rhadamanthys | hxxps://cdn[.]discordapp[.]com/attachments/1267523048697888839/1276286371652440076/BootstrapperV1[.]17[.]exe?ex=66d42e8f&is=66d2dd0f&hm=5db523c8575fc0e1b87782823791d5dc31b3317ee8f88b3fc2eacb0e13e9e97b&

Analysis

max time kernel
294s
max time network
296s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
31-08-2024 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1267523048697888839/1276286371652440076/BootstrapperV1.17.exe?ex=66d42e8f&is=66d2dd0f&hm=5db523c8575fc0e1b87782823791d5dc31b3317ee8f88b3fc2eacb0e13e9e97b&

Score

10^/10

rhadamanthys defense_evasion discovery stealer

Malware Config

Extracted

Family

rhadamanthys

https://144.76.133.166:8034/5502b8a765a7d7349/k5851jfq.guti6

Signatures

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 1816 created 2920	1816	Solara.exe	49

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
1660	BootstrapperV1.17.exe

Loads dropped DLL 11 IoCs

pid	Process
4752	MsiExec.exe
4752	MsiExec.exe
2784	MsiExec.exe
2784	MsiExec.exe
2784	MsiExec.exe
2784	MsiExec.exe
2784	MsiExec.exe
2472	MsiExec.exe
2472	MsiExec.exe
2472	MsiExec.exe
4752	MsiExec.exe

Blocklisted process makes network request 3 IoCs

flow	pid	Process
15	552	msiexec.exe
17	552	msiexec.exe
18	552	msiexec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	pastebin.com
10	pastebin.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4236 set thread context of 1816	4236	Solara.exe	127

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-install.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\diff\character.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\package-json\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minimatch\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\installed-package-contents\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\lib\util\hash-to-segments.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\config\definitions.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\safe-buffer\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\parser.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\format-search-stream.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\selectors\attribute.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\util\unesc.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ci-info\vendors.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\promzard\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\strip-ansi\license	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\npx.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\run-script\lib\node-gyp-bin\node-gyp.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minimatch\dist\cjs\index-cjs.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\npmlog\lib\log.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\agent-base\src\promisify.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\client\fulcio.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\binary-extensions\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\pkg.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\jsonparse\jsonparse.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\build\common\helpers.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\build\common\constants.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\yarn.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-audit-report\lib\colors.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-dist-tag.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\diff\sentence.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\ssri\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmversion\lib\version.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-audit-report\lib\reporters\json.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmexec\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\which\which.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\abbrev\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\models\delegations.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\color-support\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\make-fetch-happen\lib\cache\entry.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\balanced-match\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\tlog\verify\set.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npmlog\lib\log.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-pack.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tiny-relative-date\translations\en-short.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\lte.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\emoji-regex\text.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-start.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-init.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\yarn.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\just-diff-apply\index.mjs	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\readable-stream\lib\internal\streams\end-of-stream.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\vendor\QRCode\QRErrorCorrectLevel.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ieee754\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\chalk\source\templates.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\just-diff\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\util-deprecate\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\MSVSNew.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\event-target-shim\dist\event-target-shim.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\debug\src\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\@npmcli\fs\lib\rm\index.js	msiexec.exe

Drops file in Windows directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\SystemTemp\~DF1C0FFCF84E7290A4.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI752F.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\e58680c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7453.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI755F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7959.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7938.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI94F3.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF633481B197D1C1B8.TMP	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\Installer\e586810.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFF0BB008DC3B3E398.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7078.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7116.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI93C9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7106.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFCFC507B2E125E58F.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI91E4.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9185.tmp	msiexec.exe
File created	C:\Windows\Installer\e58680c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BootstrapperV1.17.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3352	1816	WerFault.exe	127
3228	1816	WerFault.exe	127

