97572bd57b08b59744e4dfe6f93fb96be4002dfe1aa78683771725401776464f

Analysis

max time kernel
191s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2024 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Unconfirmed 223130.exe
Size

972KB
MD5

90fd25ced85fe6db28d21ae7d1f02e2c
SHA1

e27eff4cd4d383f5c564cce2bd1aaa2ffe4ec056
SHA256

97572bd57b08b59744e4dfe6f93fb96be4002dfe1aa78683771725401776464f
SHA512

1c775cf8dfde037eaa98eb14088c70d74923f0f6a83030a71f2f4c1a4453f6154dab7a4aa175e429860badda3e5e0ae226f3c3e8171332f5962bf36f8aa073fa
SSDEEP

24576:DIbp4sZotkNjFC/4qxp+k+kPFoHZvPrSMc:cvotkNjg/lhqZvG

Score

9^/10

discovery evasion phishing themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

Solara.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: currency-file@1
phishing

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Solara.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BootstrapperV1.23.exeUnconfirmed 223130.exeBootstrapperV1.23.exeBootstrapper.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	BootstrapperV1.23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Unconfirmed 223130.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	BootstrapperV1.23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Bootstrapper.exe

Deletes itself 1 IoCs

Processes:

BootstrapperV1.23.exe

pid	Process
212	BootstrapperV1.23.exe

Executes dropped EXE 8 IoCs

Processes:

BootstrapperV1.23.exeSolara.exenode.exeBootstrapper.exeBootstrapperV1.23.exenode.exeSolara.exenode.exe

pid	Process
212	BootstrapperV1.23.exe
2528	Solara.exe
928	node.exe
5896	Bootstrapper.exe
5728	BootstrapperV1.23.exe
6116	node.exe
1860	Solara.exe
1500	node.exe

Loads dropped DLL 13 IoCs

Processes:

MsiExec.exeMsiExec.exeMsiExec.exeSolara.exe

pid	Process
2264	MsiExec.exe
2264	MsiExec.exe
1772	MsiExec.exe
1772	MsiExec.exe
1772	MsiExec.exe
1772	MsiExec.exe
1772	MsiExec.exe
3024	MsiExec.exe
3024	MsiExec.exe
3024	MsiExec.exe
2264	MsiExec.exe
1860	Solara.exe
1860	Solara.exe

Themida packer 6 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral2/memory/1860-3257-0x0000000180000000-0x00000001810F9000-memory.dmp	themida
behavioral2/memory/1860-3258-0x0000000180000000-0x00000001810F9000-memory.dmp	themida
behavioral2/memory/1860-3259-0x0000000180000000-0x00000001810F9000-memory.dmp	themida
behavioral2/memory/1860-3260-0x0000000180000000-0x00000001810F9000-memory.dmp	themida
behavioral2/memory/1860-3446-0x0000000180000000-0x00000001810F9000-memory.dmp	themida
behavioral2/memory/1860-3447-0x0000000180000000-0x00000001810F9000-memory.dmp	themida

Unexpected DNS network traffic destination 64 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 1 IoCs

Processes:

msiexec.exe

flow	pid	Process
52	2408	msiexec.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

Solara.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

Processes:

flow	ioc
69	pastebin.com
70	pastebin.com
733	pastebin.com
740	pastebin.com
18	pastebin.com
19	pastebin.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

Solara.exe

pid	Process
1860	Solara.exe

Drops file in Program Files directory 64 IoCs

Processes:

msiexec.exe

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\ninja_test.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\sort.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\MSVSSettings_test.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\range.bnf	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\diff\json.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\make-fetch-happen\lib\cache\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\dist\abort-controller.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-sized\node_modules\minipass\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\ssri\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\constants.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\arborist\audit.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\gauge\lib\wide-truncate.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\lib\fetch-error.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\@npmcli\fs\lib\copy-file.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\major.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\bin\lib\options.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-cache.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\ping.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\git\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\just-diff\rollup.config.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\internal\re.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ansi-styles\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\typings\common\util.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\columnify\utils.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\make-fetch-happen\lib\cache\entry.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\store.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\agentkeepalive\lib\constants.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\sbcs-data.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pyproject.toml	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\fs\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\query\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-install-test.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\mkdir.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\lib\verify.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\node_modules\glob\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\star.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\encoding\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\which\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\bin\shrinkwrap.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\wcwidth\docs\index.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\spdx-correct\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\build\common\receivebuffer.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-hook.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\README	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\git\lib\make-error.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\lib\headers.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\lifecycle-cmd.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\supports-color\license	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\metavuln-calculator\lib\hash.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\columnify\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-ls.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\sigstore_verification.js	msiexec.exe
File created	C:\Program Files\nodejs\npm.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\validate-npm-package-name\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\sbcs-data-generated.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\models\metadata.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-dist-tag.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\org.js	msiexec.exe

