8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Resubmissions

04-12-2024 01:34

241204-bzkyravlhw 7

04-12-2024 01:28

241204-bv61esvkdz 7

04-12-2024 01:22

241204-brerrszldq 7

Analysis

max time kernel
320s
max time network
313s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
04-12-2024 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper (1).exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 1 IoCs

pid	Process
1176	Solara.exe

Loads dropped DLL 11 IoCs

pid	Process
3944	MsiExec.exe
3944	MsiExec.exe
2396	MsiExec.exe
2396	MsiExec.exe
2396	MsiExec.exe
2396	MsiExec.exe
2396	MsiExec.exe
4644	MsiExec.exe
4644	MsiExec.exe
4644	MsiExec.exe
3944	MsiExec.exe

Unexpected DNS network traffic destination 9 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 3 IoCs

flow	pid	Process
9	3756	msiexec.exe
10	3756	msiexec.exe
11	3756	msiexec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	pastebin.com
14	pastebin.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\google\api\field_behavior.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\__init__.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\tables\eucjp.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\npmlog\lib\log.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\completion\installed-deep.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\polyfill.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\lib\util\hash-to-segments.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\create.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\just-diff\index.tests.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-org.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@isaacs\string-locale-compare\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\util\oidc.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\are-we-there-yet\lib\tracker-base.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\is-core-module\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\buffer\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\arborist\reify.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\configuring-npm\npm-shrinkwrap-json.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\name-from-folder\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\vendor\QRCode\QRUtil.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\p-map\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\builtins\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\tables\gbk-added.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-audit-report\lib\reporters\quiet.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\signature.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-unstar.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-team.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-update.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\util-deprecate\History.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-sized\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\pnpx.ps1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\pretty_gyp.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\smart-buffer\build\smartbuffer.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks-proxy-agent\dist\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\node_modules\glob\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\util\pem.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\yallist\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\string-width\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-outdated.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\util\ua.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\negotiator\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\run-script\lib\set-path.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\using-npm\orgs.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man7\developers.7	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\env-paths\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\classes\range.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\completion.sh	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\build\common\receivebuffer.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\process\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-prefix.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\are-we-there-yet\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\is-lambda\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ssri\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\lib\content\rm.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@colors\colors\lib\colors.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\fastest-levenshtein\test.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\gauge\lib\wide-truncate.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-dist-tag.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\identity\issuer.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\fastest-levenshtein\mod.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\text-table\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\docs\binding.gyp-files-in-the-wild.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\jsonparse\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pyproject.toml	msiexec.exe

Drops file in Windows directory 28 IoCs

description	ioc	Process
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\SystemTemp\~DF841D8D8B65733F28.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF294248ABC6A6AFB5.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF68C1A192655C21D1.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI234B.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Installer\e57ea6f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFD43.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\~DFF2884311D14240CE.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF8FA.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\Installer\e57ea6f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEF23.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI229E.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEF72.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEF82.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF7D0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF93A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFD32.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI256F.tmp	msiexec.exe
File created	C:\Windows\Installer\e57ea73.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI27A3.tmp	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mshta.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2436	ipconfig.exe

Modifies data under HKEY_USERS 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133777497990249837"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe

