8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Resubmissions

01-12-2024 19:51

241201-ykybvsznaz 9

01-12-2024 19:48

241201-yh66zsvkdp 7

Analysis

max time kernel
999s
max time network
477s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2024 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

9^/10

discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	Bootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	Bootstrapper.exe

Executes dropped EXE 5 IoCs

pid	Process
2012	Solara.exe
5040	Bootstrapper.exe
1440	node.exe
4700	Solara.exe
1904	node.exe

Loads dropped DLL 13 IoCs

pid	Process
1064	MsiExec.exe
1064	MsiExec.exe
2056	MsiExec.exe
2056	MsiExec.exe
2056	MsiExec.exe
2056	MsiExec.exe
2056	MsiExec.exe
3144	MsiExec.exe
3144	MsiExec.exe
3144	MsiExec.exe
1064	MsiExec.exe
4700	Solara.exe
4700	Solara.exe

Themida packer 9 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/files/0x00070000000249ab-3102.dat	themida
behavioral2/memory/4700-3108-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral2/memory/4700-3109-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral2/memory/4700-3107-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral2/memory/4700-3106-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral2/memory/4700-3126-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral2/memory/4700-3128-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral2/memory/4700-3143-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral2/memory/4700-3144-0x0000000180000000-0x0000000181168000-memory.dmp	themida

Unexpected DNS network traffic destination 64 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 2 IoCs

flow	pid	Process
39	3040	msiexec.exe
41	3040	msiexec.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
68	pastebin.com
281	pastebin.com
67	pastebin.com

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
155	api.ipify.org
152	api.ipify.org
154	api.ipify.org

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4700	Solara.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\once\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\install-ci-test.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\.npmrc	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\dist\abort-controller.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ini\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\audit.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-audit.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minimatch\dist\mjs\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\npx.ps1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\ours\primordials.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\runtime.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\doctor.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\depd\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\bin\audit.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\map-workspaces\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\utils\signer.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-explore.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\asn1\tag.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\strip-ansi\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\vendor\QRCode\QRPolynomial.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\sigstore_bundle.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\updater.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-uninstall.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-prune.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-shrinkwrap.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\minipass-fetch\lib\request.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\config\definition.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\is-fullwidth-code-point\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\ours\browser.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-ping.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\disparity-colors\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\ranges\intersects.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\negotiator\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\buffer\AUTHORS.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\lib\theme-set.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cli-table3\src\debug.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\fastest-levenshtein\mod.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmdiff\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\defaults\test.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\stream.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-start.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\mkdirp\lib\find-made.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\read-package-json\lib\read-json.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\nopt\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ip-regex\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\fs-minipass\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-find-dupes.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\client\rekor.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\has\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\flock_tool.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\Xcode\Specifications\gyp.xclangspec	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@colors\colors\safe.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\util\dsse.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\installed-package-contents\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\make-fetch-happen\lib\cache\policy.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-normalize-package-bin\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\docs.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\ll.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\npm.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\normalize-package-data\lib\typos.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\are-we-there-yet\lib\tracker-group.js	msiexec.exe