Drops file in Windows directory 21 IoCs

Processes:

msiexec.exe

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIEB1.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI423D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5809bf.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI41A0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI47AE.tmp	msiexec.exe
File created	C:\Windows\Installer\e5809c3.msi	msiexec.exe
File created	C:\Windows\Installer\e5809bf.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF1F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI187A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI43B5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI207B.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF30.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1599.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI184A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI204B.tmp	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

MsiExec.exeMsiExec.exewevtutil.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

Processes:

ipconfig.exeipconfig.exe

pid	Process
100	ipconfig.exe
5852	ipconfig.exe

Modifies data under HKEY_USERS 5 IoCs

Processes:

chrome.exemsiexec.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133768664745043318"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe

Modifies registry class 30 IoCs

Processes:

msiexec.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

BootstrapperV1.23.exemsiexec.exeSolara.exechrome.exeBootstrapperV1.23.exeSolara.exe

pid	Process
212	BootstrapperV1.23.exe
212	BootstrapperV1.23.exe
212	BootstrapperV1.23.exe
2408	msiexec.exe
2408	msiexec.exe
2528	Solara.exe
2584	chrome.exe
2584	chrome.exe
5728	BootstrapperV1.23.exe
5728	BootstrapperV1.23.exe
5728	BootstrapperV1.23.exe
5728	BootstrapperV1.23.exe
1860	Solara.exe
1860	Solara.exe
1860	Solara.exe
1860	Solara.exe
1860	Solara.exe
1860	Solara.exe
1860	Solara.exe
1860	Solara.exe
1860	Solara.exe
1860	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs

Processes:

chrome.exe

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Unconfirmed 223130.exeWMIC.exeBootstrapperV1.23.exemsiexec.exemsiexec.exe

description	pid	Process
Token: SeDebugPrivilege	1660	Unconfirmed 223130.exe
Token: SeIncreaseQuotaPrivilege	1668	WMIC.exe
Token: SeSecurityPrivilege	1668	WMIC.exe
Token: SeTakeOwnershipPrivilege	1668	WMIC.exe
Token: SeLoadDriverPrivilege	1668	WMIC.exe
Token: SeSystemProfilePrivilege	1668	WMIC.exe
Token: SeSystemtimePrivilege	1668	WMIC.exe
Token: SeProfSingleProcessPrivilege	1668	WMIC.exe
Token: SeIncBasePriorityPrivilege	1668	WMIC.exe
Token: SeCreatePagefilePrivilege	1668	WMIC.exe
Token: SeBackupPrivilege	1668	WMIC.exe
Token: SeRestorePrivilege	1668	WMIC.exe
Token: SeShutdownPrivilege	1668	WMIC.exe
Token: SeDebugPrivilege	1668	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1668	WMIC.exe
Token: SeRemoteShutdownPrivilege	1668	WMIC.exe
Token: SeUndockPrivilege	1668	WMIC.exe
Token: SeManageVolumePrivilege	1668	WMIC.exe
Token: 33	1668	WMIC.exe
Token: 34	1668	WMIC.exe
Token: 35	1668	WMIC.exe
Token: 36	1668	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1668	WMIC.exe
Token: SeSecurityPrivilege	1668	WMIC.exe
Token: SeTakeOwnershipPrivilege	1668	WMIC.exe
Token: SeLoadDriverPrivilege	1668	WMIC.exe
Token: SeSystemProfilePrivilege	1668	WMIC.exe
Token: SeSystemtimePrivilege	1668	WMIC.exe
Token: SeProfSingleProcessPrivilege	1668	WMIC.exe
Token: SeIncBasePriorityPrivilege	1668	WMIC.exe
Token: SeCreatePagefilePrivilege	1668	WMIC.exe
Token: SeBackupPrivilege	1668	WMIC.exe
Token: SeRestorePrivilege	1668	WMIC.exe
Token: SeShutdownPrivilege	1668	WMIC.exe
Token: SeDebugPrivilege	1668	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1668	WMIC.exe
Token: SeRemoteShutdownPrivilege	1668	WMIC.exe
Token: SeUndockPrivilege	1668	WMIC.exe
Token: SeManageVolumePrivilege	1668	WMIC.exe
Token: 33	1668	WMIC.exe
Token: 34	1668	WMIC.exe
Token: 35	1668	WMIC.exe
Token: 36	1668	WMIC.exe
Token: SeDebugPrivilege	212	BootstrapperV1.23.exe
Token: SeShutdownPrivilege	5016	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5016	msiexec.exe
Token: SeSecurityPrivilege	2408	msiexec.exe
Token: SeCreateTokenPrivilege	5016	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	5016	msiexec.exe
Token: SeLockMemoryPrivilege	5016	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5016	msiexec.exe
Token: SeMachineAccountPrivilege	5016	msiexec.exe
Token: SeTcbPrivilege	5016	msiexec.exe
Token: SeSecurityPrivilege	5016	msiexec.exe
Token: SeTakeOwnershipPrivilege	5016	msiexec.exe
Token: SeLoadDriverPrivilege	5016	msiexec.exe
Token: SeSystemProfilePrivilege	5016	msiexec.exe
Token: SeSystemtimePrivilege	5016	msiexec.exe
Token: SeProfSingleProcessPrivilege	5016	msiexec.exe
Token: SeIncBasePriorityPrivilege	5016	msiexec.exe
Token: SeCreatePagefilePrivilege	5016	msiexec.exe
Token: SeCreatePermanentPrivilege	5016	msiexec.exe
Token: SeBackupPrivilege	5016	msiexec.exe
Token: SeRestorePrivilege	5016	msiexec.exe

