8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Resubmissions

22-11-2024 22:55

241122-2wgd9sxmgj 7

22-11-2024 22:52

241122-2txcps1pbs 8

Analysis

max time kernel
135s
max time network
144s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
22-11-2024 22:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4016	Solara.exe

Loads dropped DLL 11 IoCs

pid	Process
1724	MsiExec.exe
1724	MsiExec.exe
5032	MsiExec.exe
5032	MsiExec.exe
5032	MsiExec.exe
5032	MsiExec.exe
5032	MsiExec.exe
712	MsiExec.exe
712	MsiExec.exe
712	MsiExec.exe
1724	MsiExec.exe

Blocklisted process makes network request 3 IoCs

flow	pid	Process
11	1168	msiexec.exe
12	1168	msiexec.exe
13	1168	msiexec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
15	pastebin.com
86	discord.com
145	discord.com
10	pastebin.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
82	api.ipify.org
95	api.ipify.org

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks-proxy-agent\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\env-paths\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\LICENSE-MIT	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\readable-stream\lib\_stream_passthrough.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\spec-from-lock.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\retry\equation.gif	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\AUTHORS	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\ninja_test.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\bin\funding.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npx.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\xml_fix.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-install.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\find-visualstudio.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npx.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\make-fetch-happen\lib\cache\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\jsonparse\jsonparse.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\lib\spin.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\xcode_test.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\using-npm\dependency-selectors.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\emacs\testdata\media.gyp	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\asn1\tag.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\wide-align\align.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@colors\colors\lib\custom\trap.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\ci.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\balanced-match\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\internal\streams\duplexify.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\@npmcli\fs\lib\mkdtemp.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-profile.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\yallist\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\configuring-npm\folders.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\util-deprecate\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\normalize-package-data\lib\normalize.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\MSVSUtil.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@tootallnate\once\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\get-paths.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\glob\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-exec.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\publish.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\smart-buffer\docs\ROADMAP.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\lib\fetch-error.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\bin.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\make-fetch-happen\lib\cache\errors.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\asn1\tag.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\buffer\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\once\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\negotiator\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npmlog\lib\log.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\dist\abort-controller.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-install.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-team.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\identity\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\text-table\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ci-info\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\events\tests\add-listeners.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\util-deprecate\browser.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\sigstore_common.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\utils\guard.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\wcwidth\package.json	msiexec.exe