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Solara.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Solara.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openwith.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133696057917169325"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "3"	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 8c003100000000001f59039b110050524f4752417e310000740009000400efbec55259611f59069b2e0000003f0000000000010000000000000000004a0000000000073a6a00500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BootstrapperV1.17.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Solara.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe
1660	BootstrapperV1.17.exe
1660	BootstrapperV1.17.exe
552	msiexec.exe
552	msiexec.exe
4940	chrome.exe
4940	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
1816	Solara.exe
1816	Solara.exe
3168	openwith.exe
3168	openwith.exe
3168	openwith.exe
3168	openwith.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3536	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
3536	OpenWith.exe
3536	OpenWith.exe
3536	OpenWith.exe
3536	OpenWith.exe
3536	OpenWith.exe
3536	OpenWith.exe
3536	OpenWith.exe
3536	OpenWith.exe
3536	OpenWith.exe
3536	OpenWith.exe
3536	OpenWith.exe
3536	OpenWith.exe
3536	OpenWith.exe
3536	OpenWith.exe
3536	OpenWith.exe
3536	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 1572	4940	chrome.exe	81
PID 4940 wrote to memory of 1572	4940	chrome.exe	81
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 3772	4940	chrome.exe	82
PID 4940 wrote to memory of 4268	4940	chrome.exe	83
PID 4940 wrote to memory of 4268	4940	chrome.exe	83
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84
PID 4940 wrote to memory of 380	4940	chrome.exe	84

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2920
- C:\Windows\SysWOW64\openwith.exe
  "C:\Windows\system32\openwith.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1267523048697888839/1276286371652440076/BootstrapperV1.17.exe?ex=66d42e8f&is=66d2dd0f&hm=5db523c8575fc0e1b87782823791d5dc31b3317ee8f88b3fc2eacb0e13e9e97b&
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6c0ecc40,0x7ffb6c0ecc4c,0x7ffb6c0ecc58
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,10454670096077152549,4991090806811409689,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1832,i,10454670096077152549,4991090806811409689,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1628,i,10454670096077152549,4991090806811409689,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,10454670096077152549,4991090806811409689,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3080,i,10454670096077152549,4991090806811409689,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4804,i,10454670096077152549,4991090806811409689,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4780,i,10454670096077152549,4991090806811409689,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4988,i,10454670096077152549,4991090806811409689,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3544 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5132,i,10454670096077152549,4991090806811409689,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4436,i,10454670096077152549,4991090806811409689,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5444,i,10454670096077152549,4991090806811409689,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4704,i,10454670096077152549,4991090806811409689,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4968,i,10454670096077152549,4991090806811409689,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3692,i,10454670096077152549,4991090806811409689,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4356 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4988
- C:\Users\Admin\Downloads\BootstrapperV1.17.exe
  "C:\Users\Admin\Downloads\BootstrapperV1.17.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1660
- - C:\Windows\System32\msiexec.exe
    "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
    3⤵
    PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3148,i,10454670096077152549,4991090806811409689,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=2952,i,10454670096077152549,4991090806811409689,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5836,i,10454670096077152549,4991090806811409689,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - NTFS ADS
  PID:72

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3540

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2476

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:552
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 9CA6D7B932220C1EF917D7F1C5FE5A6F
  2⤵
  - Loads dropped DLL
  PID:4752
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C51408C1B1FA97E5A491632603032ADB
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2784
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 561823561938B0E42F6C135A47A96321 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2472
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4636
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:684

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3492

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3536

C:\Users\Admin\Desktop\Solara\Solara.exe
"C:\Users\Admin\Desktop\Solara\Solara.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4236
- C:\Users\Admin\Desktop\Solara\Solara.exe
  "C:\Users\Admin\Desktop\Solara\Solara.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1816
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 484
    3⤵
    - Program crash
    PID:3352
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 516
    3⤵
    - Program crash
    PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1816 -ip 1816
1⤵
PID:3568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1816 -ip 1816
1⤵
PID:1516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e58680f.rbs