Suspicious use of FindShellTrayWindow 38 IoCs

Processes:

chrome.exeSolara.exe

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
1860	Solara.exe
1860	Solara.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Unconfirmed 223130.exeBootstrapperV1.23.execmd.execmd.exemsiexec.exeMsiExec.exewevtutil.exechrome.exe

description	pid	Process	procid_target
PID 1660 wrote to memory of 212	1660	Unconfirmed 223130.exe	88
PID 1660 wrote to memory of 212	1660	Unconfirmed 223130.exe	88
PID 212 wrote to memory of 2712	212	BootstrapperV1.23.exe	90
PID 212 wrote to memory of 2712	212	BootstrapperV1.23.exe	90
PID 2712 wrote to memory of 100	2712	cmd.exe	92
PID 2712 wrote to memory of 100	2712	cmd.exe	92
PID 212 wrote to memory of 4104	212	BootstrapperV1.23.exe	94
PID 212 wrote to memory of 4104	212	BootstrapperV1.23.exe	94
PID 4104 wrote to memory of 1668	4104	cmd.exe	96
PID 4104 wrote to memory of 1668	4104	cmd.exe	96
PID 212 wrote to memory of 5016	212	BootstrapperV1.23.exe	100
PID 212 wrote to memory of 5016	212	BootstrapperV1.23.exe	100
PID 2408 wrote to memory of 2264	2408	msiexec.exe	103
PID 2408 wrote to memory of 2264	2408	msiexec.exe	103
PID 2408 wrote to memory of 1772	2408	msiexec.exe	104
PID 2408 wrote to memory of 1772	2408	msiexec.exe	104
PID 2408 wrote to memory of 1772	2408	msiexec.exe	104
PID 2408 wrote to memory of 3024	2408	msiexec.exe	107
PID 2408 wrote to memory of 3024	2408	msiexec.exe	107
PID 2408 wrote to memory of 3024	2408	msiexec.exe	107
PID 3024 wrote to memory of 220	3024	MsiExec.exe	108
PID 3024 wrote to memory of 220	3024	MsiExec.exe	108
PID 3024 wrote to memory of 220	3024	MsiExec.exe	108
PID 220 wrote to memory of 5048	220	wevtutil.exe	110
PID 220 wrote to memory of 5048	220	wevtutil.exe	110
PID 212 wrote to memory of 2528	212	BootstrapperV1.23.exe	112
PID 212 wrote to memory of 2528	212	BootstrapperV1.23.exe	112
PID 2584 wrote to memory of 1052	2584	chrome.exe	124
PID 2584 wrote to memory of 1052	2584	chrome.exe	124
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 556	2584	chrome.exe	125
PID 2584 wrote to memory of 212	2584	chrome.exe	126
PID 2584 wrote to memory of 212	2584	chrome.exe	126
PID 2584 wrote to memory of 2892	2584	chrome.exe	127
PID 2584 wrote to memory of 2892	2584	chrome.exe	127
PID 2584 wrote to memory of 2892	2584	chrome.exe	127