Drops file in Windows directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIDE5E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE229.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF6EC53065CA9155A0.TMP	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Installer\MSIFCD8.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\e57d2e0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID67A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID6BA.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFF1B0A02105D47E35.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDE7E.tmp	msiexec.exe
File created	C:\Windows\Installer\e57d2e4.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF1BF0AD2BA33D018C.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDD34.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE209.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFC0B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI11F.tmp	msiexec.exe
File created	C:\Windows\Installer\e57d2e0.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID6CA.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF10A4DC68A8E03FC6.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFF3A.tmp	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2444	ipconfig.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133767896527328881"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 35 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2584844841-1405471295-1760131749-1000\{2BB15D28-944D-4D7A-BAA4-644A03436BD7}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4588	Bootstrapper.exe
4588	Bootstrapper.exe
1168	msiexec.exe
1168	msiexec.exe
4016	Solara.exe
1056	chrome.exe
1056	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2448	WMIC.exe
Token: SeSecurityPrivilege	2448	WMIC.exe
Token: SeTakeOwnershipPrivilege	2448	WMIC.exe
Token: SeLoadDriverPrivilege	2448	WMIC.exe
Token: SeSystemProfilePrivilege	2448	WMIC.exe
Token: SeSystemtimePrivilege	2448	WMIC.exe
Token: SeProfSingleProcessPrivilege	2448	WMIC.exe
Token: SeIncBasePriorityPrivilege	2448	WMIC.exe
Token: SeCreatePagefilePrivilege	2448	WMIC.exe
Token: SeBackupPrivilege	2448	WMIC.exe
Token: SeRestorePrivilege	2448	WMIC.exe
Token: SeShutdownPrivilege	2448	WMIC.exe
Token: SeDebugPrivilege	2448	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2448	WMIC.exe
Token: SeRemoteShutdownPrivilege	2448	WMIC.exe
Token: SeUndockPrivilege	2448	WMIC.exe
Token: SeManageVolumePrivilege	2448	WMIC.exe
Token: 33	2448	WMIC.exe
Token: 34	2448	WMIC.exe
Token: 35	2448	WMIC.exe
Token: 36	2448	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2448	WMIC.exe
Token: SeSecurityPrivilege	2448	WMIC.exe
Token: SeTakeOwnershipPrivilege	2448	WMIC.exe
Token: SeLoadDriverPrivilege	2448	WMIC.exe
Token: SeSystemProfilePrivilege	2448	WMIC.exe
Token: SeSystemtimePrivilege	2448	WMIC.exe
Token: SeProfSingleProcessPrivilege	2448	WMIC.exe
Token: SeIncBasePriorityPrivilege	2448	WMIC.exe
Token: SeCreatePagefilePrivilege	2448	WMIC.exe
Token: SeBackupPrivilege	2448	WMIC.exe
Token: SeRestorePrivilege	2448	WMIC.exe
Token: SeShutdownPrivilege	2448	WMIC.exe
Token: SeDebugPrivilege	2448	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2448	WMIC.exe
Token: SeRemoteShutdownPrivilege	2448	WMIC.exe
Token: SeUndockPrivilege	2448	WMIC.exe
Token: SeManageVolumePrivilege	2448	WMIC.exe
Token: 33	2448	WMIC.exe
Token: 34	2448	WMIC.exe
Token: 35	2448	WMIC.exe
Token: 36	2448	WMIC.exe
Token: SeDebugPrivilege	4588	Bootstrapper.exe
Token: SeShutdownPrivilege	872	msiexec.exe
Token: SeIncreaseQuotaPrivilege	872	msiexec.exe
Token: SeSecurityPrivilege	1168	msiexec.exe
Token: SeCreateTokenPrivilege	872	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	872	msiexec.exe
Token: SeLockMemoryPrivilege	872	msiexec.exe
Token: SeIncreaseQuotaPrivilege	872	msiexec.exe
Token: SeMachineAccountPrivilege	872	msiexec.exe
Token: SeTcbPrivilege	872	msiexec.exe
Token: SeSecurityPrivilege	872	msiexec.exe
Token: SeTakeOwnershipPrivilege	872	msiexec.exe
Token: SeLoadDriverPrivilege	872	msiexec.exe
Token: SeSystemProfilePrivilege	872	msiexec.exe
Token: SeSystemtimePrivilege	872	msiexec.exe
Token: SeProfSingleProcessPrivilege	872	msiexec.exe
Token: SeIncBasePriorityPrivilege	872	msiexec.exe
Token: SeCreatePagefilePrivilege	872	msiexec.exe
Token: SeCreatePermanentPrivilege	872	msiexec.exe
Token: SeBackupPrivilege	872	msiexec.exe
Token: SeRestorePrivilege	872	msiexec.exe
Token: SeShutdownPrivilege	872	msiexec.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 3068	4588	Bootstrapper.exe	80
PID 4588 wrote to memory of 3068	4588	Bootstrapper.exe	80
PID 3068 wrote to memory of 2444	3068	cmd.exe	82
PID 3068 wrote to memory of 2444	3068	cmd.exe	82
PID 4588 wrote to memory of 5092	4588	Bootstrapper.exe	84
PID 4588 wrote to memory of 5092	4588	Bootstrapper.exe	84
PID 5092 wrote to memory of 2448	5092	cmd.exe	86
PID 5092 wrote to memory of 2448	5092	cmd.exe	86
PID 4588 wrote to memory of 872	4588	Bootstrapper.exe	88
PID 4588 wrote to memory of 872	4588	Bootstrapper.exe	88
PID 1168 wrote to memory of 1724	1168	msiexec.exe	92
PID 1168 wrote to memory of 1724	1168	msiexec.exe	92
PID 1168 wrote to memory of 5032	1168	msiexec.exe	93
PID 1168 wrote to memory of 5032	1168	msiexec.exe	93
PID 1168 wrote to memory of 5032	1168	msiexec.exe	93
PID 1168 wrote to memory of 712	1168	msiexec.exe	94
PID 1168 wrote to memory of 712	1168	msiexec.exe	94
PID 1168 wrote to memory of 712	1168	msiexec.exe	94
PID 712 wrote to memory of 1480	712	MsiExec.exe	95
PID 712 wrote to memory of 1480	712	MsiExec.exe	95
PID 712 wrote to memory of 1480	712	MsiExec.exe	95
PID 1480 wrote to memory of 3140	1480	wevtutil.exe	97
PID 1480 wrote to memory of 3140	1480	wevtutil.exe	97
PID 4588 wrote to memory of 4016	4588	Bootstrapper.exe	99
PID 4588 wrote to memory of 4016	4588	Bootstrapper.exe	99
PID 1056 wrote to memory of 2396	1056	chrome.exe	109
PID 1056 wrote to memory of 2396	1056	chrome.exe	109
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3628	1056	chrome.exe	110
PID 1056 wrote to memory of 3844	1056	chrome.exe	111
PID 1056 wrote to memory of 3844	1056	chrome.exe	111
PID 1056 wrote to memory of 3672	1056	chrome.exe	112
PID 1056 wrote to memory of 3672	1056	chrome.exe	112
PID 1056 wrote to memory of 3672	1056	chrome.exe	112
PID 1056 wrote to memory of 3672	1056	chrome.exe	112
PID 1056 wrote to memory of 3672	1056	chrome.exe	112