Drops file in Windows directory 21 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI3FDC.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\Installer\e580a9a.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI20A8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1097.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1953.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4339.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e580a9a.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1086.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI20C9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3F7D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\Installer\e580a9e.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1983.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI16F1.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4144.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1047.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
3516	ipconfig.exe
1408	ipconfig.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133775563549865420"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 56003100000000004759ec4912004170704461746100400009000400efbe4759ec4981596d9e2e00000059e10100000001000000000000000000000000000000f37f90004100700070004400610074006100000016000000	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\MRUListEx = ffffffff	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-940901362-3608833189-1915618603-1000\{BA7255F1-CC74-4244-A830-C08C26FD1BDC}	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Solara.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Solara.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 56003100000000008159729e10007363726970747300400009000400efbe8159729e8159729e2e000000ae3c0200000007000000000000000000000000000000d3972d007300630072006900700074007300000016000000	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Solara.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 4e003100000000008159a29e100054656d7000003a0009000400efbe4759ec498159a29e2e0000006de101000000010000000000000000000000000000007d57dc00540065006d007000000014000000	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Solara.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Solara.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 500031000000000047590b4c10004c6f63616c003c0009000400efbe4759ec4981596d9e2e0000006ce10100000001000000000000000000000000000000609ed5004c006f00630061006c00000014000000	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 50003100000000004759ac4e100041646d696e003c0009000400efbe4759ec4981596d9e2e0000004ee1010000000100000000000000000000000000000027b57900410064006d0069006e00000014000000	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Solara.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
904	Bootstrapper.exe
904	Bootstrapper.exe
3040	msiexec.exe
3040	msiexec.exe
2012	Solara.exe
4456	chrome.exe
4456	chrome.exe
5040	Bootstrapper.exe
5040	Bootstrapper.exe
5040	Bootstrapper.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
4700	Solara.exe
552	chrome.exe
552	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3736	WMIC.exe
Token: SeSecurityPrivilege	3736	WMIC.exe
Token: SeTakeOwnershipPrivilege	3736	WMIC.exe
Token: SeLoadDriverPrivilege	3736	WMIC.exe
Token: SeSystemProfilePrivilege	3736	WMIC.exe
Token: SeSystemtimePrivilege	3736	WMIC.exe
Token: SeProfSingleProcessPrivilege	3736	WMIC.exe
Token: SeIncBasePriorityPrivilege	3736	WMIC.exe
Token: SeCreatePagefilePrivilege	3736	WMIC.exe
Token: SeBackupPrivilege	3736	WMIC.exe
Token: SeRestorePrivilege	3736	WMIC.exe
Token: SeShutdownPrivilege	3736	WMIC.exe
Token: SeDebugPrivilege	3736	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3736	WMIC.exe
Token: SeRemoteShutdownPrivilege	3736	WMIC.exe
Token: SeUndockPrivilege	3736	WMIC.exe
Token: SeManageVolumePrivilege	3736	WMIC.exe
Token: 33	3736	WMIC.exe
Token: 34	3736	WMIC.exe
Token: 35	3736	WMIC.exe
Token: 36	3736	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3736	WMIC.exe
Token: SeSecurityPrivilege	3736	WMIC.exe
Token: SeTakeOwnershipPrivilege	3736	WMIC.exe
Token: SeLoadDriverPrivilege	3736	WMIC.exe
Token: SeSystemProfilePrivilege	3736	WMIC.exe
Token: SeSystemtimePrivilege	3736	WMIC.exe
Token: SeProfSingleProcessPrivilege	3736	WMIC.exe
Token: SeIncBasePriorityPrivilege	3736	WMIC.exe
Token: SeCreatePagefilePrivilege	3736	WMIC.exe
Token: SeBackupPrivilege	3736	WMIC.exe
Token: SeRestorePrivilege	3736	WMIC.exe
Token: SeShutdownPrivilege	3736	WMIC.exe
Token: SeDebugPrivilege	3736	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3736	WMIC.exe
Token: SeRemoteShutdownPrivilege	3736	WMIC.exe
Token: SeUndockPrivilege	3736	WMIC.exe
Token: SeManageVolumePrivilege	3736	WMIC.exe
Token: 33	3736	WMIC.exe
Token: 34	3736	WMIC.exe
Token: 35	3736	WMIC.exe
Token: 36	3736	WMIC.exe
Token: SeDebugPrivilege	904	Bootstrapper.exe
Token: SeShutdownPrivilege	3896	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3896	msiexec.exe
Token: SeSecurityPrivilege	3040	msiexec.exe
Token: SeCreateTokenPrivilege	3896	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3896	msiexec.exe
Token: SeLockMemoryPrivilege	3896	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3896	msiexec.exe
Token: SeMachineAccountPrivilege	3896	msiexec.exe
Token: SeTcbPrivilege	3896	msiexec.exe
Token: SeSecurityPrivilege	3896	msiexec.exe
Token: SeTakeOwnershipPrivilege	3896	msiexec.exe
Token: SeLoadDriverPrivilege	3896	msiexec.exe
Token: SeSystemProfilePrivilege	3896	msiexec.exe
Token: SeSystemtimePrivilege	3896	msiexec.exe
Token: SeProfSingleProcessPrivilege	3896	msiexec.exe
Token: SeIncBasePriorityPrivilege	3896	msiexec.exe
Token: SeCreatePagefilePrivilege	3896	msiexec.exe
Token: SeCreatePermanentPrivilege	3896	msiexec.exe
Token: SeBackupPrivilege	3896	msiexec.exe
Token: SeRestorePrivilege	3896	msiexec.exe
Token: SeShutdownPrivilege	3896	msiexec.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4700	Solara.exe
4700	Solara.exe
4456	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4700	Solara.exe
4700	Solara.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 3192	904	Bootstrapper.exe	84
PID 904 wrote to memory of 3192	904	Bootstrapper.exe	84
PID 3192 wrote to memory of 3516	3192	cmd.exe	86
PID 3192 wrote to memory of 3516	3192	cmd.exe	86
PID 904 wrote to memory of 4992	904	Bootstrapper.exe	87
PID 904 wrote to memory of 4992	904	Bootstrapper.exe	87
PID 4992 wrote to memory of 3736	4992	cmd.exe	89
PID 4992 wrote to memory of 3736	4992	cmd.exe	89
PID 904 wrote to memory of 3896	904	Bootstrapper.exe	100
PID 904 wrote to memory of 3896	904	Bootstrapper.exe	100
PID 3040 wrote to memory of 1064	3040	msiexec.exe	106
PID 3040 wrote to memory of 1064	3040	msiexec.exe	106
PID 3040 wrote to memory of 2056	3040	msiexec.exe	107
PID 3040 wrote to memory of 2056	3040	msiexec.exe	107
PID 3040 wrote to memory of 2056	3040	msiexec.exe	107
PID 3040 wrote to memory of 3144	3040	msiexec.exe	111
PID 3040 wrote to memory of 3144	3040	msiexec.exe	111
PID 3040 wrote to memory of 3144	3040	msiexec.exe	111
PID 3144 wrote to memory of 3736	3144	MsiExec.exe	112
PID 3144 wrote to memory of 3736	3144	MsiExec.exe	112
PID 3144 wrote to memory of 3736	3144	MsiExec.exe	112
PID 3736 wrote to memory of 5116	3736	wevtutil.exe	114
PID 3736 wrote to memory of 5116	3736	wevtutil.exe	114
PID 904 wrote to memory of 2012	904	Bootstrapper.exe	119
PID 904 wrote to memory of 2012	904	Bootstrapper.exe	119
PID 4456 wrote to memory of 4344	4456	chrome.exe	128
PID 4456 wrote to memory of 4344	4456	chrome.exe	128
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 4680	4456	chrome.exe	129
PID 4456 wrote to memory of 3852	4456	chrome.exe	130
PID 4456 wrote to memory of 3852	4456	chrome.exe	130
PID 4456 wrote to memory of 1400	4456	chrome.exe	131
PID 4456 wrote to memory of 1400	4456	chrome.exe	131
PID 4456 wrote to memory of 1400	4456	chrome.exe	131
PID 4456 wrote to memory of 1400	4456	chrome.exe	131
PID 4456 wrote to memory of 1400	4456	chrome.exe	131

cURL User-Agent 6 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	283	curl/8.9.1-DEV
HTTP User-Agent header	286	curl/8.9.1-DEV
HTTP User-Agent header	287	curl/8.9.1-DEV
HTTP User-Agent header	288	curl/8.9.1-DEV
HTTP User-Agent header	289	curl/8.9.1-DEV
HTTP User-Agent header	290	curl/8.9.1-DEV