Modifies registry class 30 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
3008	Bootstrapper (1).exe
3008	Bootstrapper (1).exe
3756	msiexec.exe
3756	msiexec.exe
1176	Solara.exe
5088	chrome.exe
5088	chrome.exe
5020	chrome.exe
5020	chrome.exe
4168	chrome.exe
4168	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
4168	chrome.exe
4168	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2040	WMIC.exe
Token: SeSecurityPrivilege	2040	WMIC.exe
Token: SeTakeOwnershipPrivilege	2040	WMIC.exe
Token: SeLoadDriverPrivilege	2040	WMIC.exe
Token: SeSystemProfilePrivilege	2040	WMIC.exe
Token: SeSystemtimePrivilege	2040	WMIC.exe
Token: SeProfSingleProcessPrivilege	2040	WMIC.exe
Token: SeIncBasePriorityPrivilege	2040	WMIC.exe
Token: SeCreatePagefilePrivilege	2040	WMIC.exe
Token: SeBackupPrivilege	2040	WMIC.exe
Token: SeRestorePrivilege	2040	WMIC.exe
Token: SeShutdownPrivilege	2040	WMIC.exe
Token: SeDebugPrivilege	2040	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2040	WMIC.exe
Token: SeRemoteShutdownPrivilege	2040	WMIC.exe
Token: SeUndockPrivilege	2040	WMIC.exe
Token: SeManageVolumePrivilege	2040	WMIC.exe
Token: 33	2040	WMIC.exe
Token: 34	2040	WMIC.exe
Token: 35	2040	WMIC.exe
Token: 36	2040	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2040	WMIC.exe
Token: SeSecurityPrivilege	2040	WMIC.exe
Token: SeTakeOwnershipPrivilege	2040	WMIC.exe
Token: SeLoadDriverPrivilege	2040	WMIC.exe
Token: SeSystemProfilePrivilege	2040	WMIC.exe
Token: SeSystemtimePrivilege	2040	WMIC.exe
Token: SeProfSingleProcessPrivilege	2040	WMIC.exe
Token: SeIncBasePriorityPrivilege	2040	WMIC.exe
Token: SeCreatePagefilePrivilege	2040	WMIC.exe
Token: SeBackupPrivilege	2040	WMIC.exe
Token: SeRestorePrivilege	2040	WMIC.exe
Token: SeShutdownPrivilege	2040	WMIC.exe
Token: SeDebugPrivilege	2040	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2040	WMIC.exe
Token: SeRemoteShutdownPrivilege	2040	WMIC.exe
Token: SeUndockPrivilege	2040	WMIC.exe
Token: SeManageVolumePrivilege	2040	WMIC.exe
Token: 33	2040	WMIC.exe
Token: 34	2040	WMIC.exe
Token: 35	2040	WMIC.exe
Token: 36	2040	WMIC.exe
Token: SeDebugPrivilege	3008	Bootstrapper (1).exe
Token: 33	2864	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2864	AUDIODG.EXE
Token: SeShutdownPrivilege	568	msiexec.exe
Token: SeIncreaseQuotaPrivilege	568	msiexec.exe
Token: SeSecurityPrivilege	3756	msiexec.exe
Token: SeCreateTokenPrivilege	568	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	568	msiexec.exe
Token: SeLockMemoryPrivilege	568	msiexec.exe
Token: SeIncreaseQuotaPrivilege	568	msiexec.exe
Token: SeMachineAccountPrivilege	568	msiexec.exe
Token: SeTcbPrivilege	568	msiexec.exe
Token: SeSecurityPrivilege	568	msiexec.exe
Token: SeTakeOwnershipPrivilege	568	msiexec.exe
Token: SeLoadDriverPrivilege	568	msiexec.exe
Token: SeSystemProfilePrivilege	568	msiexec.exe
Token: SeSystemtimePrivilege	568	msiexec.exe
Token: SeProfSingleProcessPrivilege	568	msiexec.exe
Token: SeIncBasePriorityPrivilege	568	msiexec.exe
Token: SeCreatePagefilePrivilege	568	msiexec.exe
Token: SeCreatePermanentPrivilege	568	msiexec.exe
Token: SeBackupPrivilege	568	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4544	CredentialUIBroker.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 1644	3008	Bootstrapper (1).exe	78
PID 3008 wrote to memory of 1644	3008	Bootstrapper (1).exe	78
PID 1644 wrote to memory of 2436	1644	cmd.exe	80
PID 1644 wrote to memory of 2436	1644	cmd.exe	80
PID 3008 wrote to memory of 412	3008	Bootstrapper (1).exe	81
PID 3008 wrote to memory of 412	3008	Bootstrapper (1).exe	81
PID 412 wrote to memory of 2040	412	cmd.exe	83
PID 412 wrote to memory of 2040	412	cmd.exe	83
PID 3008 wrote to memory of 568	3008	Bootstrapper (1).exe	86
PID 3008 wrote to memory of 568	3008	Bootstrapper (1).exe	86
PID 3756 wrote to memory of 3944	3756	msiexec.exe	90
PID 3756 wrote to memory of 3944	3756	msiexec.exe	90
PID 3756 wrote to memory of 2396	3756	msiexec.exe	91
PID 3756 wrote to memory of 2396	3756	msiexec.exe	91
PID 3756 wrote to memory of 2396	3756	msiexec.exe	91
PID 3756 wrote to memory of 4644	3756	msiexec.exe	93
PID 3756 wrote to memory of 4644	3756	msiexec.exe	93
PID 3756 wrote to memory of 4644	3756	msiexec.exe	93
PID 4644 wrote to memory of 1644	4644	MsiExec.exe	94
PID 4644 wrote to memory of 1644	4644	MsiExec.exe	94
PID 4644 wrote to memory of 1644	4644	MsiExec.exe	94
PID 1644 wrote to memory of 4012	1644	wevtutil.exe	96
PID 1644 wrote to memory of 4012	1644	wevtutil.exe	96
PID 3008 wrote to memory of 1176	3008	Bootstrapper (1).exe	98
PID 3008 wrote to memory of 1176	3008	Bootstrapper (1).exe	98
PID 5088 wrote to memory of 132	5088	chrome.exe	104
PID 5088 wrote to memory of 132	5088	chrome.exe	104
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4664	5088	chrome.exe	105
PID 5088 wrote to memory of 4180	5088	chrome.exe	106
PID 5088 wrote to memory of 4180	5088	chrome.exe	106
PID 5088 wrote to memory of 2560	5088	chrome.exe	107
PID 5088 wrote to memory of 2560	5088	chrome.exe	107
PID 5088 wrote to memory of 2560	5088	chrome.exe	107
PID 5088 wrote to memory of 2560	5088	chrome.exe	107
PID 5088 wrote to memory of 2560	5088	chrome.exe	107