cURL User-Agent 6 IoCs

Uses User-Agent string associated with cURL utility.

Processes:

description	flow	ioc
HTTP User-Agent header	758	curl/8.9.1-DEV
HTTP User-Agent header	742	curl/8.9.1-DEV
HTTP User-Agent header	754	curl/8.9.1-DEV
HTTP User-Agent header	755	curl/8.9.1-DEV
HTTP User-Agent header	756	curl/8.9.1-DEV
HTTP User-Agent header	757	curl/8.9.1-DEV

C:\Users\Admin\AppData\Local\Temp\Unconfirmed 223130.exe
"C:\Users\Admin\AppData\Local\Temp\Unconfirmed 223130.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.23.exe
  "C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.23.exe" --oldBootstrapper "C:\Users\Admin\AppData\Local\Temp\Unconfirmed 223130.exe" --isUpdate true
  2⤵
  - Checks computer location settings
  - Deletes itself
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:212
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd" /c ipconfig /all
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Windows\system32\ipconfig.exe
      ipconfig /all
      4⤵
      Gathers network information
      PID:100
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4104
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1668
- - C:\Windows\System32\msiexec.exe
    "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5016
- - C:\ProgramData\Solara\Solara.exe
    "C:\ProgramData\Solara\Solara.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2528

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 0213F6D781078A98B820CA285F24376A
  2⤵
  - Loads dropped DLL
  PID:2264
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 4431204E9D58F38F2C38B5239D88F3B3
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1772
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D2B89F37DB6D7217808356E7BF7D0FE9 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:220
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:5048

C:\Program Files\nodejs\node.exe
"C:\Program Files\nodejs\node.exe"
1⤵
- Executes dropped EXE
PID:928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffef03acc40,0x7ffef03acc4c,0x7ffef03acc58
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1776,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1724 /prefetch:2
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2344 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3792,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4820,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5056,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4700,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5024,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5000,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4392,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4944,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5492,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5596,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3196,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3796,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5484,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5592,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5188,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5548,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4504,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5252,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5524,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5288,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5444,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3788 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=4896,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5240,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5300,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5408,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6092,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5976,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5796,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6424,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6576 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6732,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6892,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7484,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7512 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=3232,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7184,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7172 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7200,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=6724,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7556,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7804 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=5964,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7792 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7988,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7972 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=8108,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8008 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8292,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8256 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=8272,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8312 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=8572,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8444 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=8604,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8704 /prefetch:1
  2⤵
  PID:5564
- C:\Users\Admin\Downloads\Bootstrapper.exe
  "C:\Users\Admin\Downloads\Bootstrapper.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5896
- - C:\Users\Admin\Downloads\BootstrapperV1.23.exe
    "C:\Users\Admin\Downloads\BootstrapperV1.23.exe" --oldBootstrapper "C:\Users\Admin\Downloads\Bootstrapper.exe" --isUpdate true
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5728
  - - C:\Windows\SYSTEM32\cmd.exe
      "cmd" /c ipconfig /all
      4⤵
      PID:5812
    - - C:\Windows\system32\ipconfig.exe
        
        ipconfig /all
        5⤵
        Gathers network information
        
        PID:5852
  - - C:\Program Files\nodejs\node.exe
      "node" -v
      4⤵
      Executes dropped EXE
      PID:6116
  - - C:\ProgramData\Solara\Solara.exe
      "C:\ProgramData\Solara\Solara.exe"
      4⤵
      Identifies VirtualBox via ACPI registry values (likely anti-VM)
      Checks BIOS information in registry
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      PID:1860
    - - C:\Program Files\nodejs\node.exe
        
        "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 0d57679718e0476d
        5⤵
        Executes dropped EXE
        
        PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=5552,i,11295500600194607193,15525646128451116358,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7888 /prefetch:1
  2⤵
  PID:5928

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3648

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5809c2.rbs

Filesize
1.0MB

MD5
48955da077a7d115508dd4ff5488d8e2

SHA1
1575088601a3775fd5e9b808e14ca81a027d910f

SHA256
36f1e56edcf8271f2bd9c970cf92e49ef2f4073e9ab9f2464b1336d334fbeb87

SHA512
07c506d234b041b1fb72ea779acd89f3c44ae281b92a76fb13d2ced612a10ae92cb8bd6b7d6b90bada0445c5fc55832ab1fba137bed22a00c98c5d107bea1d4b

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
62c677b8b4a8d3b01691f4641cb3cb41

SHA1
d81816f9cd04e051f1a529d8d319b62a71a49885

SHA256
1202c2ccb9adedb18c4a40ac547d07986aab111b2dba693dc5e0f08520edcc6e

SHA512
e260ed6ace83d676fbdfd30f80ac3c1be4cd2aeeca98ba847967b2eaef3d0c9a69818f1c167ff4171c9f48c1d89c142846d492b49d6fd650f9922517ced5d3cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
20KB

MD5
02d0464758450d87a078aea4e46187a1

SHA1
41154a61b8192c00a4f03e5ce97e44ecc5106e74

SHA256
c6aabc7504bbf101eb3b39fb3f831b61148f34605c48b02ba106aedccde52750

SHA512
9af139023983a975acb29147037f4fa8ca820e15b4c5f471e2cb000909970ffbfda2b210c8330cea93271bfde3732455a545730e242f1a0e59871bdec702b39a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
67KB

MD5
ce58019b091dbdb1895be63d765b1177

SHA1
37a38458a92835c43b270069c0629c6975b2ba69

SHA256
8defb86fd585d1e578370bac22698f0de49d509d7398a0e83fbae7a9d11e0fcf

SHA512
36be843dd5630cf0c76219459b2ff946fa91ab90be31e3ac62452642a79a062b9d7aaae14a0ad8fd92b1a6d468394f1aa8bfe45f262f33e34048b46e046a1b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
e77c78aa1b9c0f39690daf5d2ad1ca8b

SHA1
c3ff56da46f563871c290361b477e7adfe926713

SHA256
6cbd03f902839e8b5a580b332eace58a7bade72811434f7c8ea4eac9729a59f5

SHA512
cf91f491a0651c355944a49b06ab2b256efd9746ef265aa802f292dabbe10013be0c035066e3cb3899eaee7c87a19587c05c3d8fb79537ba13e0d756e558ed90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d1ec634a760071851e45341c52fc3885

SHA1
618993f328a9e74c3a450789c7c14657a6b294d4

SHA256
299b67831cc8cde2cfa2e5006a647a922d0fedbe05aea8f1cba3246d7d7c3916

SHA512
f1de014f089d4e009cf73bf92a6625e088d441482adf623feaebdf6fff03fc119c1457853dc15e98dec16ac9b7a11e088885e2214e2d7b923c57b00e6adc1821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
87905335125d77ee411783bfb621011b

SHA1
66a7d25a2b9804e0ea2b808c3808e60b0253632e

SHA256
efaa53bfd7ea96c5be4243a1aa431f47d7c9980c52756b7891d8aead8d29be87

SHA512
af16781cbd28ad55ed4f73d20daa1645cb48fa98fdc0facbc017bff3e7e1fa815aafc6d164a09ab13af2ac4f25f600c10e21567f94ebb1d3db2adbb6195114e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
17b6feea281df493f4f950181cef9adf

SHA1
fe12326ac0b4b3f52dacd0361ee7496203ea888e

SHA256
41f86ba556ea8f9af8e389d6de8f0ab8658895cf6c797b4f1eb950a72035e7a4

SHA512
3ca31ecbbb37ad88783ce0e2f243a6bf2465538d1fd571339c64551da071632286719c1b42b0f634b72554b5dd3a61c2882dcbd269258428873285a469b48752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
26KB