Filesize
1.0MB

MD5
b493ccb2a77574dbf29440dceb63ab17

SHA1
ad172353e666b70247e2d70315d4d93b233cf77d

SHA256
7b284e9a004eaed75fd7f3605e402b6e73aaafdd1fdcc52a5d00ef4bb7c61195

SHA512
1d58b7cfb9b0c584c110ef97fbc1205d1eefd85dd3e485a1dbda56a3bb7cc0fc29c8178bd4e76df558e0eaa2276e80d1d7c5abc9b2d7126bb780460362eb6ef7

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0ba8668b-6be6-43c6-bf87-59c770c739fd.tmp

Filesize
9KB

MD5
a0f4761c506c7659f1b13aa89ba64eef

SHA1
33a18764cfdf8e7dc93493f3ffd1a9c99f6dd5e6

SHA256
9fdc94c18eaee25e8572456b6871a884f955992d9c6c48416c86ce1d5130d48c

SHA512
2d77bc0371de43bf538836136484391cace2206bf05037f774fcd96b109bb02fb2b6b31d5956130a8f57a4ddb9ce82de604f8d99195b8e0446a22b217afcc550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5f43651e-72d9-4db6-b4ef-f38ad5a95dec.tmp

Filesize
10KB

MD5
e061b8456d20435beefe8a9db7a7f33d

SHA1
3f893798ec186786804da48e692558e151ab580f

SHA256
9fe8121cfdd926ef99f3ea4a4ef049a569845e0e552b87099d925b59e04fa657

SHA512
435016a97a3c6fdc7fdd9d73bb184e2dea208e3a259a357cc7373c34946b51598814a7d06632f959d48f6e417705048a4a504a5ed4c77cd6efb872df6d9b8eac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2f9a383275acbeed001cffd085b60b5a

SHA1
095c9b7f39565cbcbc4f2683971c7567f8f99700

SHA256
1a6dce78d67511605f601c8b0b398fbd91cd2ef7a1211e35334c8a225133bedf

SHA512
552c4f52db5ca18d6f16b5ed904e9525203037d18dae7752b17aebaf1644ea8c86460133869015938a6e7ef30b462b49d0a4d364fc90d8209ff485cd1a456849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
68da6dcd9a28eca86b168b5ec491bfa8

SHA1
75cd2a3bd2c2fe37bac435c151d5a58eed3337c8

SHA256
a913628f10f27fe20fc2032fe2bd27223515437edc42f9b370d6959b90856c35

SHA512
b72eede568e22b802b0cf25ef030e0f4f4578705ef7df44eca35d3906b5bcf5752f9ca0d15204d471033f594b867129a3321e9075947e08dc77a6035dc67dc02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b7d073e0e5091358f1f8b507df2d47ab

SHA1
c3993c2bd9c00a2c2646b82cba3c13b61a92e279

SHA256
880eeff424410c6b7ff638e596b92bec9e20e43a10a437b0a26f6d42d067a03b

SHA512
4dc2330d6b71801a12dccd1ff22cd520b53f368a558129d3839846839e6d46849066abc38bae2c3835119c72565fbf99c8ab69f2272c60a68d58c9aae0da1c09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f385be93440caf67e530a56359c6c33b

SHA1
72981b42ce616425dc7e5ae812ff9cbf00eedc13

SHA256
8689c61bd3edd72819069774ba1ec8c4e9878aa04dfb45038c6fd23bae73ffe2

SHA512
261b55e4a543c7f23f985e5ca584255a08a6a6d6194b892bffb8c8a59ca7bceda507501b5466555fc0a95103e1082b1704a2cf8c18cceb58a764e379be1f881e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f96749fa62a0e87e100c3637c0120936

SHA1
28c2442bcccb0e7108479914241db8c956e7b7a5

SHA256
985c2fe978ed8f71902842659ea0fc7bd42bf42da57928158819e94e943065da

SHA512
33dd5b719a528eb7c4c3346256d674962c4b9173a0b6ce1b7aeaeab1f6caa3b565c9ec67efdcd94c4d9b574043951bdf5ecaa522413ad2c8883cedd9c940e57e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
df06d361ff042438e7b1f348494abbe2