C:\Users\Admin\AppData\Local\Temp\Bootstrapper (1).exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper (1).exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1644
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:2436
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:412
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2040
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:568
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1176

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004B8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2864

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3756
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 2907BCD46F22E00CA350655765048840
  2⤵
  - Loads dropped DLL
  PID:3944
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9CC2629C0275F8CB7F3E4182EE853225
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2396
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 0B8F349E8B8B3897541302E4AADB02AD E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4644
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1644
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:4012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffc81adcc40,0x7ffc81adcc4c,0x7ffc81adcc58
  2⤵
  PID:132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1744,i,18068329835250988847,315601254356348463,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,18068329835250988847,315601254356348463,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,18068329835250988847,315601254356348463,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,18068329835250988847,315601254356348463,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,18068329835250988847,315601254356348463,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,18068329835250988847,315601254356348463,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4768,i,18068329835250988847,315601254356348463,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,18068329835250988847,315601254356348463,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,18068329835250988847,315601254356348463,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4416 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,18068329835250988847,315601254356348463,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4492,i,18068329835250988847,315601254356348463,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5116,i,18068329835250988847,315601254356348463,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4788,i,18068329835250988847,315601254356348463,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5156 /prefetch:2
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5084,i,18068329835250988847,315601254356348463,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3784,i,18068329835250988847,315601254356348463,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5456,i,18068329835250988847,315601254356348463,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:3076

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1952

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3492

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc81adcc40,0x7ffc81adcc4c,0x7ffc81adcc58
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,13213451005285629840,7908230449063462740,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1708,i,13213451005285629840,7908230449063462740,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=1940 /prefetch:3
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,13213451005285629840,7908230449063462740,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,13213451005285629840,7908230449063462740,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,13213451005285629840,7908230449063462740,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,13213451005285629840,7908230449063462740,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4308,i,13213451005285629840,7908230449063462740,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4740,i,13213451005285629840,7908230449063462740,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4408,i,13213451005285629840,7908230449063462740,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5168,i,13213451005285629840,7908230449063462740,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5200,i,13213451005285629840,7908230449063462740,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5432,i,13213451005285629840,7908230449063462740,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4916,i,13213451005285629840,7908230449063462740,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2176

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1228

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Users\Admin\Desktop\ReadInvoke.tmp
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x110,0x114,0x118,0xec,0x11c,0x7ffc81adcc40,0x7ffc81adcc4c,0x7ffc81adcc58
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,13858331826752847654,952188552789631182,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1696,i,13858331826752847654,952188552789631182,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=2016 /prefetch:3
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,13858331826752847654,952188552789631182,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=2276 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,13858331826752847654,952188552789631182,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3080,i,13858331826752847654,952188552789631182,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4620,i,13858331826752847654,952188552789631182,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4640 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4932,i,13858331826752847654,952188552789631182,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,13858331826752847654,952188552789631182,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:4824

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2924

C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\MergeSave.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
1⤵
- System Location Discovery: System Language Discovery
PID:1552

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\38b02947d0c64bd5b69683c1d0e14629 /t 3692 /p 1552
1⤵
PID:4572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57ea72.rbs

Filesize
1.0MB

MD5
1bcbd3c43e4f2894a52bba5a205627e9

SHA1
3d8069cc3d00057fc131ad2aef26234327b0a929

SHA256
5366db05dd5fc74fd9b79db146d3283c9d8e6096b70bf3f3aff1de7bc23b38ca

SHA512
762ab784ec6a0894c8a9f42c926017cbdfe0c7aa7c44e437fbf16c262d7f3e2e8ab61041d639a01cf9b59b531e07fd768801a9e0f2772e3f51ff53ff7d99c126

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
e91ee655fc370fc76cae70be75eb4da7

SHA1
b1c2a36a252373b78768ff0b8c7c414975f8230d

SHA256
2119db0210675f0217218459520534d0442fb93f8d2ad66ba4b20c8d2a430ac2

SHA512
6295ce62fc97be1ee529b0c4dde9d8b806e7972d89378d527740c3865bae85e089883634ad2c3a72b0f0c63f0a0758645733e9e8d9092fb87bd7cc3e95d6c7f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\39b7f411-6f05-458e-b967-133f792edebc.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d40bb89c5884a71fcc30df4b6735642d