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:904
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3192
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:3516
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4992
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3736
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3896
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2012

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 20B72253E6B90D439B435B92FC2AA7DA
  2⤵
  - Loads dropped DLL
  PID:1064
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 416B84E8179C2AEF768CED0C905043CB
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2056
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 0DB43F5E745F3F1105CF03A4C3CD8C70 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3144
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3736
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc50c1cc40,0x7ffc50c1cc4c,0x7ffc50c1cc58
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1736,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4560,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4932,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4908,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3392,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4984,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5504,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5456,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5408,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4980,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5764,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5008,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5652,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5476,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5904,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5912,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5924,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5936,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3228,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:8
  2⤵
  PID:4788
- C:\Users\Admin\Downloads\Bootstrapper.exe
  "C:\Users\Admin\Downloads\Bootstrapper.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5040
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd" /c ipconfig /all
    3⤵
    PID:3080
  - - C:\Windows\system32\ipconfig.exe
      ipconfig /all
      4⤵
      Gathers network information
      PID:1408
- - C:\Program Files\nodejs\node.exe
    "node" -v
    3⤵
    - Executes dropped EXE
    PID:1440
- - C:\ProgramData\Solara\Solara.exe
    "C:\ProgramData\Solara\Solara.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:4700
  - - C:\Program Files\nodejs\node.exe
      "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" b5e05fa7c7164a60
      4⤵
      Executes dropped EXE
      PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=3400,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6460,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6212,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6224,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5624,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6304,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5416,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4500,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6672,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6660 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6732,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=4508,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6704,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=5940,i,9641503421906727722,1444192679088723313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:1408

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4888

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4808

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x440
1⤵
PID:3896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e580a9d.rbs

Filesize
1.0MB

MD5
cf6ddf353631c9bdf919c297ff8a7581

SHA1
82bc02244c07abb76e7f2ab9afa3201a31aeb6ba

SHA256
340c018a35bec117d4739bd901706015d6f7a9d3b432804b42926ea34dd2927f

SHA512
cf4bc02608929b6312ef14b2f794dda4854f7dbb2ccbf4d84c62f50048cc2d71409bb0dea69ccfed0a4c7b6c68807b1bfafea1dc2bbcde1fea22b5124c6afa27

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\SolaraV3.dll

Filesize
6.8MB

MD5
c3d8a566119d8fee7fb2d0db4dea86e4

SHA1
c8094d474337ccf4dda2b1888a8235f73c20eaf3

SHA256
ca8df8f0b5d9981ed0e284f809472e8013252e59bed1a0f08c98a4b0726920ee

SHA512
0cd41d5d7c90e4f780dd92b03ac0938dbbf082c5658ee660c31986cd8e9d9c68f386b9989373cdd25c34a21943c266495c4f4c85b44487bb97d0edebb96555f7

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\ProgramData\Solara\bin\version.txt

Filesize
5B

MD5
a550e39a1b99146581652915aa853a6b

SHA1
3509c9a74b8fbdce7069149a65b86c70d1fb37c0

SHA256
f637e389c425692bb6ea379c4bdebef58ae2aea6aef7d28488816613e7bf9374

SHA512
4a62903c599ca8cc0ed9f48c9dfbf1cadc4953e2c87a9c5fdd71bfd8f689809c9223bf51f0190e177eb477cd7322c64812c8b4061065346d22a95b79d1c52104

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7c05b818-6b47-4c0a-a8db-c4245ac16384.tmp

Filesize
10KB

MD5
0c1aff076bfbfa9626eb223873b24a50

SHA1
f44ae6162f5a9f2070fd8a7185a81f0f56abaf8a

SHA256
9bf7c3294e9c693480e900a0c057c3dee651d95325c7026e381508334335927d

SHA512
61ed8682eb002b55b061c48af458dd310e0bb5563bf3f985c2d8ad2a1d5bb1fec9efc042d5b4313061a3e71d20e80c53f6a617e1a65752fa6bcbf685a3d65024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8485c58f-760f-4c43-b6df-8f8a80ada2e0.tmp

Filesize
11KB

MD5
9e0a48e1f287a01a5a15cf21869a1689

SHA1
22a49c45ef580493758a392a39f60c8c39f92067

SHA256
a8bcc2c548827f8ef7e8f687093dacbeaa15714cea5ed571a26262a19e1318fb

SHA512
20f948c3f5bc8b32811a49ec397f5fbf73f478d76979cf530a0dddb95109a51404937933d0d959b1d28301e8f05c4f2ead82c8b040b9dbed56203f4179e1bdb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9cf020786d76b0b43b975d409c315a94