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3068
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:2444
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5092
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2448
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:872
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4016

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding AE6E6BC9B61B20F7A6FE4F271826C8CF
  2⤵
  - Loads dropped DLL
  PID:1724
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 7681E711AAD607D47D183AB62A378B88
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5032
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D6D92359182999A2216E0AAD85D44294 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:712
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1480
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:3140

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:724

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb3cbacc40,0x7ffb3cbacc4c,0x7ffb3cbacc58
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1940,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2168 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4392 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4768,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4960,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4424,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3508,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3512,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5300,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3492,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3452,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  - Modifies registry class
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5552,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5696,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5924,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6116,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5360,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5784,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6396,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6384,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5008,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6472,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6664,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6744,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5492,i,1409318269556790299,9350111662193675948,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:3632

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57d2e3.rbs

Filesize
1.0MB

MD5
df4bc4478f7c498279ede4c0fe3873b0

SHA1
052db566e83b6c58ec839f04836ae242d5c674de

SHA256
27f1862a8dca48016128f707b5b874506f93ab1f3b3ec86342ca3892ad688712

SHA512
744098b048b66da23906a698fb7ecadc6ffef8672c93f8f95a887e433fe38477173a5989c1cd5363883eb38aa5df51c7386a16e180d4d3aba86b9b460fc57262

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
2a6686d512ee9ba8b75e0bce9a794770

SHA1
465e00320c74d4481a5e7e7242aaeb60d02e2fab

SHA256
5afa5bcab0d66f0dc65ccad359650730ace53dff1d891cd33a9f54aa43d34419

SHA512
ff44d6f3e7be06c98077a00854edb0ca122fc5c98c976f86787c7b003d224f62c1079412e7c5cdb36c2a6df0825dd17ccbffe44eb264fa63e3d1e44654af74b2

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9dc96c5ca90103c9ed59396864bdc364

SHA1
d01065cdf877e9a46feb0d24f25839b90a95fd47

SHA256
d065eab6a0ef552e60134537ecc0fb829f72c9fa1edc7adf492beaaabb4043f5

SHA512
52f13485bec05a9ae14832afb78e59f382401ecf232251814d914b82e5b617c338a0affdf1d71a2eb51a59fa0bb425732e7125ef3da29726141fb429dff6e7c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
27KB

MD5
dc654d5da1a531fdb3b1bedb619b0182

SHA1
49d3de45bea7c279cf0ffe4cbc43c24779d1877a

SHA256
b395c195a5854253500b3b210e585ec801a47b49ce7b90fa5a9717df387598fa

SHA512
38952929cbf8e103cad50007cb492c93a7feb8d9d1853773883e2771cc97e50d6a514cb6347c912e7945d126a35677cca854ce8542e2210d7e59799238bae8fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