SHA1
0fad19f33cde6c5d26a3a3e076830b05defb69e3

SHA256
d56d764d0e5fd76060a4f93e3818d9e7c4460dea0701f8f21f9de309f5c5fd96

SHA512
72d638cd971c1fea1832c414107152e6adf2fe560542d9ed19907e8db6d3b1c567659472eb2fa36d2cd20fc4fe11218b4468cab03e3380f2012707610b927ef3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
8bb74af7430c785151e6c7a0709fb0d2

SHA1
94ff97d9a813b3184e994043ffa69a4ee374ab5b

SHA256
9e480f8ff9c5dd46161b7e94b9843d02958bfb94a38a983eda2e1961325d3e6e

SHA512
49e18fc6a4bd37bcca7e97f41f78f9fab2869b484e6de092c1cf1d62d0ceb3dd8455eb728d2054bf9bfeac667db86a66f7a0fdc7bdf9a5010273911108dd5b13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
22595ba066c3b3263928dead0262b4ee

SHA1
424e77e912090a63ccc684b29fbc3db19b9748a8

SHA256
449b8ad8b992217abab29f5c6788efeecfe5bdc38695eaeab68da1da03fe35b6

SHA512
314269f3a1354395dd8699150ad376b3e52bf7257c59a4bfc6106f5b8966f42b627933a635d0bda5547fa87c1ceef77875f0a727c2ad1e7e680726dfebd18040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
5e4b0b77c3c3bc9542ca52a0a5d94e7b

SHA1
52b6a2b2fdcd5a7768208774f193cee8caded0fe

SHA256
44978c059a9936b34afd5c18e6392b27dde403a5b6b44f277f78c3c751caf8d6

SHA512
67ebbb1788988de64f1ce749e6215e9d7671b82fd0da3a7f94e4da8fa4defc4b63d8110c8500cf787d13a3d30fa1baa41ba92f2454383b4a5ce7d66f31e69f72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
a658e187b0384c21d3b30d85dd24a677

SHA1
3a7dd91b0a3e6844ba4b700dd88f91ea456df47b

SHA256
016237ea6ee374667449eae07dc46d1f08febf3b1d033929ae82c6c39c226eab

SHA512
155050ad99f0a4bab35d4af33564d8bfb53d0557c3b45bae7afb6d06e7be0b7d82cbef598cec92b08d90d42c780a6ac60ed7cd4d79012dc5679080ed114fb7be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
49KB

MD5
961ce3dbb274dcb6e2f1be7438841709

SHA1
da858bfeb1036399cc02e10942ca1493894912e5

SHA256
7fb6823f80a01d7a68dfcd056cd039f9041278f075baf8ee202f19e1988a0c01

SHA512
cc1cc64f6ef0663a1381590496ac1505c15a421188ab754ef23546e9fb5b4f7b2ddc2e17aff01827900bdfa062748a58772e392be230a83184ed5fbdcf8eed29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000078

Filesize
330KB

MD5
5eed98d6e37b21fe64e3a5fbad1622d6

SHA1
34782ca3694b17be2aae569d0e3401b8a09194be

SHA256
1494c27d62de2a9570e7ccbdaec4fbb40325f4beca10fba537f92464089322ff

SHA512
fdd76c3fb34388b19db51743bdb613aef89367991c2d5209a8e51f9a6f704a99c52a35bfbbbd43d7b82aa9057128a68d1c1ba860b884b0aa9d9acb1a75950353

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
e20654e3c5c135fd223b10172dcd7af5

SHA1
a755a5995b1fb38d0783c37763a1e19cb2522bc3

SHA256
5e5f9aab6c40ebf309f3703dc967d79b9d120e6a20a5341d0a35fba6742f993e

SHA512
f02bffc10d2ab316eb2984beadb3176bd21446e1e30b0404a172c34c4a6448a042611d2ce494289d5d6a4601fafffe1df546370f0666d33efe1486a646189a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f553ecf419bd2cc10d1bcda1afa0e85a

SHA1
ac59ab6849519534cf941c11bc65ae0453261bc0

SHA256
78b6b5572eca6946c7ebc82cb1ba9f384c497810fb228041a2e60b5fbbd368b2

SHA512
473f5277b8da1791c2ae1f66b900efe0013ca5b6301b7c320d25948b95668c431b242a73f4b533ad760316f96533933d7d2d540a48adcb76450fce6425429990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4c2b318c2d7f31ab9b40769f9fa36f6e

