee4deb31349a1387181caa1ed75b8ebdb8def17d23b757c5c7f9a25b8c8e41305d45f0954104ddb015e7e3ba8ac608339f891b88163224a88b06822e5

Download Submit
C:\Users\Admin\Desktop\UpdateUndo.docx

Filesize
17KB

MD5
ea8192d75deed9deaa4f268eb50ed5d8

SHA1
03db98366ee83aaee16efa97602ec6403ef5af65

SHA256
54722df2cfd77b260f030d03dde952fbcbeaba92d746b6b98ac71149f4b30d36

SHA512
b8128b5aaa0a9db231fdb3f527dfda75407810244a40c9ec221e85bfeb5052c3bb7cc63aa1fb4d6690457077f100f8c3945dbcad57c3587f55a88b0e0cdcab18

Download Submit
C:\Users\Admin\Downloads\AssertPing.mpeg

Filesize
425KB

MD5
ac8ecce6a4b56389b21446df2b9f32a8

SHA1
ce8d624b66fb75dad196b3a3a07c60afdf993baf

SHA256
1aedaba059512d5630f3b97f295c2e681fa7f4e1c7a7a1643d4702784336187e

SHA512
204b269894cfe6e80ea9b1eafc823ee6c1aa06892534722019eba3c530e1218ec8cb2930cfae43fac645f5f0a554ace903150d08490c2f5aedd18be9bc65de68

Download Submit
C:\Users\Admin\Downloads\Bootstrapper.exe.crdownload

Filesize
796KB

MD5
3af8103c6e2ba160987b5b4e87b231d2

SHA1
b65c5f0351e1689b7d1e1e68e2e443176831378c

SHA256
66cd57c5830bb579d017a0a7b4924e03a4177ba40c82045100da383ea2144946

SHA512
fc7c3e1326fbaee32066e567384c18abf7e85cbfa489a48fa25e0bcfb79d8f3f8f7e4e9a61e6c6f2a1203e15682fd35ab8c3d4988298b837f2854b7c7791341a

Download Submit
C:\Users\Admin\Downloads\CloseRequest.cr2

Filesize
269KB

MD5
682a2040e16bf07248a5dfee7f3fca81

SHA1
ef59c56ddb78040f0557545dac7e71c676468d7b

SHA256
68a3ff44590013ae9e25059e65f7e2f474ffb1ff3467608cd5b96001486f72d9

SHA512
3f1c6c3c6623cbd843e3123c2f1a1b698ea5e7e366811e84573cdc69cf950baba1115331fb900e5595adf8de25d2bd168928d08b0a1a346e8f965eb5f4fbbe4f

Download Submit
C:\Users\Admin\Downloads\ConvertImport.001

Filesize
255KB

MD5
bcc5fd885c54784eac270d4b800862e7

SHA1
eb31102b7ad5a6716992224c3fcb9cbec8dc904b

SHA256
cd74440186ef760be654b85383e6911be79ed25d9b45aa054316039b5d2e8626

SHA512
4f061a512f88c6eea5701127c5d5054c6d2ce98be211dc90b0e3faac0c8544dfaffe54975a4abed1962c9ff0e8c39ace201f859907b49462f3f7591872a20a05

Download Submit
C:\Users\Admin\Downloads\ConvertToUnregister.snd

Filesize
283KB

MD5
b93924f9cc4e8d2673cd62f404fc25e4

SHA1
e28e7bc92af941e362b83ce8f8a6e42e00289109

SHA256
54309ca165cc2d45183474b66994768d4a91489618076b4b321f2fb140a257ea

SHA512
71f56f2efdf68e4f7039b3f5eb9e9c1ab716e1594bf42574a2c4ce46b0807cf2f52e96ca2fd9e291544db0865897a312cc0bbcceb22adc8f64037ef21dec3302

Download Submit
C:\Users\Admin\Downloads\ExpandGet.wps

Filesize
623KB

MD5
dfa9f91aea7eaaacc85993f75c7e767f

SHA1
dae6e38320825aee13fdee2c045a92e0e52624ee

SHA256
df5180638c7fcb1746490a5edfd153466c7f8d969e2e959038f32910b473f103

SHA512
55dc18717086e8e7f7d157334e7f40a57d9f84e52a382e12d243001f402f479a508c1a43d210037b585517d8e056d347e14182c003537fce1156db51c9850e26