Filesize
34KB

MD5
0d84fc4eb0f66cbecc42ca67b9aa13e2

SHA1
200cbe8082d6ce62a303a915f72ae1e61b6bf23a

SHA256
0cef426c31b2a9574715925ae0c4329df5a80f6f71d99a2667e91881e377546d

SHA512
f07a2266561733febc7f21a14dcaed3dfdc0189778f8a404ad1c723047d60c8f34e393246987a8519469c6ae67e3692c00a6a226195acabe9f2d0a1c7ace512f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
43KB

MD5
b6706321096464d4e224a0cd5c56018e

SHA1
af60d733625ad2d04fdfd72b856ea14490903f84

SHA256
e9b13d719ed50af3f136f3c672eee5017c9c3c2a66119e04543ad59c9b2c6184

SHA512
7e8a8aacade90dff77263ef771b20d7a9bb57ee9ab7b02c639fd794ebf022a4b19bb4c46f463999307edc0d3e9e554b0524af0cf4ca2b750693d36d20d6f9c7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
33KB

MD5
7bfb1e25b8f297464a163789ca95f324

SHA1
c540ec74754028b1d01f4fb4fbfa87154a570da0

SHA256
556c6146e0ee0b034864d154ba0881ab8c25a781534b2a7c3e4ee27d2efef9b2

SHA512
eb39ae762f7b0c61ad465c2070f5bafbfa1fc86b6ea967988f8e26a66c567c2bbbbf25ea4ff94f702748caf98524e95b1fdd6d42947743475b995b84a78bf033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

Filesize
110KB

MD5
a36fcd45163328dc7bbe1186ee2c86e6

SHA1
f8b70192d14881070feb4a8ebc11c5838ce325b4

SHA256
a4703e1d8fa69bbc9a30a5aa93fc217275afb68016c01ec7f4e0e620f9a10302

SHA512
3f3435fe2fdbeb61b70f5cfc313858d8dac0f4f64af2973604dae45b01040a3b82c701b4f2a08300fc9069636829623b1d9aaafc26d954ddf9a3bec795ec7588

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

Filesize
28KB

MD5
bf50954a7a3c7b5dcb33248dd2da2ab0

SHA1
c81c178259f90a9fbb69d23a92286b7c4fb9fc44

SHA256
1bf4df74c1a950730b94c0dac7de978d1af8a9cb1d1051d74ca384a8b6112c89

SHA512
ef9b439da949a50ae493a2a0d28b617d48a771ac08c3345bf7a44ca2111d871c96b4ce07593e401b8b93d6e1630bbb9b4556977dd95fa0ca454f17ad5c376e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050

Filesize
47KB

MD5
d4fe31e6a2aebc06b8d6e558c9141119

SHA1
bcdc4f0b431d4c8065a83bb736c56ff6494d0091

SHA256
c88db2401bef7e1203e0933cc5525a0f81863bfd076756db12acea5596f089ec

SHA512
1cbe7641b8930163ed3ea348f573cad438b646ed64d60c1923e5b8664c3de9c2c21ba97994ec8d886f489e4d090772b010de72a1167547fb4f6a2d242d46aec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000073

Filesize
38KB

MD5
bd00a892158bae12eb58e2c317cc52a4

SHA1
2cc0320f93fc138c3a7d91fe31c860c5b7259d3c

SHA256
87e316446b05e3b5f0cdf853f7218096a37673f8727d2b26109412347c20919d

SHA512
3c7cb5dc2f5701f077830d1618ab098cc124bd599e9affaf0dd2987ff56f5eb7d341d839005ee33ffe2a44309dadd797f694f713f1e2c6a61217818356c60beb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000074

Filesize
74KB

MD5
dcbd45ce3539f9fabf3376c3802cefc5

SHA1
3dbdcc4aafc7a6a0b7a8be0d89a16a4d25b7ce10

SHA256
956734db52535d9c8995c69f8a9bc97d383776754fbb148113fa39b0fe10615e

SHA512
ff610f8f1012ee66c46ea8e38eaf6284998a64413ce4b83f15dd0287adce47eee2da204916adf84cedef491e045af31463a657477eb50440a0b6f4f814bba094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
11310ac139f1c01dda3bfed7c5d062f1