SHA1
8fa378bd864116478c3108a22a6e70b341cee282

SHA256
fbde7e88f625632a818caf08b9d544b92227a1b57fa3b6781d7dc81677c7e8df

SHA512
34c2195871a43ef5ef2df002e659da37861b0c93bdab15195665008ea8329be09410b74195750a0dd326022be9d39e5d4f48b96612c118252dfcf88617ee967a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
def040b29ea45d8e70da71a5220e7b3f

SHA1
f48bca822419b255c491b316a776091a503a1c43

SHA256
97e3fb023238d5b4863cb95e3a64b8758999d77c5e04ff0b377798ea20c9e8b7

SHA512
5b70c4d90f028341137576a6ca46f69b0b2264dac1c62651433daeebaea1b15af56e74f86c54dd4bdf42d93c393d08f781d906a378e6b01f49d250ab985475c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
1df402d07222593b624fa7dfb00bca4b

SHA1
c0feb35d6c5dc35e17fbcd7cb55adafca22dcc94

SHA256
9b895030bc3cda2ccdfb613a10195365b87db4c6b43a77275c9b5f5248389e7e

SHA512
2232046e83b1b805036c5ac270fd4198013ecf3f7f2276aba932b2905a552e7c9f4ed9a83e393f58d33ad058fe05dc8cf3daabe20bf531223d1fb38e832c3d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
d9a57885b0e39b2001dc2588b37ef972

SHA1
c23f0a01e5ed55faf43430f5d3cea47710294d5a

SHA256
825b6b710bed03b383e5b6e8f78ba60ff4fd73824339c0f039955312d97db3b4

SHA512
beb29801bc8fdf4194b38fbb30de655b3fab96bc71b3941e15e7a12566f99a65bfad82abd93cd9f2f5aaa5ffd107f85bbff73c0cc0e8b399f5fa92796abdad89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ddd93afd952ef1c0fdf179c170335117

SHA1
7a865395870a6db9e7278920079eba549fe44dca

SHA256
760b76bc6f56e62cdb674b79e1ace27a2c6e181765d16b61e105c8e864c70802

SHA512
4cdb7f53e67ac62af616312ad71d7e1b119404eab244cbff1a14b91659aa0af6bc64a756aaa071f90b54d16d1e3ac70236972dc4c9d49ab5115a7f9d7f59fa13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4b8bd93fa9fb1d6c1f6cd3fbb423f769

SHA1
2db3689194e3f41368e28bf7ebb70537b7988123

SHA256
8437eb56c46804f4c8f802f9c361e66af5547f3a6ba1a76136275765a120a1d9

SHA512
7fbe5422e02a36dc88aec0ac0dc2c4a234ec5afca15565e7446dd952208c1a9dec9ff5ab7ed430ea60cc188d4258c368dc0f3d1e1687c3a953cff7895edfdba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
fe7386f460fc6e8b8125c4301d7557d4

SHA1
4a8e1a6fa017d707bbfbbcce9136a4611471eecf

SHA256
6f6d42e841f2b847d9d9979787e169c3e7d97916e86d0165f12c6fcf9e60a29e

SHA512
cce9e0b3f3f582f6b1ef8771b5aeca5ccf7dfe447f1b15448c978777817328b64ac55f76e21bc938730df3a6499e50e3332a2b8fe25e4573fb5ecabc49317fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
39d4b4f9bf8c57abd32401ee6259dfa6

SHA1
43ce37cf9597d1dfac4bbb77d28fc0955b9ed63c

SHA256
9567cc94a1245ed352544311a88fb3a06caafde2926b2307dfc85eeff30ecc44

SHA512
97e0713c57105dcc4cdbb7764586f311e88a69dd949ca69498321ac75ec386162d326d1865803262de336c65ed6207ec862030af2aec69483c270a9f14e0fa76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
10ba98d0e8db633afb407e58dc876f6c

SHA1
62e154687a0c3160b05e5bb4d7a49f8d8d1678a5

SHA256
2c39f9c0aa1b1ef0025195b6b1a309cbfc50b93ecdd9c18d30f91ac4a94994e7

SHA512
7ffe5b87b565e7c16f8aa62fc9d4c517843bda75b78354ca42c881d6bec6acead06f2b01f003e96c28aec6c8bc5325c01914bbf93c37f68eb537c3f493d1a393

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ce807e1975856e9cc49b36c28e47c5c6

SHA1
a2348abfb9f5e45055b7f0690dc06e22a6f99c69

SHA256
4d760239c86c987f2134d2538c0d2ac8b674a338224d316fd991e83a37f7caf2

SHA512
940c6e367e33c258c15a83b2d65374f3c51923a2b7de96c124654e018220dece5f7629b73fce6cb124a0cd421b4668218edc1e6185c56c50dd665613db41ef11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d178abdde9243499734b91863f17ed3e