MD5
583146ef5c1e7e78f7bc050e9b799070

SHA1
7faa035497ce1056b2e72c0ba41d364a087da5bd

SHA256
3ff625b191fa78bff7ba02fbd3c284ba01420d5946844a9f405ed6d6dfd5b863

SHA512
4dd6b54ff2436ca4918beb9823364449704d0dc4d7b21ce6300fc2bf36a96bd8f3e1c682f29bfc7f6b33d0640596e55860b9bd3a679caaf6de57727068d4776b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
36ea27d68b467f55bc2e611e69e2fd84

SHA1
595e969a888bfebfd6d7897005157e7b46f8f3a3

SHA256
cd2e09d35b77833c1b32024d2cc0a89e3f8acd28328af0cf8ba18a96f2bfdf29

SHA512
76fc82535e8424cdf93f0262417b1c999924bceb5ecf200f41e182f653ce3846b65d9f696078da524c24239c16764672a65d3aae3b6bb7d66eb22014d2f5f719

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ccf93c33cdb6ea8bcb9164704e65c1a4

SHA1
6d40d9391634683451a1ff023b1257633bc9f40c

SHA256
5fb41600debd8a36177ce97083cac4611644c924350566f54fe38e2c26916318

SHA512
0efdb1949d1ec64f09caa681a1164709b71e6f9f4f93ba0b86c721f255b9bc18501a83671502a7bbfa0229b1681b4aebc4d1383242b2fbff60fb09c14889a1ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f8d892baff8f66044142dc0d61b8c493

SHA1
210f3e5a0533314278961e558959e2327f6ef0e9

SHA256
d6ef76f6f704e48c8cfc6be9f166e7fc61bb90875f6c8383abf077a5fc49b70a

SHA512
411ae31f593cf847f13c12032b277773e57dff67396410e78e5ca288e678b90e98e6c6d102f998ba50fc2f4d7c3400cbdf8843958838c778bdef4ad43ae41b02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f33a485224d3d4fac57481d0af4c718e

SHA1
1d79c6841d70893358a3debac68cbd5bb627401f

SHA256
80a6be9831f9ccd2ae0ee0d291a3ecb758ba2a0c3e18675b9f1fda6b0b34c57b

SHA512
8b92e26b9864f073ba615d05a251bbdcc0bb31dcde943f48a3c5bde64889d766e42562e33b08c3ead50ecfe3550e1a85866eca873e1205c56181e07eb9a7fec7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee1464f849bc5a020e4c58f95936e2d1

SHA1
2ec583d77f047dcbac0c6a7a8ee1ae4332f68f2f

SHA256
edc0fa5601c41ba0f9485591526bd418f46323daa39aa06fbb2e413b2ef1c566

SHA512
16de5df0f66d6815492e421d391eb24009ae350b565decbbf7aae4780d3d9f770c7d29fba7c272bec7fbe9ce67c47c6282c36e612e0487f4464f5dfc22f36096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f02a40d841999fd3831329ad04bbf708

SHA1
cc3765a73414fd5447ed29f8fea89acfc1d13957

SHA256
d44151033a6cf06808ca4da460f1e1c8710f63b0d2d0ace6d19100e620d47474

SHA512
1b1eaf0bb9bb7e674209831be8d9f2ea5b011137477a7a6d14bc7e44a6da16e6fd0d36b7208ef8de80d09a0563443870bf7bfa3f2defde8ef08e1c612c83b029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fff56747b74fc06fa397957996657b4a

SHA1
5f40646b19348a7a96ed7fcf3cc312004465be76

SHA256
8ccaf0050d5c7fadfc338527238c20271997ea8939b662b021d67aff56a2df50

SHA512
f298f15c2680b36379a6ba279bb8ba69c3e733056356a2312d201ce79bf0465fd1acb053eaa25bb4e3e7c58263b2b0de9e18c581c5efbbf133e6f708047c26ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
becb418a2f8beafdfed471ec8e90d478

SHA1
7544cf0ff3977c0bf4667c9f6012da051a19b915

SHA256
caaf351e6cc09723ee65d0b1c77e46187dc3844094c94d547c7ddc0237e2d26c

SHA512
84153714593ee75a0b992a84d73ea5d26834f088b28f41d52a10f8e76f0db5dc176353976e11a92ee0f2c53374bd1c85784896d17860c82faed267e72ea79737

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
21543bb9487a9241461a3c65ec8f3280