SHA1
d844583777a57118cea903a6f8a66e7d4e67c209

SHA256
9d1d37fe98b461d86b35797a18c31a6903eab4710fa1fb0e79c3bdd04d24feb0

SHA512
b91b7958f3750669a4a4a2a9b436bbb4a61fa9d3b3c70d23db79159c6e191955fe24533848da831070b4a24328c771f242760e96475858f93408babdb609a1ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
01ccdbf4ab1c9af67542211ef2c705e4

SHA1
c8e20a3303f31ad6314158043b981bb66b4251f8

SHA256
f75a3f9d4c7b22de41b7d6fe6b7f5014405acba2701138e27272e5247e970334

SHA512
94fe383e354fa1a4d876fa9425ddd9af2f7c36168f55bfdbfb3b4bc7acf12da9925305d1e457554610346c0efe585fc106dabbadc10e2f6597dc427f2499a2cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
67800c075a79829a6cc52156fc268c3c

SHA1
25b68ad5daf8dfa6acabe154e77781ffb774e08d

SHA256
abfdabbca7301db95e6dfb33c80625bacaf0a46ae7c84bf3cef398a565bfd21a

SHA512
d22aeada30562afee64da63b54fcc55e9e20da6fb7cefe9e908a947b2284cc80d82b00b1dd21085e25cb2324e02e33f35fdebf03c8dc925cd6f3d60898ff4190

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
85ae4af711ba8f5ec762b4e0bb4b5f4b

SHA1
103e2505294c9b0b6befab61934d1596cb8c8ba5

SHA256
067a9f4821314fea507d22b59f16e1ddd7ce01156d4b94d7529c10916fd01fd1

SHA512
828c8ee97002fe873ede0fe869d5abba1c9822c4adccfaf807ad0b384fa26a6109ddd03432764ba0b2a017e0134734fb603836d3910fff054cf78214993215ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
f62a76823e2d554ad4ee0e0bd8ef5683

SHA1
10384548dd047efe75f5812cd2d25da8cdc13d91

SHA256
47c2acf2c31e5dd0acd91bbd62234afb51beedf06a225e8bde7ec89f46cfd3a9

SHA512
2ade39b5f5e8d9df5c8481d4848e8b6cde6bac973b3988f5d3c3f1464d418a7b353dd465dcd50108a162be0d3e06d2b28c83ad06453552139fe3bd0d06b7bfe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a938d366f07e2a52db2dcad91a11e0b6

SHA1
387cec135644c8537498e7ce085daa2b06802900

SHA256
ae2961469c25f0393f9584394165a97709c3974cde7ba27790701da68d0d49d1

SHA512
27f570b56bf2094d51792c0d31745cfa64ae6e365b1dbc6e140901e47b41b037672bc77664da26faf0da1d0efe71bb54ca05cacc755668a24691f83bae53befe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d141d4a86c90651c2ad690e7d17c761c

SHA1
a5c5bf12bf99085ab77a249961a8d2994b0be8de

SHA256
1c9f003561994dcac63cd7fc222a10e27bb4f65c5e91b8c05db4d05c53053756

SHA512
68ab9b66d4c79403e521d1952475d4807271cb704ad7f35c1b61cf09e46380dae5c61aea993324af43bf633fb2a659d0572354da4f2ea7f297877bd60ca2c012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
57ac9c0b18ed649e0a0fbbbd391d5cde

SHA1
04419a356a33b7b0a46a784d02ff106b104a2891

SHA256
92cf3f233c7f781060124db042419181ba974d172a7a0de9542fbb5df5ad1595

SHA512
7fe77566abf040870b07c02dbad3b3b2cad0b8e0c7dde05ac0b319f96a99105582f550432fc031cec4a7c5af4b8c95b219889e0a4a9f97358801d2f5df9d3a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1802a244e7ee77c6d39ee6a5a8b14f2

SHA1
39752449281b53aefc51bcc69c00cbfd799aadd2

SHA256
e32c526b36e305b3158e39776fd101396390c51d4f0be069288445f5c0e06664

SHA512
b203049e85917361b1f4ddf93a8790ff5bf60504f773cf92f27fa8f41057c8cf84abb2627af9026de3a6519bc2cd16bf8f78b5114ef38e05ba7200f98a875f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
75885f10f3cab64d6beb023984c17b54