Download Submit
C:\Users\Admin\Downloads\ExportDeny.ico

Filesize
325KB

MD5
0647c4ba0dc8e90b337b471374bba4f7

SHA1
d5254b65e7aa9992f58ee209fa9a4822252bc9a4

SHA256
4b93fd116e883a810f4d1f8c0355989a83fbc027390b4ec90c062fbd98eaefbd

SHA512
552629d723e59a1373a38fbb0caa870e49b5bec09b5c5744fceef2a6b923041181b03f46e553f7919579f2e5b4fd1f68a385a6791f0763c541ea9ecc4b3f2179

Download Submit
C:\Users\Admin\Downloads\ExportLimit.xml

Filesize
439KB

MD5
f388590cac77f97fecd1edda83f4689e

SHA1
f05c021f60276dc0acd584a6496ad2b9157ed24f

SHA256
b8038be2dc566f1a7128311669162bdb8ed501767a1de730a79ff1579078aa28

SHA512
da1459cd099f5dce11f8b1953b3a6b0b8f4422ea9f767dd475e08f0411c8ad1483d68010fd7fd0a2175e4e10c271ef9a4d94fca9565e53a00448976fb1b235ec

Download Submit
C:\Users\Admin\Downloads\ExportReceive.wma

Filesize
382KB

MD5
8e72ef628d2dd1a147d4c14109984f91

SHA1
c4febed55a171407e5ee15cdbb475f8dd8bcf31a

SHA256
869b356ea8396353a871c219ec475384ffb8e799bea7d4e6f5ae60de510fcf16

SHA512
afc29a64fd46247a0fd121f796f70e93d4bbcfe760bb83d0452b53e4c279687ed110ca1889c9d58f2eb83566b7c39030b9d70929116ca22e6f669f1ea010d1a7

Download Submit
C:\Users\Admin\Downloads\FindUnpublish.vb

Filesize
481KB

MD5
32d505b27b1d8adaeaf5c9d85feceaaf

SHA1
458b05585141ccaf3d93ee27dcd4ac5409faa88e

SHA256
aa245496bcc9ad628a4e42ee8f3227bd84e4b0883088678faf4b27920729f733

SHA512
2e276e9aad1dab064d9858780531d29c2ae03d9bdaf5ffd46ede435bb80224900aa3fb8aa1ef4c3b06f3918c55df38fb54785ac231faeaa80282f4e32e20e6b3

Download Submit
C:\Users\Admin\Downloads\FormatUse.3gp

Filesize
637KB

MD5
86575e8c9e2401f5fd605b48023bc5dd

SHA1
fd1d81c263263a641ad786af5ae83f6337d466f0

SHA256
c2d770246b09bbb30fb757a09baff96aa5a90c019400eac2b4739356836a4900

SHA512
81f14469df8222508a97359498072aaa5cf7c2b367738df0c302532895a87bff57be723c49492cd506f4a640db13f27289f441ede121459d8235f83130b81177

Download Submit
C:\Users\Admin\Downloads\GetSearch.bmp

Filesize
496KB

MD5
367925534d0f635b3a949a7e037d3f01

SHA1
0bf2336914efea7aea7bdf1c98896c268bb425a4

SHA256
5292ac358e0b6ab26797d321360f0e53886c8ebd857d50ce0d2603f7715ea9cf

SHA512
3ef0d1d499abcbb96e7f1d91f787881e6c9ce44c75a7a3d54e79752424c1e5f5fb9f3bd0ac13e31b63d0c01c5d5201cbff26e25fcf802361e11c3da34fb4a374

Download Submit
C:\Users\Admin\Downloads\GrantFormat.jpg

Filesize
396KB

MD5
a558dce63e03d069af9945828c325967

SHA1
3da84eb8f2eb42af71cbd51f630b718158cf5a05

SHA256
9fdca37083a0a58d516965cef0e92e11da285eb321e337b0dc4edd07479e795b

SHA512
0b2ced65dc027a5cfbe1b7115456a64627c6ed3fe3bee826678306be8446e9f260be8130ad2ed19e1bada676608ff161d40f0bda0582a543d5fbe337c6c2f4c9