SHA1
a36ad24673de2f2a0131927f77cea5c09b57bf6e

SHA256
e20bacf2a38f32c3f95856b2cdcc4833fa8ae4aa4ed91ebc2bb61703c1a0503e

SHA512
4a170c0c5e9ff96d37f0239df19874d2ab0c95e01b56e28ef003c65cf7448e5e69fd6126e2077cac1db74d0689497d2b032dd789ed0dbf04d979fc0b0fc69333

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
747cbfc3c5b8a1d56cddbe865207f09f

SHA1
56c7ffe4c6cf02a28c8de5048cfce9fe7a8f7ef9

SHA256
d4d9463b75c37a6a87a66dacd3257c0417340793e4409c9a93cf9e5e700e64cf

SHA512
d2d68444cd6b7871a4d83aea8a857e082d30e70c815d7b747435c3ebe9489521733cb387a00c0ed4c7458e558b5c38b9509a499af1291e1b768986a52d032c3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
39292a52b05d9c056be9e7214d236bf8

SHA1
5581ed0becec50b84f6662f57a8ac022c432771b

SHA256
c753c7166a423a5af79436e6ff39ee776618764c48ec77162c67423dbc6d63de

SHA512
09238f1a4b5eec66a9c3a5470e366ff4eda6c985d9b5122891acfd67ca4abb32a8216950ba9007f26ddd5bb6930805392219647708343e20f2566a286e22c186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a8607fb8c4b795250d32e492b02a3994

SHA1
b3b0e2653ebeaf4443b599bb7faa4cbf7b8000dd

SHA256
1566341e46a640226090dd9db1323753bd97329a059ab37aaecf1527472a2ceb

SHA512
8e44301ce1026dbe75de4821d3cd3ed23fdebf2e80178218aea622682e9ec1c494f1bc21ad249da06325e63a09dc36757e4376d26a109b7af9ea984daaa016b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
8fb13581c9c7f3dfd5cedbc3507ccf14

SHA1
767f4e07e87bf819a810cff0e8727c0b709ddaef

SHA256
5a006abc9ed8c9557a5204a1e48475e7a1a244651a9364135eca1d2c375462db

SHA512
30fe9b84f277e88d110f24fa565187d1a9455e8f6f700eefa1d2a6162fb6e9c2704600b5f5673748dc1ba58eac99f5f8fb1a9c236ea8b667e2fb84db8d1e31ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
13631f6bb40be6cddfed6eb08640ed28

SHA1
1c45dd421de33cc77b8bdb015f37b36d56996334

SHA256
448a9abf830948e8a6b2096dd3bd366507c539159523b74b30ce01002b06a863

SHA512
206845d2d8db71a88440f4588b052dee847c4bb35785dbbf5b3700079ca5b90ae16909f9c4f9cd55ab05ee651a43fbaf084eb467499cae1e262c8e1e613bbfd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
59b528c92556d5da10b111428a0b5f6d

SHA1
e1d7e2bd950ac5a9763f529846effe585a3a1a8b

SHA256
165e025ad23e912d09a6757ad974abb00117e7966f8493ac8dc574b11f51925f

SHA512
61bd6b09800afce4569bd982e7b278ae6c29cb1e84f44951072d2b3ebc18b96a6416d0bef74e85ba9ea33559ba4b0b2f5e7ec3363c72874350556c93eca51582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
545b5aa841c266174a7e3605cc37501f

SHA1
845a3b56dc614e38642f77558a88051c26328dfe

SHA256
aa23571b8eccfce1ae8211729a4987a86c121dea5249949d2628b68e77141ee2

SHA512
86f821ededf6ba86bb51d2bd1b69ff560184f616d1d7bdbd9c1df99a667858479485244d3254d98ecc5a07c38b72703e80c180df86775cc0cccfdbd60eae46ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.23.exe

Filesize
800KB

MD5
02c70d9d6696950c198db93b7f6a835e

SHA1
30231a467a49cc37768eea0f55f4bea1cbfb48e2

SHA256
8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

SHA512
431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\DISCORD

Filesize
103B

MD5
b016dafca051f817c6ba098c096cb450

SHA1
4cc74827c4b2ed534613c7764e6121ceb041b459

SHA256
b03c8c2d2429e9dbc7920113dedf6fc09095ab39421ee0cc8819ad412e5d67b9

SHA512
d69663e1e81ec33654b87f2dfaddd5383681c8ebf029a559b201d65eb12fa2989fa66c25fa98d58066eab7b897f0eef6b7a68fa1a9558482a17dfed7b6076aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 58089.crdownload