SHA1
852478b370637993b624d00f3338ec0fa285cd90

SHA256
3b259be80c297ffe39ddca0b038afee96c2f685d7da0be52a345f65779429902

SHA512
4845adca062e6f5349192cb15da6566ae205a29b0c819cb2db7eaab1e6f7f3737015737e177ba6024ccd770338822cc20a373b076e067cf6435884d98eceef11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
1024KB

MD5
589b29040ebc7cf56a3467790d711b34

SHA1
6796192b82a1f9e2c449e883ab6ec093ffb27962

SHA256
eecb503b6680133a487e70698baf6cbab4417db3b9d9a827fb258a91c4e48e9b

SHA512
c2c9a5e74da8841955cdddcebebe8abdb02d807095217ccd04ee0b2089ff63a5313bd84175f91dce86cd7cd4b5170f088c6ab400cef122da354b936b28c00c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000084

Filesize
1024KB

MD5
055e728f625824ae51b01b2a64654a92

SHA1
44fb17923f5c817b9a910e3da399e11dee406144

SHA256
5a23da79b0bdd32d1ea2b9cf59d9d40baff982ce4ded9cc1afb8c6608ad8c18b

SHA512
9d101281b9ce906a7a6ad42731372441569b7f19d33b9e1d68c680354113a1539ea9c3b471f3fb45ae9836fc100d24a73240757b1aa59725360a2539a567acad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
03c4eaca8a126ba520eef5583ad8a80c

SHA1
28631caa5e50625cb93bca3c2e5c8f46de815874

SHA256
8588f1bf287dc1b57460ae1a670dad9a931ca247d2370598c6184ffe48ae56d9

SHA512
bff01b727778664c960699c4d118c39bb61e36d7450476174932b20b2f6ccc9f96d7d9e08922b1c7b6421e088cab2e8e48a3a23b6896b78d50c8ac83f6fbc41d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c2fa9a71286c61e29adac7e76c6f696b

SHA1
006d53b76025bb998e0f4a775ab8906198c2b83b

SHA256
5c145c3d69e84550c9bd44afb9dc60c34afde340db4ad33125c8d15adbcb10bc

SHA512
3d58458fa0bf4517f306208127404ac823641bb696143a6f36a4ce4dbd343c7d6c2e2d331a3fdb0002abbc45f265e5cc993822dcbe44b7cf995032eab16b6a68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
919e6beab675da935daf6fe9c0de474b

SHA1
86b6a880e64e523af31a93445e3df0448b6b6260

SHA256
2fa80b655a0155b8a3d0fb4b2f00d44d579be803db6baec30d1bdb60825b60bd

SHA512
372d0e0d851614e9f4195f9cf88516a83e5df43857caf168cdcb2452f4af42765aacf4cca9717e0128ca6405d585c0b9ab8e2a7a2bf420e23550170e1fae90b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
29583dc2ab5af2cea6fbddc2be80d5b4

SHA1
213295f2e2971c8f4e80e0928b9f3cc43ae11c58

SHA256
93f9801f0e6d30ea1a15bcbdd92e4d8ed7281c16b31d9244afdb477144076259

SHA512
8fad47d5cc013caed7990b7f7e3e629c2d776575c400b489af3fdc46e32578a36e20dac2869c6bb52f4b4da8c214862b8684eff3088031f690b3b9556fec8161

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
bbe82c91c9c9df7b700e04ac6c926c17

SHA1
9dccce6afa4a7404612b0e03d735ca2b8b2244fc

SHA256
a6a06b9d17304537af8c92b8d51cdcdf27c5201a3501c149d503b00724b84e92

SHA512
bbcdaed4c398fdd32045dfa4d39ee68bfa5a9682fbfa5dc5349d829b460fe097be409e8bef02790f63e34168c7449f540bc0dc16555462e15258bfc0d547b0fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
8d49a89613e1f7a45f23c11269e8b874

SHA1
74c578b4e72d41dce6ae6f40a8649375dc6e9976

SHA256
86c9049a26ffcdc480147a41abee9db0598fe4bd2534282d1ecf4645ad8f8eed

SHA512
0b7381801c2b080e0e5d0ff79a733a341694ffbecb365a8d135ce792a4bdd75ade124bc3a8629d5b91105cd6ffa1f1709f8612f898ad643ddc1fedf9ad6974ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
9765a72d18524c024f1b1c8d0aa50f2f

SHA1
82cc492de1371f95f5db4bb2021864472494da3f

SHA256
ed31d9dddd26f71d61ba90b412f348c1def64a113e41db3b8c6b93f9e3d99854

SHA512
e450576089d3b7fb36888649f79ddd13b89f3c0f66c0ce7e7e7b201e4e67e7414260868e43759c93023965c3fdf890aa982a426b87666d398713682f0d0dce5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1084e47b7e1d056f52d6c83770492163

SHA1
e3c78d4669f49b955a7d8d948faa9edb7c1c7acb

SHA256
626fa746edd1fab07b1d05c0b19946185d9bb725ceb5887d570395b7415e2dd1

SHA512
90a4a240afe245cc6f78be4c0d93ed8c832fb23bbe686d24433e3b4cd50da7c15655bd4088bbc47f15f42de8390fd5f742e998e2088ac3d6dee82dc1cedabdc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8c9d31202ff03b29ba80d25269df13fb

SHA1
3a528898a170029bd2b457ce12424992072ac52a

SHA256
92e25f7e4c6539cc41510cc5865fabce7a1334e835cf7769ba73874b34af0da5

SHA512
dd4f223049fba6b51c6c635fe651695719a6e94351af7cd7f55b5ca496d82062770e2aba66f2e580ba9730bf4276d539c72c3df8b7c71ff6ec7cfc012b1aee37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
801d2e3abb76a088532fc57ef744ca91