SHA1
1a79f05e3fc4966a1c708fbd3780a6028369ecd5

SHA256
1a778cdb7660a0ce9fa162b4d78eb65da22fc12110eeb7d424bef3995e809687

SHA512
bf93900aa29ecfa30ed5d863ec3f77d48ff81e0451e2bc16c5ee269765b369c21bc7a2dfe48ef416ce6db94d0c51f89481ebab72f0105d262b7380ace910953c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
44e832707e898e7ff4d2dd821cbd5393

SHA1
bcfa08145276489b07d8ccd4e081c7c291f540bf

SHA256
6b5271b17c387f59030767d0ccccb8f113bc994fc983169efbd6ac1868f9371a

SHA512
154e51c6f4064eadbe78bd0d17e8d6b7e14b33b7bb24b8e35c506889233898caa662589abaede58f3f63510cf3c9a9d94cb251a482c3b42b949665ff42cb22d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
288797c2c1b953124b9d9542a4525112

SHA1
de3a25207b924e81cff8c45fd1169d72510567e3

SHA256
e2cea23c529b45c43ecd67603a9efc930d8fa4a1b162b88eff6d3a2b8831d261

SHA512
04b6259a9cc4059d9bf5f9b497d5918ec1fa69ff8bbdb39d22b09848551096cecab49ef667ca90e6d87966b91a5ce2fd247da21e65f2c392f304094b152896ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5760d1842792441a3ab2e99814052d0

SHA1
457da312817bca073b250e652ee28016a7febb0b

SHA256
ec8709a37dcb18cf558ebaac11cbb6027eeec166ca17d1a55d8b7eab7a1da570

SHA512
a2ee26ba9e98f6112643a8cc6668ce24951b069e18cfb2b977e2a509e50eb953c291b04ebcca2ef6b0142d962b90c9f38e8889ac59deedc0673fd9a13c1a2ffb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f8403c57f687ef9aab69b3de475662b

SHA1
519cca684437b2767fbf5874b33dddf1a51e880a

SHA256
c93a5d16045b5361de3f4cd7ac8f79e94bff4462e70efc8acec181724c61c73b

SHA512
a5f7fa1744988515d810f2272ce6bbcf455893bff196d6c94e43a6c42678ce637a33844492297eececc80fd3253e151374f3feba4749f25d0219b7011dfde70a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2cd081a199362cdc2464b616bee77e61

SHA1
2e8b43d2f0bc81aa2e77d080cc812ebcf4cebe4d

SHA256
f8505cf42979d672303e40926cab237e424b2b1f8de710383b78dd894215b419

SHA512
19f8e7f0878c6d327be6e7b7d9e187cb0e78591520a066f7e9fd7d880244b2ba4bdac61018f30b68da737cb59e0ecaf06cbd6b92778b9396820132cdb89215f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e6fd43053cc48eaefdd5c82acef13e6c

SHA1
5afd513677912095e882e7062c31be4c1de66417

SHA256
e2e5ba3ccc312a831adb423907025eb06a4e21d96d741133cf5c5c1cb9098dc3

SHA512
2dee77348e3b5480fddf4c6bb4fd02147facf0517f7aa197de887154b2a608e63607655f9c5c3aebe230db6a31502d93960ae6c303d2e728a013c3ace2355b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5ede6d19421c56bda3fba950990efbf0

SHA1
984280423afc3a137a22dde2a8731c4b6dde8595

SHA256
f0c5516cca60f1c99d51729c98a24ce7c47747eed84f8583ddf3033c255eb55d

SHA512
7b468e29ceaa43b785d02b8977a7b86a6b9d6d85c29657bc77c21476b0680f83d34ef8b0c29e60f79083b0640a385fb38bbd6eb65b8bf9081e22008e0b96b0b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c3036fa5e7d913a068f5dfbcff0253e6

SHA1
4344331481a8e93756dcc45ab3a11bc8c73fa8c4

SHA256
d6af8746d31014b4904a1893ada0c45ad102fc0fc119b721a92bf79c7f41724d

SHA512
3d137fd732a607d7dbb538608bbb7ebc234828b46918a267ae13d8a172c6d163b3e841821dfc1708e808bb4438878c12ef407eb23b48c8ab2414cd097bfaeeda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f03550834c78b3a2e2c0686eeb94851