Filesize
972KB

MD5
90fd25ced85fe6db28d21ae7d1f02e2c

SHA1
e27eff4cd4d383f5c564cce2bd1aaa2ffe4ec056

SHA256
97572bd57b08b59744e4dfe6f93fb96be4002dfe1aa78683771725401776464f

SHA512
1c775cf8dfde037eaa98eb14088c70d74923f0f6a83030a71f2f4c1a4453f6154dab7a4aa175e429860badda3e5e0ae226f3c3e8171332f5962bf36f8aa073fa

Download Submit
C:\Windows\Installer\MSI184A.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
C:\Windows\Installer\MSIEB1.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSIF30.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
\??\pipe\crashpad_2584_RAVCITUUAGSBBPKE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/212-22-0x00007FFEF1220000-0x00007FFEF1CE1000-memory.dmp

Filesize
10.8MB

Download
memory/212-20-0x00007FFEF1220000-0x00007FFEF1CE1000-memory.dmp

Filesize
10.8MB

Download
memory/212-2822-0x00007FFEF1220000-0x00007FFEF1CE1000-memory.dmp

Filesize
10.8MB

Download
memory/212-2399-0x000001A9475B0000-0x000001A9475C2000-memory.dmp

Filesize
72KB

Download
memory/212-19-0x00007FFEF1220000-0x00007FFEF1CE1000-memory.dmp

Filesize
10.8MB

Download
memory/212-18-0x000001A92CEE0000-0x000001A92CFAE000-memory.dmp

Filesize
824KB

Download
memory/212-2397-0x000001A948C30000-0x000001A948C3A000-memory.dmp

Filesize
40KB

Download
memory/1660-4-0x000001D6D7A50000-0x000001D6D7A72000-memory.dmp

Filesize
136KB

Download
memory/1660-1-0x000001D6D5C40000-0x000001D6D5D3A000-memory.dmp

Filesize
1000KB

Download
memory/1660-16-0x00007FFEF1220000-0x00007FFEF1CE1000-memory.dmp

Filesize
10.8MB

Download
memory/1660-2-0x00007FFEF1220000-0x00007FFEF1CE1000-memory.dmp

Filesize
10.8MB

Download
memory/1660-0-0x00007FFEF1223000-0x00007FFEF1225000-memory.dmp

Filesize
8KB

Download
memory/1860-3444-0x0000020FF8900000-0x0000020FF8938000-memory.dmp

Filesize
224KB

Download
memory/1860-3447-0x0000000180000000-0x00000001810F9000-memory.dmp

Filesize
17.0MB

Download
memory/1860-3273-0x0000020FF3F60000-0x0000020FF3F70000-memory.dmp

Filesize
64KB

Download
memory/1860-3260-0x0000000180000000-0x00000001810F9000-memory.dmp

Filesize
17.0MB

Download
memory/1860-3259-0x0000000180000000-0x00000001810F9000-memory.dmp

Filesize
17.0MB

Download
memory/1860-3446-0x0000000180000000-0x00000001810F9000-memory.dmp

Filesize
17.0MB

Download
memory/1860-3445-0x0000020FF88D0000-0x0000020FF88DE000-memory.dmp

Filesize
56KB

Download
memory/1860-3258-0x0000000180000000-0x00000001810F9000-memory.dmp

Filesize
17.0MB

Download
memory/1860-3257-0x0000000180000000-0x00000001810F9000-memory.dmp

Filesize
17.0MB

Download
memory/1860-3412-0x0000020FF4B80000-0x0000020FF4C10000-memory.dmp

Filesize
576KB

Download
memory/1860-3442-0x0000020FF4310000-0x0000020FF4318000-memory.dmp

Filesize
32KB

Download
memory/2528-2819-0x0000020A69B70000-0x0000020A6A0AC000-memory.dmp

Filesize
5.2MB

Download
memory/2528-2824-0x0000020A698A0000-0x0000020A69952000-memory.dmp

Filesize
712KB

Download
memory/2528-2821-0x0000020A697E0000-0x0000020A6989A000-memory.dmp

Filesize
744KB

Download
memory/2528-2817-0x0000020A66FE0000-0x0000020A67004000-memory.dmp

Filesize
144KB

Download