SHA1
b433e8d1ad5024880527fc6ab64495d87da65b7e

SHA256
43ff9becf599c31405765c06786d4f96a778ae3a317ff496c1c39c52b8591ea3

SHA512
31c76f95bf451b2ae64aa1dcb42d00bfa3dbfcec6fda0852a271ff32086eb8a40da20691037e5a7f3c8b533c710b1b6b44422d5b80e414b73cf8152624a59f4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f8902b6fc8369d9086bdbe0df00a26fb

SHA1
a24679e79fe879beb4e6b098f480c83891ab2527

SHA256
54f511e8a39abbb406ac69681ba3c05c310a8e6862f7f920cef0f5e6d14fd7bf

SHA512
402a45afb99e0d06a18e98f1429c86a42190897201873f1e8e8c1d7fc1cedd0882de6e113820dee3ea76e9b3f2ccf2c9e92fb2e7a5eb35d3317d4ac000bd92bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3a961a66e2187f76c3b085bec36785f1

SHA1
084b0131e678c2ae76cb21b5a2a255771b97c201

SHA256
ae69e0ac917cf948ebd31b010567265b61c13f0635c30723aa07d7d694bc5aa6

SHA512
865230843557e8608dc45c63cbe6112480ebc4050a7bdcfc220e9dd6b69b5d77217567b4e002a29822f62f4d4791133bfdbd1fd4aa0177ddd8cf832718a07a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
06597a24ae5cad7d24a29ba77fafef62

SHA1
43600b853fa0a68909ea9a04488acf3937e03f2c

SHA256
2eb4842c20daf3b41e2db257d0277d208746d9bd7717916f39648573ae86b3f6

SHA512
76e424c054d6735f056467a14993c6a2bb5280e5f37808d3c370666eb0fcc66a57518903b0ae12ad0a4cb8551dc9866ebbeee746b2d6c5c73a54ddc80fa33a84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c8400eca99e6c6e60e6325b09823433a

SHA1
3b2483ede357708e4070b54707ee59fccab0fcdb

SHA256
bfd5b935941b0eccd1b69020a087ef0e1560c1a176fd734683535db8120c1ecc

SHA512
65e1d729537c8b0d1076c7e779af6c530f80bacbf33e379505cb811a17d32712aa962ff3ff290eefdee32d5cb9243292b38d58831b44a8fa98f43df95e6298af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
015f04e1f6f52109f53009ca44c06473

SHA1
7ebb380c887bcdc4731fbc2ab7eddeeae914df43

SHA256
b1399077c19d1cfe3b16766e56cbecf98d72d1c88c5b036b2de6ddaf0ccbf3ee

SHA512
de35dc709a796002f34b383654b899265d61e6e8de62e34fc6b05dc42fd77c066071645823da42990626a585f974ce8c6c5dcfc91697c06740bdf01a6e3d32d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
930ab81ec39f0ad967e60827ec232136

SHA1
d1d392ac16d17cea96db9d4610b18df64c7d4c27

SHA256
0b553d48040bafe9b6618b7e8e7a94704689848117f808030d498c364938884c

SHA512
f0581d50f142d6fdb83f7cf2c896dcbe0620f7b05f91d303c0bcec86097eb26425cdba82b0b3e0bf23dbcbd3164595057e2f49e6728334f62b02fa17d956d198

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2ead325c8eccffdd0692ea8723b08d2d

SHA1
c2566f51a9dcc8dacd109214e04aafe5f4e6a492

SHA256
9cf57a9b0623f80bffbbec4951d3d2d86d8e857dff0913bc328593874426712e

SHA512
ae619e066f17f4d4fd07dc1d2dda62cfb6874bd7d7cde6e4021b65fce43a3c482cf69854a6e895f7e462733fca37d84ae00ca1f0ca5ae0dbc11ca8791a1c4fd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c69db9621e5a0c06248c30ce8e5f0c38

SHA1
0c47e187ee16413536edfc97981b26b354095b97

SHA256
25c169dde294e237cb7c097678cb05b1aab3fe5e0a88cba9ea5c321e462a22e2

SHA512
96cf687b81bbd6e238ac16c4964f99c88005b94618d66c4761ab696753a2f7b7f366d4d06127c4273ba9eafb201793d1ee9d7473056cb6ea6d1dfb07f83a2212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
44b0a12d133f0bf877c3465a14689ef7

SHA1
e4bdf0a8a386f299c39647c127d2f22fc279cdd8

SHA256
3c6fb7bf49e2cee405e7da034e07f8466ab8046de5e15314d80ed88c76f005b4

SHA512
2f82b7176dbc95f3ccf4ee70a0706e6720f73bcc608e4101dcc711a907c85fe7a1550c477da8be1841eef83968d6f057fbbc09ee022f2dc6ea102f2c63e39bce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c855213ae0b70f852895384dc9181f77

SHA1
53e75ef8ce3732c10a668775a0b2cf8fd07a3693

SHA256
8c3d8de7966b77dd601cceea2d6e1c689739117b850b0c128cdf5a871196ac80

SHA512
b1fcc0489d5e5853501ae35035156bdb7a29e416f2ce1fb3c82aa5a386a33e534eeee7352066f17f8173bfc6cc9bd6694e3100a8290a7e36010ed446ef4fd90c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
60c2865c0d05327ec5267dc4bbb6e92c