SHA1
9f89324b4371f9a5eb18ad52bf7da013d04df6da

SHA256
6d897aa34802f907dec620025c55727644ecdf51693c60291bb0017a062a0358

SHA512
38e8376799a729f7655fd013eb57c68e06b40291a57f6639adfd1ef79cddaaaaad514968852b0c3917a15fd6f9c02b6ee22842a1f23372762d8adfba702119fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7b816b13cde93e281613936eb80fbe52

SHA1
473fb03bf88098615935136f841802bb7847c675

SHA256
c400003de10838fa55231df27124ff63e5dbb38589c3758dd0ece78c521de134

SHA512
6fd6a22d1df4a309ba8294d8f57271ca7bea6914f896aa171c519c0c68f841f9f78b299848043b404b0cb4040a0762458effc8efa990cb63f7f743f57245670a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c3ad93b2db3ce7891a081e27c6cb85fe

SHA1
99ee939f1fb50ac52a3f14f7010f5d9ccfeb97ae

SHA256
c5dbd21e9e4ce24820b9926b397d78aa14c6f0745513c236d7addcc92969cbf1

SHA512
92b369d983b2113772d0d8130f705f0eebbb7aa6a31e0d71cf179c8511d2eed607ac944a54dadff2acbe9b0e58c982f5caae815ce899086178a889e73b86cbff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
93e272491c842c5d2046d2eb0eda0ac5

SHA1
7bea6316e95b7171a6145239c572146d09c6c519

SHA256
f98284119e16988deec6d52130615a51c7c1c5ed703290a01b7b1cb8509dd5db

SHA512
5982af1e1469677f7c541b1a866e783403c192ba8898be0232ca6ef5952393fbd60203f43e0ff5d2ef0d61ec9a841b48229451ed7d0490c61780972a88634702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fdaafbbd8fbe20262bac49695454b0e7

SHA1
b60669f8ef67f1dc72d2204d309bbea953dd5cbe

SHA256
9fff9940be0a030411648aff6d7fab6afb42b5a9a85b96ffb2635d07ed541c98

SHA512
41137c54860c4a7ebb2c329af0782ed3fdd915eac0c6d2443031a5b0dca2c66f74878c9c8d6e8e54295d92e3b2e087fbc9471326905b212e487fc896ac6de692

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8a68257502cfaeb6c076033609565181

SHA1
3435afaffe2709b46b845a11f0d6e96c766fb8d6

SHA256
c3b6a7c707038abab284f10a2db32a8a78ad139fe69cd75af162573b19a4b5d1

SHA512
0c0a5ce0c1fe841938676ae36eb949d7d3c59f6dbf150c786ea7aa3804c8d7612a0da4e3bc7974db72cc095c3013a79bd71c0c4076b3f9ecf9b1585d92d8b407

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e992be3c1ba90a6cba6c4f94b9e8463

SHA1
0c88d4bb88be8c5344f605c9ff3e3f08f6aa87e0

SHA256
86b1563c1c5fdb7d64531b2d399437fabb1c55f057ceb339417863115f0004e3

SHA512
dde815a1266fafe2e98abc8a02290a4e9ae5b2c91379839bce8312d6eb8de71fc543318298110fd6adc8fb80c7756f878901c73daf8f111db33857d8d5b986fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
496d8111ac281ea64dca2659ea59f79f

SHA1
c71e6d8e31530173c24bd2ecac2ef30e69e4244e

SHA256
643d249fabd4afa8d65ba3667f88ef98bf0be1e0f975897e3595c06c0159dde3

SHA512
7535b61c2973c49695b68adb9a59b53ea543b6b5ad67e8831c5f6d2ecf138a8b864c7fd318607bd77b9c7ed1f8ad2e27e3b5f474b08abe6381fd596a431d553a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c002974e15901c19164578413cdb14d9

SHA1
33b09df8d64dd90c2dced4a251ba426df8e8eb8e

SHA256
7ab27e2c9e8551ecbc4a5988e307c867a91626168776cda317ca6e4c05680080

SHA512
6fc00506e02f1962e9babc7ea38d45ea3c70ca012c4588abfae015ea570eb1b44839f8d4ca78a5d85ab9db5397d3830ba2367818d0ef85260ffb9e1541a09749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ed735c1c72425e09ff918d7fbd444f20

SHA1
90c309256eb1ae2e5e2629dc235e9540726543eb

SHA256
663ffb9f69f444c6d2507babdd60c16b52ed95ef1eed093c86f603b51154d028

SHA512
02dff03424f16996274fc5ebfa230134a9cafc289a508cf2d1a84d3718b2f9d331f9916a17f7ab22a1b9ce18940be3a5564e961858d7ea8d54e04dd2e3e125ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8ae546f098c340fdb6680c2eed1abae1