Download Submit
C:\Users\Admin\Downloads\HideCheckpoint.dotx

Filesize
453KB

MD5
e95ad00add5b389898c88a62c7c013c3

SHA1
42716925a89b5d3e31a7a2e89132d6f83abccbd2

SHA256
60980079cfe3a301b01c195f57acf15759c4b560b0558b76b278dfa92b8d4ad9

SHA512
28fdb54837c8a56d1bbb0b9c9f145c2fb839ee085a0a36d88bd6255d48b6783b84df9404ec876dc842a7be4104c340db226f2e1769c7522cb209f9915c709ab2

Download Submit
C:\Users\Admin\Downloads\ProtectResolve.bmp

Filesize
666KB

MD5
55a921964b5419c5783f7325d8a27024

SHA1
26c48842a6a6c7766a50c3aee69597dbfb204b50

SHA256
1f3ee52d94375c95f773aa753921f3e0f5cdb39a4294ec5dfd4ce4b959343387

SHA512
8214396140aafd896613d019ab950c2e79eaff4a37e198ee457e9bb1071208f5de51e06dc240bac2fcd132a578256edab32861669760b0a5642977bf9a1ec395

Download Submit
C:\Users\Admin\Downloads\PublishClose.jpeg

Filesize
609KB

MD5
895964547d3592e6cc51a83f8aab16b3

SHA1
fcf5663f48f1e672b96ba36aaba2350cf0bff887

SHA256
782708b2c5c0d16ca5b2964fbf78f95209759e5f0c11f26a178cd924bc872e04

SHA512
c1942d1517ed04f232b33de302e1defed8ea9d7ea0bcad04312bf3f700a2678a856f2252c68870009a9d1f7b6b8d4a57f68fde40c21c0b4c574e81cbccc6f88e

Download Submit
C:\Users\Admin\Downloads\RegisterLock.tmp

Filesize
595KB

MD5
089ed252d61048ba9f14813769dd4e90

SHA1
4fc0167bc4c1132b7d26aa49e9cb11214b5d5f4b

SHA256
19785fbb3e0916a3775183392d2f5c2e227c66c233274027b866cf8800156f18

SHA512
2e0ca2cad588455c92bd286fb40364605e7f99dcab8c8ed15ddc5847714a4cce20776e1f65588a259346a74fba8a894f3286982386b134edb5c2dc0664ae9020

Download Submit
C:\Users\Admin\Downloads\RegisterSkip.xlsb

Filesize
694KB

MD5
bd537108694483646333352f591458bf

SHA1
30abd320011b4adbdfc0d39b5444bc1e6360a633

SHA256
0e91adbfe34b7486f133066136acff7aa681d4abc888ce73b5c76be3cb027785

SHA512
c17670bc8b6321447ee7bdf18b83995287dac9016f4469404834b9239365e20055de8f1e056ae90f1a12b13fd840236d2d78077b4d4e6bf0854628eeb2959571

Download Submit
C:\Users\Admin\Downloads\RenameRevoke.ps1

Filesize
467KB

MD5
b4f7ab9e70e6dbf938c424bdce669d15

SHA1
923dc06be6d6d606cc7ecd5fe90b57052c409c17

SHA256
a6460033544b65ef7f390a093154eb4649d384bcb8f9db350b6d29bf63540b81

SHA512
8212eb52e3c7a20dfdd2f70198add6935fca4433662a551464eb3f9a99c0e44e7ec6522000721dd0b7e3a90aa41f5e96014ab3c7311ff4e5632067b6cded2026