SHA1
54816e39f05e7d8537cc8577b293a9a294553099

SHA256
d003520e10e96811b04b5cbdee51da278c958283ff02c06c14038379e73ba48a

SHA512
39be3f1615cf54a0c38a33699ddb2b6636c98e32876b9a977270e1108b55a65e78d810c44cd7251d1df3a30a67165a110b97c4d16d93b6374c9210377555e929

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1a7a15e48b0ed01b4360dbb514ab8cf7

SHA1
2f2a6ed5aef95ab879f75051f6a5816f6a353635

SHA256
85a44b83e3ac7227d521aec10527d87eee9ab05b0b667cea36a86906dfa56c0a

SHA512
8c0238ccaaa90dd32467d82ceaac8cdb97f03c7331a94682e90324133cc4d8f8a34918ad5a4dd986b416299ff0fa9f5e6f79cb376a8ba89fc78ee007b3e2c089

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
80743a03e6f206157cf6d81bb97ff882

SHA1
5702b10b3c38b890e15d7d0fef25b59227115c73

SHA256
d4c9a903dba667fe28a05e12c046a59c1ad33dc653bfb96b726c0d85fd3dff44

SHA512
77306dc6e41a42a62e9bbfa908fd6955cc35ad43cc77be597747935d3b47abd9475723fc52d2529a21c36d59f6a2a3b64d98e45aa92532655faa90451549bed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c4f721f7dcf34764c3a753d44b34c52c

SHA1
af575fc55e66fee97874b1ceb8e8464d63c44782

SHA256
d0cf59795a3e6418bc3d94601239afefe054f02c469718ad320c7f9b3969c13d

SHA512
e1d60fbf430255c93ae8a2412384383f8d18b1479d7027ec3b855625d6a30df562ab77683f86264c1d92a4fa2b3987b7d204c95210eaa2ae076184ecf033d254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
db14ee89ffca7f71783d0a09fcd5e7c5

SHA1
6aaec4274a922b8fa40278cea351714c20118b76

SHA256
cd2684017f239c41448c8b5168e0cc5d0444512ccfa477cf739a6f447412de17

SHA512
c6962db4773fa5ec5fb578424c4d6035e01620c521ba128e4a14ca74c06eaeceb46d65de426544802a2ba71afb97e9b8cbf32f9cb28117de9a043b364f2206a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9da4cc8d069aa8714272078a7d2ff20f

SHA1
f70bdc627e2074728750cf96967432b51b92c051

SHA256
d5b45e0a013c34735c81ce4e72b528ac251cdf1582c7398ed9e8aed40807bf12

SHA512
65f609b22541df7b74df9605359bb8dce61288ac46952679fc15fa43475cfbf72a0f29ad30aad7aa567e4bb291ae39056dc6d6c66b81f408b0c8f157deada47f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39f144854abb8fb0fe03d7489fc1314f

SHA1
ca9cf86dc0002e62bb9cf1d6c6f657cf1c04c542

SHA256
ec72256bb7a3ec4b79dc581cf4d73d77d5bf4747b246b3e3347e7286b2ba322c

SHA512
4b83442bbbeb6d133d189da161e96c06fa56ef80079b88d881d3884146604ae41ea1f208c1e29f71531b64be255dd8989052907b38cd24949890603bf15aa5e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5c913678d0b1b0a3e1407701429b576e

SHA1
159200eb13ebe1640f943935e05b866c7df1f2cd

SHA256
1f1a607e10e78e52cf9dba353ad0b718c1f5eb4c6f6d69a1bab7e1a0c53203d8

SHA512
7d0ae4de622821bf9501a69fc33091d5049d8f7dd34200296a5ce3405b299f08b04e1127fb44f0607d505b75e680402981db44d3d42c0790e55a1e8fa55c1325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3473cf3e5dfb93c87d06e041550c72d6