SHA1
83b8b1b90dcf4f2d9cfb448b509668baaa00605f

SHA256
06e681f23ad9262b73ab0e4c36303f7adf8b1f8dc6ba9c71d1a87369b2b519f4

SHA512
196af1e13023c5178743b8f6214372f7ec653e392b349fbfa73964c93d7ffafc103f442c320d041e631b474fa22b39c7d98efc4721ffdaa9905d68cd0bbe1fd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bcc22e0a3249efb049f0ffdf1321b4ec

SHA1
5a2e7b5e73608f9539b8238dc600624bdfe1e990

SHA256
8c59804f65d38d0be7556792735dab185ba0b8835145478b46809f4a0de7f5f2

SHA512
3594668cfedf99526d8b4f02ed6849c17ccc6410730d21aaa6333be22d8b84f630f00c43f3e115605a6240588adf0a4dade481e7efebadee6b618fcc7dbe2a96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bd133be715a10a1d9b20a4de259bd7f7

SHA1
1d214d8d160046e3edaea36241a55523002d9198

SHA256
6f80164ab580be55a4b9868becd171f57cab3337549a3f5a74ad436b6ec76db1

SHA512
23cd0aa793fc6d71735a84027e4334c9a0713b3f1f307a8c5a4a82c4768625765fa02690e7d8962b0c0c3c130599699bb3a938d82a4295103adea7e2895e64fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d1dceaf8fbf5b1077da9166bdb1e45f2

SHA1
cea6c53f778cf79f78e08cbae834d28522ba1279

SHA256
fd8017f0663ffd7137204cde19a96f7c8f55139fb6d3ff3fe5759693908e9e58

SHA512
e775228bd7a7bbbb93d2979dff4b27bee6b738471f25f96dfc24507ef04c6314874236c7b85d0c00e69dc6cec1ba5f3469ba5831594f29cd8655e410b529680d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c50b07c93dbb7bcea8e7d050e4c28c7d

SHA1
d301b935e346e3d7030c9fc1975357616b2caa8f

SHA256
84765ffae4889b79662845f396f2e18d26e0e6932ec1fc209d0ab1f1b5663629

SHA512
4087c0275eb0c67289754595e15270f4857173c844ddf1ff2bc9e85f1785a19755dcca925027cfbafa52c40eff2baebb351611d33801108288054c8c0cd7f465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b0824c36b1e9c9b96274d9a5e9cdd867

SHA1
c5affbcf3a4b3ad26fa1eceb9e22cc021e224ea7

SHA256
430f9edf73d0f148072181a2a29fa2da88df6253df38e57fb4b2e99ead903d60

SHA512
8c39ec28599ab7115c825b31d2d371e66520d9e8a2d29f37d82c0d3a0230ac0856e7378a2a9e43b6c3f1ec8adeb75252de04ee3ac19e549df2c81c32103292a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\422044d3-fa97-4a79-b45a-2da80fe602a2\index-dir\the-real-index

Filesize
3KB

MD5
bbd71c0d29465dad4812836a46bd650b

SHA1
514dfbdaa2cbfb65674367158cc80b602697ec45

SHA256
6f7a1c358f3af8c30b543475de54c77dba961156217fc0e44a05a2ce6017c62d

SHA512
68a3a39785beb2566b80f257821b5e91d8e234c66a20cf6c6e5c19a09ceebc3191226952d8cb321eb1e619efd886cbaea78f35e02ccd01ed296d5d2049f213e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\422044d3-fa97-4a79-b45a-2da80fe602a2\index-dir\the-real-index~RFe5972d5.TMP

Filesize
48B

MD5
c2e0de40f9db426943dd81e27de4ef75

SHA1
4bd9aeb0fe3c93c861e01a80cf0de3299d8b214e

SHA256
feab0992202fd173056ea79e59c078acd8c217647f64984bba742bf8a846c900

SHA512
a0a86214fb2c2153001e63749a513b13ef756a9f2915110269fbaeeba6898fd24f248358979b5c1072e2bae28fea54ae6ca390c3187a30f7117734fe5d0d95db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\ce9cc10b-268d-41d8-9f54-5f98b01f1b15\925a02cd30dd2ad1_0