SHA1
2c0d0bad962a03187c1419d72e520c2406d0791a

SHA256
161384c0cf299c36287dd04a141ebcc22d7aad5a1afeb0e63ef878adef015d0d

SHA512
fb5fc8a7a403d82eafa4dc4962165e3b11178c9a51f8ebefd9599bbbd31dd53e8987c926c48b9d4c1c089dc4b9ac619e69282b7e9c782bb620df5441615ae8e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e8645021e31b8d8c6fff75455dd04355

SHA1
6c6141f2c758171bbc269426c3e0630b93289e31

SHA256
fd3fd1facf89c05124aff19438901d2ad1ee5e6be2b319de5baac22157dc2cdf

SHA512
ad3c7c41b1bb0e0d4104702e52005b2495d923c010f8a2edcb110287df910b783a209e26b9aa154cd58ddd8044ba20e99df9ac340741a1fbfed93f051061f84e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e30724529293a99e10236ce806972a1a

SHA1
770d7097ebab36a1e3050ca4f057b823090bf0e8

SHA256
da0f768c9637e2a29e4afd08e7b0bd8786d2c857b2747ef50446e76af43616c4

SHA512
00508034c3ae0d872138897792fbc922bdc7800ea45463d43a87b25c6b9ba8229d426730736b25f21f4dca2b70da9a6f0ed01ed77bef59eaf798b575f022ed61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ad416db878d5dedfa7292aa8e1be87dd

SHA1
c758db6c0b53d726c191d807820bf4b2992c213a

SHA256
941959ade7bee84402dda8cd3c2dc646a9fbf4f0937223cc4a9a8ea0ed32e3d3

SHA512
4d60e63f8fbac0a4ed75b89fba657e7cb7a848ac59f05d8b69cd6758ffd06a712308ba942e2dd505b1da6bddeb6b2e02218c418c202ad92723ebdeef3d8e13b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
5cab8a62506ed80348a42ac3f99d5a1d

SHA1
046cd22ed3fe23e15eadd55076885e494b39399f

SHA256
5bcfe544c720833b6d5076d33d46fd566d10e9bfbb31c83aab71275049dfff70

SHA512
90957cb9dc42819e9a0af9d0e79d4ae66842d19ef683c993ed76d7c5c9ab2f7e9eecf8320c652b4096b4933b24f223a2bf07db9e86298de45ed63356d0636a43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8cc334c3a9cab3ec0b26a1615fc25a2f

SHA1
2a1ff8990002a7ce0349b4c933d88c9901f99bcb

SHA256
6adffaf0591abc1fb9fb55bff2f3b1ad530670e52f5e69bab4b8853e6b23e91c

SHA512
9407dee0fbd6e568c9638db1a0a1f2eaa025fa81665208e831b182f5dc6c6028d3dfc44880472a1a6332ada20076f4c0e5034f601a1003853450a2bc512f58b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
48669d0a8fe4b4c446ce59e172eb5c27

SHA1
d9fec28fc4ff72e049dd37dfe0788fc23ac135eb

SHA256
89a0ea1ecdda10496601af9d2f99429ece043b42f3910d08195a8d5c56bdc1e6

SHA512
c6658bd70b0c2e3fd934e090d47fe9f36eac94d90bc75bf5f39109c8a2463e55e4804314e05a7725d8e315a65d8647d0b00fd39820a1015a9396b2bbbcfd72f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
111646f0178be05135493464f388bc41

SHA1
69443247135686108dba4a296704f28929b52e9c

SHA256
59c4b3bbaa453945726def1c746c152bb8d6baaf3b81f21397710c51798d94e3

SHA512
17fe33e6234803fbc403c83bbf69231538aa493fb81ec2677106f9c582fb6c77851922669257c2995009c9ffa1880fdb3c614e8e741753fda01f489c9345c9c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9347ab5b3c92ae65d1c4de861492fa2c

SHA1
15bdba7752c6f2dd4772b80485bdb95068fa306a

SHA256
189992895e66299125a3933f8fae9f8059ad95ebc33e3b4d231984f50991f047

SHA512
b94292d6bb06ef7f703d29a549d54fe4112ed44b8be07db471445c9b0ba58efbb4d176672581871da5a6db1c347686f6e34d55fe260a961fddd0dec1e4800ebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3363e464682c314f6b0cd129e352fb9e

SHA1
74436c9d2012a4ca7d22e0290a3e2053253c5073

SHA256
9709976e5419fd68dbca2795aadae25534bc0c4cddce74bbeaa2fe38567fb7dd

SHA512
39ed3f1988a6b870f597e321a8ccf57cfce59a3ddfeb6b908fb894c284f4603d5d8529bb97311ccee5e4ea17ff0bc0992cb4cf00923b0aeb343379da847c5f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0259db05d603206917f45180614273ad

SHA1
90f4a1644737be43f5a6255af0a924d43df30db6

SHA256
a7d40e2710911aeff67bed8967d6468271157bac4e395443e927c49d1a4d65ac

SHA512
8c4168759fd2b053f2f49c4911a4ec71557461837c7edb6362953f6bff83eb32fead1b3712b49edf291503626182b21295a3ab55c402389fd89b5976390e4bd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
a51745365dbf8e9c70640cee48fa184c