SHA1
fe2b40fc5f92bb196e60bbd423b13785c41ae78f

SHA256
998820bd67be5a92fa4c599e85916a9be10133b21cb7441dec2dae49799da6a3

SHA512
c47d06993876b25957e40ce5e70e688e1bc527682f0b4c13895613bd67e1bb77092dadc6dd4295c2ec2add12fac06c7ae3a5508df31549ec2cbf40fde4de9094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d94571f27a270e9220228e3f0d2f441f

SHA1
5685cb2375deaae00aaaf66f2d68bd5009f02778

SHA256
8e407ae9ddc7bb3d47e7603ad6169aa34af8aedf4d77edaebab3071c59b73b4a

SHA512
34e96e829de8d0a0265e5713977dfc0105a6314f9be650f0a7503bedfbe6e7a4ea1a0f8725424d5939b9d90c04ca711ee4a4848906f585b8943d9eefe4452cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
92d0e48a9f3b4712c43cd52f98d74c61

SHA1
eebfb0241545c46e778fa42590c54b7ec9923a34

SHA256
6493c01227aee26b6bfdf73568447d6e515aac829701108dbf2e4775bb281a3c

SHA512
848a35c7d17ea579ea6cf3214a5db1289a1168ddeef48ab01f37cec0d01df9979023aea41d125c688c4debc876a74999c9776a7e061b5d8dbb64234960d4fc18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
41f684a5ca23d429cd0a4500fd8c7389

SHA1
c80bae4649f24bf92b2d27705fa7d37abdd1de61

SHA256
f5f90f429c32f5652a281b6f8d55ab1283f983d3f3b13b1ca3da3b0fbb89c1a9

SHA512
df373f3be45dad69e923b17384a9df886259c360d8f8c2d965b1ddcdb480cb9c0450107351664cb17412d31848866ce934801f10eb2daf9a526e3ddd46eb166b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
985a1916f050db9ccbb27b33ec7afd17

SHA1
57db745ec94ea6f7682c756c4a455fddd8f6778c

SHA256
097e194ef215c3a70586ffbca47f969fd735e59e7963c114b7f4327e5db86f7f

SHA512
f21405a434f8b38d840fc2ba097b5c7c5a903a552b43125ad49840f131e341342aad634c3a0cd7add94fa8cd8f3b9698a2fd2213bff53e72f1bd26d5749071a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
0e7335cdad14c442059650726feef50e

SHA1
44e18037509b1cc011c2a882185a6ce9b710a8e0

SHA256
47573157f82c83f72325e0cb623a16863de89fb8af8f23a69dbc13880255c498

SHA512
a7d17b93195f938191283a1d66c73b23d570c23a467a86c21847f5d51a134c5dd5d7a3ac44d436cbd9a26665f6823ac4477fce2e8881b9b4fa727d7258c9770d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
ee7462e096945290cd1b53f9ca8559a6

SHA1
94b04f0a28db52afc241d7bc58513b5c5b098e51

SHA256
6a90e70479290fcc5a9d7696df98e29ffbeb77ecf93445f4d39f1bb2df25482e

SHA512
558d4398fe581111cca7bbacaa8754105cba744d22e51f3c8676d7e55e9bb0f721880bd7458d6e90e0ee74cdad9cb7a23e38edd5feb1a4e2739a574fa29ba5bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\Downloads\BootstrapperV1.17.exe:Zone.Identifier

Filesize
229B

MD5
f7909e833ef7dfe7543873550ef3e16d

SHA1
bc77199d59c9e08d53c3b03cbfbb16c5a372274f

SHA256
9ab279057281ad32da1977aa0c18fd6e2040ba52c9d744778d17b0fe2beeb0fb

SHA512
9e86ba4fa85a957a073f03f5c131cf419769202b2a2af3d6a1e385bc9b8504f612f8ff61c649173d749bb6889e04fe82e035812d6f5c77e9a296615b18cf0ec4