Filesize
88KB

MD5
4e298f110aff5fdf5759ba4bd676312d

SHA1
994017a50093e2619091fdd45544532597e43abb

SHA256
2b26d40ea18fb79d4b5cc42c3f1957c8f032a7d32a55f113f0d83892cd8777f4

SHA512
675777919fa7aa5edc70f52556c37e819e4713c505184e6b06ff48255c86bd658720fe03f6c321be002dd953a25c2537624b97db98fc3dd7d51f74b5de07c0f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\ce9cc10b-268d-41d8-9f54-5f98b01f1b15\index-dir\the-real-index

Filesize
72B

MD5
a12d596ce9fc6fe3b79186cd18b315b1

SHA1
e40c27faf8c41907f8d5b1a702e0ede55467e733

SHA256
32bc1142d7591def7f92908d40f527cbbcc2a2ef14eda1c6dd84b30f46030616

SHA512
bd8086b3d1dd06eee7a66b31b1587772f433c5a33311fe43f42859bc2be70317c9850d8c81eda73ce7eec02f1660a2e0dda421b0d7c672fafb9385f50199e53e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\ce9cc10b-268d-41d8-9f54-5f98b01f1b15\index-dir\the-real-index~RFe597342.TMP

Filesize
48B

MD5
b547da91bfc1744dee248cf9e4f76588

SHA1
9b86fc4aef5aa7147c7f289d0572851be444b177

SHA256
a780f5d68eea5158701707fdd20b267439d1d3878053af7a24c1cc7a487327ce

SHA512
54d8a2237c2ec1c7b205d5691b413e47e09cc2408bb0b48d0cb29e35f8e01aecf58445170980fda2309eceb07628d563655a0702861298286d1d1a98ec18aa3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
262B

MD5
363b23bf016120f061446ddf2593bf8c

SHA1
a26267dc5c59ce34b6f0b2af364ce15587e3b94b

SHA256
52949bf8bc5e848bd791241fb9b25431150766bee561a2dd70cd927af7b24e18

SHA512
4c933546b20267adfdf925a9bf4325aecdddb15805db69a4ad22f633b7faecaf36943e941ff0d89a40148a2d0a761db246fa9c532bf24577a13efee584b393fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
202B

MD5
0758f5a42bef40011df5fcb4d784ed76

SHA1
d30647e9b2457193fa052f7aab0a4dd3f3f2e841

SHA256
5670406a765d8ac262ed00c1b94b2bc5586c0f727499d7a5d76d3bdad293bdc3

SHA512
d98fea7567d5b81fa8887dd37626e6e5298ac940338f3f237e05d44b693636b8e5f165ab6b10c5d0df65dfa0e750790921a0993bee562753087a4dac8da935a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
255B

MD5
4045cab70fd9d84f70a1678561523571

SHA1
e059475924a9c12327a413cb608d7e7b69efb2f3

SHA256
08fb4ce087c5ac760cf403d9f8ddde5710870cb387cccde544339af3ca98d2f0

SHA512
abd9f8210b51eb5c286ff6db331fbdb6f8f5998fcea2c0f1694bef89fec4a64c77d12ec69e4de37efe37626eadb37c859669ef4cc52ce17a6ebbb40e1a9c9f09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt~RFe58f548.TMP

Filesize
112B

MD5
05d7bf3cf38f8995837e18052f1f3875

SHA1
85d27f43a5a49a3a251e554055468a2131873458

SHA256
6fbbe1209010d12d40e18c7255c13a533b5ba93ede62b3b830f323361fb767cd

SHA512
ab9d2899330df3ee85929252b4d1610d891b14e9ab3b9c01b51ece14146eabb99deaa8bb111e51f542483c2b99bf3b76ef041fd39677f02ae93d9117aa496fa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
a922cd809d33ba98d898eee15c546d13

SHA1
cd1d84cdb4bf82e0990a20c710cb86202326535b

SHA256
73984a59507ece8924f379fa0a714b7ef075611fb92d9267e881e71d78859490

SHA512
e64adf777f6720bcd5f1be2e1c3f4f15bfd466e470801c4267a28b3bcafde54fd171a464925b42dfcfa2ba49a200e43a7b67bdcb4a905fda64a3e0b87ddbbfa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
30d7956e4edb9e415d5d5f586c33b83c