SHA1
2adeeb0ad447142d122b8c15c25466ca95716d40

SHA256
8c52774041b2c3b030f72991f9098718e2578e9faef6523bcbd139f437113b03

SHA512
b94add238a574f550518cdd76d822cc07c121af1076f17bc0d0dd6300c8118ae128ce98e18205e91d46803416b6e00da2c77193d6a90d76d2249de3380a0def3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9093de5416a52f8564f21abc28d42c4d

SHA1
6a6dfc8110327bd4506e3403a13192f3e9e624cb

SHA256
cbd9d26a521af9d938b8886dccbb32a191c0f3cb814f7655c5cf24d5f15a52dd

SHA512
cc1a3a0be4dbf8a2f3fc27b38c3b81474c27a96b8ab6034d241fb0c9e239f1ee1eb5d73967bfd530c4d2baa3a52e41f825fe0a4f46a33d60b88d1a494f0c22a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
522bcd9e66a9d8c864211e1a3c8b86ef

SHA1
87ab238da5bc19884b90439c0cd2589bb8f7d70a

SHA256
3b80b4d68937edadd87274d35dde5b78226839ae8102767f31427b13b4afa5cf

SHA512
ec23644ee64aa60dc9646d50d49e97ce25e686a6aeef80b26c37c74bd0f10ad378597427c8d87d2e573e9d7c1ebb0582ae3ffdc4b79885c44bd2c19e1252e7f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
46f231a0a07d3524ef9007ff04dcbec9

SHA1
03ef44eef3ebad82c301d5bb465aeec2e09b6048

SHA256
a1b1518b49412041740e72fb3835b8cd1a19f82217e0c663a6593c344e6034ef

SHA512
d6655f60746ace3ff9765155ebca5dbaafcbbfe2bd333ec4906e80d1ea103a9eee79b8c09caa79309b6514dcbf4e2f520417b5615e759b5a93182e1c58312227

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
7891119298912c296db96b6eccd082f8

SHA1
16594997f2f7f8a82b91c57de2427bd4bfb066c4

SHA256
faa2e1b282a0b414258bd14a706aeed9d1f19a497417c42442188f9a369b06a2

SHA512
730ae13a0485d1efcef5b2eeac4b3454242ae4405982b905d8c5fc86385d4bfe82c944fc91f61696ece87e1896b795b0765ff30c7dfc0da357df00363d781de7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0eb5e548c2f3d4edcd4c0b1117db3d92

SHA1
15c586fbba5a3d098b08b323f4b057ce9629928f

SHA256
510b9b110da52cc20796c30b6ab88982b63653699934dee5d869ef95f9748981

SHA512
95c9f8c5a923a9bf6a7a3f0797dba3493800a6e38c01db1951195b6971782e7496726832c8ba851e6c368d95dd1db4e99e6ae4291e968bc4b7a538b1ac08728b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
2f0c1aab65dfb08c89f75e8f00866eef

SHA1
18d34017a5c818af4309317651abbab3b69f139a

SHA256
f8d5536221c287feb87a77701df56fd7e21e296a08a1b0c13a38f7ebfef96ad0

SHA512
c9b102331e8d94c707fedccf426308378ec79df65ce27c31aaa3efd3b1df2d4372ef506ae64769686931a04c042423dc74830e0aa730c50d257859c015396abc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
4f3162bcbcecc01dc8715756272f096f

SHA1
085b95f89361455204d73516a9076378186fb20a

SHA256
7c518249c769d0aea54a698a1ec33266776351839ce736b90aa5273209d6119e

SHA512
f4f44c2e9117d512984b9a7c3feec79df84663641d868ed5a7b038fd14c6ab9f25ad9cbda24b3bbf522428c6e3eaa8db4fecb2a5d0dc0fbc895b1acda7acd242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
c9d77b263d45bc58ce1c42c6f7948b26

SHA1
678f486fa48556eb7d25b79dcef026227356f023

SHA256
b832d977f085562a04be5dce04da7df707468477d982bfd24f4f91d4b9df4ac4

SHA512
0dd18bbd9eda153a4708195282448b09fae47a6dd807bbd6cffcc582a7c289f613b01e43814e3b425fe8b1d187018f744352a41c0505bc19448796f257ceaef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
d502de04e9d1594a49d3c2f7181f3322

SHA1
261ffbd0e9b53c121891d7403bde8d3bf5d97786

SHA256
8744a946c604dfb0918c951e1334ae0cfac0ea51a9846a73bd1217bf2edcf674

SHA512
43c5ae2d23fb6d0537c7caefbbbdb2ef2f7371dbc52a3b218f3288f21bd09ad9c0a6697632e397ab58f2b534e1689ed5908d1e244d3ec3f2e25053bc2c5058c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
9f33071ec9c977b9a9bf8146cf7eea1e