Download Submit
C:\Users\Admin\Downloads\ResizeFind.eprtx

Filesize
311KB

MD5
27cb7c0e740714c12b1ddc6602313607

SHA1
b52011dc4d7ed3c8faad5b90981d12d4a7b1f9a3

SHA256
f3d187a4f3b662b7bacb640baef971c39d3db42a5a3b11455dd5175aac6c676c

SHA512
19a83edd93a77add24c16cfb6d150bcb92c07a45ede8a1f6d25cd3ce3ee6e6de6c89a53d36ea58321ad2a65e9ea6b4f2606e30047a5f870ed8ca7f3a763e8730

Download Submit
C:\Users\Admin\Downloads\RestoreResize.mp3

Filesize
297KB

MD5
c6c8f2a3302ff64936308ddeba52f973

SHA1
aca53d270d409accb9a220481f3a8b64e2bfb07c

SHA256
879d097a2afc3120a02fb0bb201c5bb91d75976666e870c29163908978fb3ea6

SHA512
a09705eaa3a96ef01797e232713fdf56501541e433f0502b2608b02a5cfd9c6c4d8696e38c4b99dc2ddfac8c9dfb18b0c3e038bd28268620299501fcb6827f9e

Download Submit
C:\Users\Admin\Downloads\SaveUndo.doc

Filesize
354KB

MD5
6782d8717ea717ec70ea05fcb9d5b558

SHA1
8ee81bb895fc0b200630f70245491abb1ff891ce

SHA256
51742473c12debcebf2fde310e6013237c1d2542659c67ce8d2f76541343257a

SHA512
430abee5cbf47a73a8103b249f4fbd9af5fa9ac1db607add78c89218f1a6b8e436f76c60c25f29510d3e13bcefcf1a124c200cebdf126b657e8d5061d4a1ce75

Download Submit
C:\Users\Admin\Downloads\TestSet.eprtx

Filesize
411KB

MD5
e4a01c360d5483e22437c3f15c341745

SHA1
8d25abc91bbd71c2d2a0c76d79287b5cb27e3a96

SHA256
ea32367c40f35aa59e83615d0aae2915749e62b3a8ac6e771c063fa44bfb7ad6

SHA512
facfe06a40c60bac073c64ff1e51f75a0c5572c7c3aced5e2581090b67fcb18fdf4f52b5bb9ccabb8a31aacd6724421d691312c1ec77ef82aa9c93a8dd8c80be

Download Submit
C:\Users\Admin\Downloads\UseDeny.AAC

Filesize
538KB

MD5
43eaf016d6c6ea0aa068eb7e83e7d7ef

SHA1
1907ce7b24db9895d59611c6d0e076c275fb4bb4

SHA256
a0ca75c1dc6a959d3c85e9ad157aac2ed4ba95a004752a4c73fd7f217a7f9bfb

SHA512
c9441630fea923a867876697e4cd396635f898ce11578d82f96477540a2f208023686dee56f10bb548266eb9b2e4a66204a8231c86c7628b12a4201c6e20e5cd

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
d50224a8d6722631549cc80effa9b3c9

SHA1
2b6a2837f8086bd372f945963f3cb7f65d570b55

SHA256
f095d95b900390ce1797493a55745c32f862ac66ebc67b2faaa3695184515844

SHA512
cf9fa9577495fa5f172760446a358b285e8c26a762df887b9cdcf71d8b99dfbe54912246aaf76ffa6c1114bf7227221fa956ba92abeef29a2dbb3e344399fcc2

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
30087822348bc4b03da5937f6875faf8

SHA1
2a20d4ccbe537197818a4f54a55872d59812a9a4

SHA256
0b550b8fc3edbd434ee17922d986eda4095fca741353281f6ca4122744f3c816

SHA512
aab585f75b32809ae22e33452ee536b66a235cb4bc4d8426cda6fa970578e799ad21b99a53a79dc71382f3f8301ac5b4ed213136f405f30b512800c1df72a477

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
8b66ef80d49e0fad26e66ee87d55dd15

SHA1
c2f9adea833d1e495957d8cd691c3fe8c8fd6ffd

SHA256
77a3568c2e4c6a5c74de71558d2157a652151ac8c5676e939c217f619d9239c6

SHA512
78a4b7eee17437854369fd51c84ae5c25b57d6f26091572ca2274e5f05eebafcc23350fcf96580336167aef3f31174b9ae21426137111c184fc422dab1ab5c64