SHA1
0a5d65e8611d4acee0369434b30f7afef66b1762

SHA256
f810379dcd32b6d23c308a7bcd0681d118c78111aa723d817d028677736bf495

SHA512
97e0cd71c1a335a2620903436a9557f48a90109ac348e82d235105aadf4793548166d3c12dd5311223958f446bf91ce69b66146a72a51fce5dfde132082c3016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3b9291a8e89858c92bdcf5101d11b175

SHA1
f3489c15a667884732c56ae27949c428da1b5d87

SHA256
f0c137f3512c6fbc1b1e48c3d07799feb3a94ba57d9c98dc58928039ec0333a0

SHA512
ba0cc3ad14f7dfd2b46ea91e574f7f2f3050cd5933988f16d321c041e1c0cde90c445e715ccf373b8fda7f865265ab1df66d514eb784264884983f554c9ce76b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1b4766ae0ea335bdb63383a3b99696b4

SHA1
66025555475e5156910912f9c977d97e527ec5bb

SHA256
6b63513c82b4b420f372bf626d237b1d47b01ee78bfdcf0357d469952b7c5860

SHA512
41bddde8e20eb74bec1bccd43dd0bce99097deba32d67c8a5901d920015d813facb1e1d531584386d0acd54519ca10b8211214bd4b66e37c734a80fadc4c0735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
29eeff5f601112559f2fbfa8569de55d

SHA1
940e91c73ff39fcb5b9c146ef3b21087c409920d

SHA256
81dae96af5fbb7d2b3254f979d6437a4be2ab641f3e82e680e784bec19cf316a

SHA512
64e62afd992294355426f7e5d45cb06e4b770da980d61e42c348ee96f5619c79ad8e0028e79d71add2988ef5ca33102293fe0d8f8defde956f54cae20242b12d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e5b7980a04e4805673a74179633ecd675ba6a857\e7b29cc1-6cf8-4e71-a466-6d4c5b9d5e3e\index-dir\the-real-index

Filesize
96B

MD5
9cd71e7b1a71bb57f71a56e32ba8ffa0

SHA1
e60f1f5ea98bca1523bd4298c8521d61aaab757f

SHA256
dbd4e3660da9d627629c1b266f2977b0cbf6265391384db05149f0c5b2cb0d25

SHA512
6dbc9926e737967d2c2a782f4fd13f646a5de88a22310e6187a9023830e92c4faca1438ada50c78b9cefb3690ba751e3bb22cb75e12c45c5fe62f7396a5d6908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e5b7980a04e4805673a74179633ecd675ba6a857\e7b29cc1-6cf8-4e71-a466-6d4c5b9d5e3e\index-dir\the-real-index~RFe5b4003.TMP

Filesize
48B

MD5
f428982eb2ae146691df20099112c247

SHA1
584417055b38bb726a4d4e7c0a03c5662437193c

SHA256
8c9a39787d42d1ae370feac6bf8a7a3345d5d12ddbea41a726c354eb396d4f84

SHA512
8dc2ef70fcb9d2b9ceeaf02adfdd34a4fc82a7412a06436b2beacdd3e6316bdd197b9b4bc97af5eb12095542055557c368c73f004afb59ec79d675dbbbcae46e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e5b7980a04e4805673a74179633ecd675ba6a857\index.txt

Filesize
126B

MD5
7059b2b2f4f6b3c4b795caa22201db75

SHA1
872501a7d2c90babcf53926d2c9d0cc24b6b22eb

SHA256
b909ace57dbaa3ce8ea32d852d7dd1cf21719dc759b84a0b355c7201765d29e7

SHA512
7cb78cf7a2bf0d44bdd189f6d31e196dcf59ff52ffb1c32c3fe1c772c0f295a4b30808c99af6d1ea84ad151804e1e6d3eefdf45ed6a9ce2849cde457819ea4ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e5b7980a04e4805673a74179633ecd675ba6a857\index.txt~RFe5b4032.TMP

Filesize
131B

MD5
73d6cd6423bbee879bb3dea9cf439bd7

SHA1
abef228c367b31f64b6b772ab806da9b66df91b8

SHA256
516256456492bbd3870da31cccaf41820b52dc10b42a92494fc13b1aea1c9506

SHA512
419a38892536615ff25deb5ac8a1e4e5a54bc57865ff69a86504a7d99ac74938bdded7c4b3177b1d5004b74e3dc7816a98f48c9b6ffe729a79eceb71a7e00a2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
8eb93f348bbdda2c8db012acd213e371

SHA1
5f1947518106d0f213ee6bf5c669dbd6f54d279e

SHA256
293567040e86fd9e17c96830abb3313f8820e2f13022f9f7b9bf4e040aef1e43

SHA512
bc5b9f03ac1b527723422397bfea56699457a0631264e4ac87e2dc43dfbedf15740d09ad4876ff548d3e9b2a04c5370811d5387e2411cd46209155b33d42d350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
bfb27fe5a04ff5742df529d91c806608

SHA1
a18c1b654bdc73300b6f1bc15b81d1d77e1e118c

SHA256
de0ad2795e63dc4cf23277612b71f6240cf14818414b45a07685bb2457e40bfd

SHA512
de352e2ec5605b2953b8c7d1c25bce53edbc8ec977a2446b6fcec889a7bd512cb368c46659a745c046af9032d1fcc3d0c2c3a23d335c5c337d0415bdbeef8e10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
37aaa38e2ba1c1af6693dee44cb86510