SHA1
f7744be0f0e4d1f2d0b0d35797644c6eb63f7055

SHA256
7b82ec6a95cdd485e12884e4bc86e520efea7b95c186be5baafae34a4954ddca

SHA512
fc1201f71de6f5e5771d3e00b48e2663b5ca941561aec0a6025e3fc303af43b74e833326baa2b45cc343511dee1571eb3d4a84ff1a87833e4a7df11a6843fc37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
7b32e026189c19a22e0cf1d814fbacbd

SHA1
08c7eddd5f448c9ed79a8b2fc9cf93aa74c7ad35

SHA256
31fb7e0de1e02a534aaf105bc17e5bf2003e86070497788ee31fd211131fa176

SHA512
a1c0420e60dc415ac752d6794d6842b400a99959c5c7ae36bea80f0b12a09cbc11b3ae53402b0e6e65a888a9fd52a705549c052fa230b449042d39d6429def85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
44feecd6e1711632737f76af19b9de56

SHA1
c5e0e7f47266cbeeda0744cbb1792ec2fb52af47

SHA256
b5fd4582af24f33a9d0585cc217f02c2c1815ae0c659e78ab2a394400faacea6

SHA512
60bf804d3764186591d11010ea58220e9f9b06327b08161d337306d9dc15327218ed4706f3f154bdb1c246c566b204bf8c1403777a234b0ee34da09822680253

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
4cdc31dd8f28bd0f683c2517ac298077

SHA1
31a274a3e5ac413847de328ae13c29efd53d242c

SHA256
6c00432067d76c70073f5ca548304828fb3f0eb5604ee5d151c314af130a5a4d

SHA512
d6ee269f87b4fcc2c3ab9e030522c18fea8b8647d2ac9e839fc17930b93a4866c9714aca75e7ed925f4d12074175d6ac122ba3de22288971453c69920bfdd8ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
b91617348479d6f3803496a15d680427

SHA1
9d2952259288c12faa700f5e85adfb9cddcbfb1c

SHA256
23c0191610d4689e1534dd563bca4b071924c56a230a14de37e3ad81d1d045ed

SHA512
ace9e7379c2654fa4490727d5a3bdfc49a1d7eac42f1ffd455b80afef210484b2d3812169f5a08a4cab21fe6304f042ce284e044c9e699b5eefa899460d55346

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
24KB

MD5
403ade85e5841c597874d5d4a3dc12d0

SHA1
c5f44e48243795ca83be8c547f57dc7f00703b3b

SHA256
e765283d6a1eaead8b3c8f4eba6071b8b7c6fa23283831cd064f18eb66e8f046

SHA512
5fb6d7f8dbec4aeb7dd89595a1ba0cc809cb1a9bd5aa3ec1e399454e00850cd04f77cb1a0edfb3dafde7716cbd3d52e6288094115e57910dc3da3d1ac47411d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\9cb6c633-f9a1-4cbf-8309-434bf4d94ac5.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5088_7416716\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Windows\Installer\MSIEF23.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSIEF82.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSIF8FA.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
memory/1176-2809-0x0000029AAC310000-0x0000029AAC3C2000-memory.dmp

Filesize
712KB

Download
memory/1176-2803-0x0000029A919F0000-0x0000029A91A14000-memory.dmp

Filesize
144KB

Download
memory/1176-2806-0x0000029AAC250000-0x0000029AAC30A000-memory.dmp

Filesize
744KB

Download
memory/1176-2805-0x0000029AAC5E0000-0x0000029AACB1C000-memory.dmp

Filesize
5.2MB

Download
memory/3008-1-0x00000205151D0000-0x000002051529E000-memory.dmp

Filesize
824KB

Download
memory/3008-2387-0x000002052FAD0000-0x000002052FAE2000-memory.dmp

Filesize
72KB

Download
memory/3008-6-0x00007FFC6FD90000-0x00007FFC70852000-memory.dmp

Filesize
10.8MB

Download
memory/3008-2385-0x000002052F850000-0x000002052F85A000-memory.dmp

Filesize
40KB

Download
memory/3008-2-0x00007FFC6FD90000-0x00007FFC70852000-memory.dmp

Filesize
10.8MB

Download
memory/3008-2810-0x00007FFC6FD90000-0x00007FFC70852000-memory.dmp

Filesize
10.8MB

Download
memory/3008-0-0x00007FFC6FD93000-0x00007FFC6FD95000-memory.dmp

Filesize
8KB

Download
memory/3008-4-0x0000020530EB0000-0x0000020530ED2000-memory.dmp

Filesize
136KB

Download
memory/3008-5-0x00007FFC6FD93000-0x00007FFC6FD95000-memory.dmp

Filesize
8KB

Download