Download Submit
C:\Users\Admin\Downloads\Solara.zip.crdownload

Filesize
14.9MB

MD5
456adec7a01fff85c1204428b5123a66

SHA1
26165fe003a01a3a59dc64070fbf2e96187214d7

SHA256
b6127458de06667662655e158e7d1adc6cf505d08d9dffe243a0b308b3166090

SHA512
3b2cbfaf171297da578c0db840e54a156a1aec481a0f441acaddfe127d20f1013d62a74c99fdbb8a44bc9ced109aa25509dad05131cc5cfe99ade170027fcc41

Download Submit
C:\Users\Admin\Downloads\Solara.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 296020.crdownload

Filesize
796KB

MD5
4b94b989b0fe7bec6311153b309dfe81

SHA1
bb50a4bb8a66f0105c5b74f32cd114c672010b22

SHA256
7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659

SHA512
fbbe60cf3e5d028d906e7d444b648f7dff8791c333834db8119e0a950532a75fda2e9bd5948f0b210904667923eb7b2c0176140babc497955d227e7d80fb109d

Download Submit
C:\Windows\Installer\MSI7078.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSI7116.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSI752F.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
memory/1660-2502-0x000001C3FA790000-0x000001C3FA7A2000-memory.dmp

Filesize
72KB

Download
memory/1660-78-0x00007FFB56E93000-0x00007FFB56E95000-memory.dmp

Filesize
8KB

Download
memory/1660-101-0x00007FFB56E93000-0x00007FFB56E95000-memory.dmp

Filesize
8KB

Download
memory/1660-2491-0x000001C3FA760000-0x000001C3FA76A000-memory.dmp

Filesize
40KB

Download
memory/1660-2906-0x00007FFB56E90000-0x00007FFB57952000-memory.dmp

Filesize
10.8MB

Download
memory/1660-100-0x000001C3FA390000-0x000001C3FA3B2000-memory.dmp

Filesize
136KB

Download
memory/1660-80-0x00007FFB56E90000-0x00007FFB57952000-memory.dmp

Filesize
10.8MB

Download
memory/1660-79-0x000001C3F7E30000-0x000001C3F7EFE000-memory.dmp

Filesize
824KB

Download
memory/1660-102-0x00007FFB56E90000-0x00007FFB57952000-memory.dmp

Filesize
10.8MB

Download
memory/1816-3278-0x00007FFB7AE80000-0x00007FFB7B089000-memory.dmp

Filesize
2.0MB

Download
memory/1816-3264-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/1816-3266-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/1816-3276-0x0000000003E10000-0x0000000004210000-memory.dmp

Filesize
4.0MB

Download
memory/1816-3277-0x0000000003E10000-0x0000000004210000-memory.dmp

Filesize
4.0MB

Download
memory/1816-3280-0x0000000075C80000-0x0000000075ED2000-memory.dmp

Filesize
2.3MB

Download
memory/3168-3283-0x0000000002E90000-0x0000000003290000-memory.dmp

Filesize
4.0MB

Download
memory/3168-3286-0x0000000075C80000-0x0000000075ED2000-memory.dmp

Filesize
2.3MB

Download
memory/3168-3284-0x00007FFB7AE80000-0x00007FFB7B089000-memory.dmp

Filesize
2.0MB

Download
memory/3168-3281-0x0000000000FA0000-0x0000000000FA9000-memory.dmp

Filesize
36KB

Download
memory/4236-3262-0x00000000063D0000-0x0000000006976000-memory.dmp

Filesize
5.6MB

Download
memory/4236-3261-0x0000000005C40000-0x0000000005E22000-memory.dmp

Filesize
1.9MB

Download
memory/4236-3263-0x0000000005A20000-0x0000000005A42000-memory.dmp

Filesize
136KB

Download
memory/4236-3260-0x0000000005BA0000-0x0000000005C3C000-memory.dmp

Filesize
624KB

Download
memory/4236-3259-0x0000000000B30000-0x000000000115A000-memory.dmp

Filesize
6.2MB

Download