SHA1
d20bdf603d60a905838927eb29c8d56b84eb5a6f

SHA256
bd768d41500fd27ffae7f1111f5c550f1d41192864651e49403a6cb052ac8ef3

SHA512
81064d09752e086e35f0c12108e1d3fe0e74b05dccf3dab45f8257e79a1f29a6cc8430e0a6c83c553abae6c72e33b49a7a6e5a6871e89a6a900f0746674bac92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
c61caca8035b97b6e133bb29da4f3d73

SHA1
ba1d3dc82efd6dd85e611656137b0e0ad4d0021f

SHA256
97dcc9501239fe7cbdfd9fdd257012e7cf40725315465a7942325038d63da3f9

SHA512
164cd47fa2331501b373fa4102876ca24ef70d2b5d3e47b145169284a1f828f5f83151f6025ecd6fcd2a07f249d4556dbf49777f67ca0c133dad4fb8c9a64d31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
0c504d2ff6796ecc00e43bcc361a456a

SHA1
c2e23773465af36c0261cca0fc0d40e807d9bff9

SHA256
268cd4a0f87623d58db163629ca23f37ea6926ebafc0a2139133958a075f8532

SHA512
33b896f833db34ff946bb47a3f97a76d47fcffe589faeee23ffc7d0178a04bf4b1dd98a4ec4410c7abd122e35ed6cb378c595db1aac716f26c52c98f54fe111a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
fa0a3d04b7d6cba7d0311b8d467ff7fb

SHA1
33867b5864eef90e10e3a5a9cc99e2d0deb387a9

SHA256
a400cdf75ee4c510d4114dffbe787306294f7f05d794ffd24a7ed77c9665e24b

SHA512
e8e9528251f8f50f6fd9ade5f720fc53a62a13c717f7c10f30107db95bd587faf6980266708782c809a2de5bf082331cd8d1ca406c8eb683feae44413ee0a666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
e4172787f490bc8d5561f319b2b0cff4

SHA1
5b44bb353409a6779006f35f471b7b72cb497b59

SHA256
7b13efbdb4f6cd3eea10e4247083069c81a0fda538255aae2a32568c237df5f1

SHA512
644a87cc12b76f862d292f0f7f96eba47acb668e1a572d96b83071c17a5d9eeba960712c14bac1c462b775286a43cee4f98bb3849e6f4e85c4bfc08c73ae98d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Bootstrapper.exe.log

Filesize
1KB

MD5
855285e994255810a4afdde7fdce1add

SHA1
28b31c1198c2b158a02b2f66973d4c8599f31a38

SHA256
ee947710fb01bd76c4b8ea6edc85455e044cdec2fb9745c074aa2964bf3390e7

SHA512
231f1556090d4bfbb8564e62b259dae0db755bd27f4b6576a988ba9eb38b6dbd3fb570b4f6c0a4264e2752f7fa364d4287e49041f19cb148f85a3fac0ed4e3c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 797349.crdownload

Filesize
800KB

MD5
02c70d9d6696950c198db93b7f6a835e

SHA1
30231a467a49cc37768eea0f55f4bea1cbfb48e2

SHA256
8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

SHA512
431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb

Download Submit
C:\Windows\Installer\MSI1047.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSI1097.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSI1953.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
memory/904-2383-0x00000287B6C90000-0x00000287B6C9A000-memory.dmp

Filesize
40KB

Download
memory/904-1-0x00000287B4DA0000-0x00000287B4E6E000-memory.dmp

Filesize
824KB

Download
memory/904-2-0x00007FFC50C40000-0x00007FFC51701000-memory.dmp

Filesize
10.8MB

Download
memory/904-4-0x00007FFC50C43000-0x00007FFC50C45000-memory.dmp

Filesize
8KB

Download
memory/904-5-0x00000287B5340000-0x00000287B5362000-memory.dmp

Filesize
136KB

Download
memory/904-28-0x00007FFC50C40000-0x00007FFC51701000-memory.dmp

Filesize
10.8MB

Download
memory/904-0-0x00007FFC50C43000-0x00007FFC50C45000-memory.dmp

Filesize
8KB

Download
memory/904-2385-0x00000287D0A70000-0x00000287D0A82000-memory.dmp

Filesize
72KB

Download
memory/904-2805-0x00007FFC50C40000-0x00007FFC51701000-memory.dmp

Filesize
10.8MB

Download
memory/2012-2808-0x0000011EF50E0000-0x0000011EF5192000-memory.dmp

Filesize
712KB

Download
memory/2012-2801-0x0000011EDA7F0000-0x0000011EDA814000-memory.dmp

Filesize
144KB

Download
memory/2012-2803-0x0000011EF54A0000-0x0000011EF59DC000-memory.dmp

Filesize
5.2MB

Download
memory/2012-2806-0x0000011EF5020000-0x0000011EF50DA000-memory.dmp

Filesize
744KB

Download
memory/4700-3113-0x0000028DEEDE0000-0x0000028DEEDE8000-memory.dmp

Filesize
32KB

Download
memory/4700-3111-0x0000028DEE0E0000-0x0000028DEE0F0000-memory.dmp

Filesize
64KB

Download
memory/4700-3108-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/4700-3109-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/4700-3107-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/4700-3106-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/4700-3112-0x0000028DEF6B0000-0x0000028DEF740000-memory.dmp

Filesize
576KB

Download
memory/4700-3144-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/4700-3116-0x0000028DEF870000-0x0000028DEF87E000-memory.dmp

Filesize
56KB

Download
memory/4700-3115-0x0000028DEF8B0000-0x0000028DEF8E8000-memory.dmp

Filesize
224KB

Download
memory/4700-3126-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/4700-3128-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/4700-3143-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download