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
d4421e25c658cc1c75d274617e2d15ac

SHA1
d3feab9ff38e6bf49b62ebdb9f5eeafcf238f54c

SHA256
aee2d8a6a775dfb990ac0e63417a3768bfc44a4c9c3b42a90043ad07fda2016a

SHA512
9012ecb8584b708a0cd4bb7b3bdc138af178e6256df93973bfcf33bd8b45b680c9cc3f6e2087edb43912903317062f7491a024e35ee32e775c8b9f28eb06ee73

Download Submit
C:\Windows\Installer\MSI11AB.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSI2A87.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\e5a0852.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
memory/692-187-0x0000000000E90000-0x0000000000F5E000-memory.dmp

Filesize
824KB

Download
memory/2896-3675-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/2896-3673-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/2896-3662-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/2896-3643-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/2896-3695-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/2896-3644-0x0000015C1DB70000-0x0000015C1DD16000-memory.dmp

Filesize
1.6MB

Download
memory/2896-3610-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/2896-3745-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/2896-3609-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/2896-3612-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/2896-3611-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/4488-3095-0x00007FFF4A5B0000-0x00007FFF4A5B1000-memory.dmp

Filesize
4KB

Download
memory/4740-2649-0x0000000005BB0000-0x0000000005BC2000-memory.dmp

Filesize
72KB

Download
memory/4740-2638-0x0000000005B80000-0x0000000005B8A000-memory.dmp

Filesize
40KB

Download
memory/4740-254-0x0000000005620000-0x0000000005642000-memory.dmp

Filesize
136KB

Download
memory/4740-255-0x0000000005650000-0x00000000059A7000-memory.dmp

Filesize
3.3MB

Download
memory/5328-30-0x0000000004850000-0x0000000004860000-memory.dmp

Filesize
64KB

Download
memory/5328-31-0x0000000004850000-0x0000000004860000-memory.dmp

Filesize
64KB

Download
memory/5328-27-0x0000000004850000-0x0000000004860000-memory.dmp

Filesize
64KB

Download
memory/5328-32-0x0000000004850000-0x0000000004860000-memory.dmp

Filesize
64KB

Download
memory/5328-29-0x0000000004850000-0x0000000004860000-memory.dmp

Filesize
64KB

Download
memory/5328-48-0x0000000004850000-0x0000000004860000-memory.dmp

Filesize
64KB

Download
memory/5328-28-0x0000000004850000-0x0000000004860000-memory.dmp

Filesize
64KB

Download
memory/5932-3780-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/5932-3779-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/5932-3781-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/5932-3839-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/5932-3778-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/6008-3077-0x00000213A7A50000-0x00000213A7A5E000-memory.dmp

Filesize
56KB

Download
memory/6008-3068-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/6008-3069-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/6008-3066-0x00000213A3B00000-0x00000213A3B22000-memory.dmp

Filesize
136KB

Download
memory/6008-3071-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/6008-3070-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/6008-3072-0x00000213A3AE0000-0x00000213A3AF0000-memory.dmp

Filesize
64KB

Download
memory/6008-3073-0x00000213A4760000-0x00000213A47F0000-memory.dmp

Filesize
576KB

Download
memory/6008-3074-0x00000213A3EE0000-0x00000213A3EE8000-memory.dmp

Filesize
32KB

Download
memory/6008-3076-0x00000213A7A80000-0x00000213A7AB8000-memory.dmp

Filesize
224KB

Download
memory/6008-3182-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/6008-3065-0x00000213A3C50000-0x00000213A3D02000-memory.dmp

Filesize
712KB

Download
memory/6008-3238-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/6008-3064-0x00000213A3B90000-0x00000213A3C4A000-memory.dmp

Filesize
744KB

Download
memory/6008-3063-0x00000213A3F20000-0x00000213A445C000-memory.dmp

Filesize
5.2MB

Download
memory/6008-3307-0x0000000180000000-0x000000018100B000-memory.dmp

Filesize
16.0MB

Download
memory/6008-3062-0x0000021389360000-0x0000021389384000-memory.dmp

Filesize
144KB

Download