SHA1
7f884fab4f26a4c94de0c9d7f623c4781ba332d5

SHA256
091707b1f2a78b719bba6c03b009d53017c3fca0ce601f2d84c32d828ba86d83

SHA512
9204cf2d2c28397985d37c0e7dbddfdc7da19344039929054c6b7fe24122591fd7c1af20c09712c744bb3c808d08cecc223ec08cc475d8fed76a882245b0c6b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
6b288e950e9f8cfc142deb28e47140e7

SHA1
69eddcb36649f8d662389ad16ae4e75c239a0514

SHA256
227c7992d45f5dcb52b4c22909c524da9920764f3c09592b3e036ceb3ac705c0

SHA512
7afc3ebb3e70e9791e6036cbf31c3d6974ba52dabec095d5902d272183564e1206aa8d4ec62aec47014e789dd81026b3404560861efa393b2465adece98c9312

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
4d4f08a374f1088e90d2191844984dd4

SHA1
fcb9fdfa1d3afeb6265532357accc1283e58362c

SHA256
abe02eda890277521029c0722d743f759b930a5d06f81aa5c9ca93343213f605

SHA512
32dc73b3f668412d8cbbaf72397cdfca0772a02e3d90b0b5c606651b3858e70ba99d8d7d25b9646952b5a0304a37902e4fb8c9759a3b8ef9f7e570ad86b3827d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
b07a6d1fdae33334d8de77ac08b7c75e

SHA1
577631d3f08fa7e5b0da65f0f831ce208d655601

SHA256
0e4403eaaaaf4f780b9126860a772977f413b0dae01d9a19dc058917920d2e67

SHA512
41d125c14edf08d657dd07ef291136d644a11e77320a37c9c85440363d27adfd2a95017dafe7eb6c8f3328f9f4301fbdfb1a6458d678b46e43355425abf13f97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
9756716e3823edf84a4aa380a4cdf078

SHA1
007e172940dc01567b596a0acdc8c56d9afda341

SHA256
8cdfc6cb583b4b9f4747596812cba8c5e03f9cbcf26554ea2b07dfc2f2dff254

SHA512
68021343607fb9cc914d24d024762663e72736bb95dcc2453f41e6d6e97463780c4e032f9c51840f02ce0c5ec9b7a4db2e2aed14c91604be8a4f327161f63854

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\72714e49-8359-4ccf-bae7-703ec92a1a28.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\Installer\MSID67A.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSID6CA.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSIDE5E.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
memory/4016-2805-0x000001C26A6B0000-0x000001C26A6D4000-memory.dmp

Filesize
144KB

Download
memory/4016-2807-0x000001C26D200000-0x000001C26D73C000-memory.dmp

Filesize
5.2MB

Download
memory/4016-2810-0x000001C26CEB0000-0x000001C26CF6A000-memory.dmp

Filesize
744KB

Download
memory/4016-2812-0x000001C26CF70000-0x000001C26D022000-memory.dmp

Filesize
712KB

Download
memory/4588-4-0x000002307F6B0000-0x000002307F6D2000-memory.dmp

Filesize
136KB

Download
memory/4588-32-0x00007FFB3CBD0000-0x00007FFB3D692000-memory.dmp

Filesize
10.8MB

Download
memory/4588-2-0x00007FFB3CBD0000-0x00007FFB3D692000-memory.dmp

Filesize
10.8MB

Download
memory/4588-2385-0x000002307F670000-0x000002307F67A000-memory.dmp

Filesize
40KB

Download
memory/4588-0-0x00007FFB3CBD3000-0x00007FFB3CBD5000-memory.dmp

Filesize
8KB

Download
memory/4588-5-0x00007FFB3CBD3000-0x00007FFB3CBD5000-memory.dmp

Filesize
8KB

Download
memory/4588-2809-0x00007FFB3CBD0000-0x00007FFB3D692000-memory.dmp

Filesize
10.8MB

Download
memory/4588-1-0x000002307F200000-0x000002307F2CE000-memory.dmp

Filesize
824KB

Download
memory/4588-2387-0x000002307F6E0000-0x000002307F6F2000-memory.dmp

Filesize
72KB

Download