8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Analysis

max time kernel
210s
max time network
206s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
14-12-2024 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

9^/10

defense_evasion discovery evasion phishing themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Executes dropped EXE 5 IoCs

pid	Process
1240	Solara.exe
2624	Bootstrapper.exe
4092	node.exe
1064	Solara.exe
4564	node.exe

Loads dropped DLL 13 IoCs

pid	Process
3596	MsiExec.exe
3596	MsiExec.exe
3252	MsiExec.exe
3252	MsiExec.exe
3252	MsiExec.exe
3252	MsiExec.exe
3252	MsiExec.exe
3488	MsiExec.exe
3488	MsiExec.exe
3488	MsiExec.exe
3596	MsiExec.exe
1064	Solara.exe
1064	Solara.exe

Themida packer 11 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x000d00000002b8fb-3252.dat	themida
behavioral1/memory/1064-3264-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1064-3265-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1064-3266-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1064-3267-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1064-3372-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1064-3440-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1064-3463-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1064-3491-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1064-3510-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1064-3529-0x0000000180000000-0x000000018110B000-memory.dmp	themida

Unexpected DNS network traffic destination 15 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 3 IoCs

flow	pid	Process
10	3044	msiexec.exe
11	3044	msiexec.exe
12	3044	msiexec.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
13	pastebin.com
15	pastebin.com
168	pastebin.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1064	Solara.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\map-workspaces\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\pnpx.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\are-we-there-yet\lib\tracker-stream.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ansi-styles\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\diff\css.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\https-proxy-agent\dist\agent.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\package-json\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-install-checks\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minimatch\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\lib\util\hash-to-segments.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\lib\set-envs.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\clean-stack\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\asn1\obj.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\node_modules\minimatch\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\has\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\build\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\arborist\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-normalize-package-bin\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\minimatch\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\infer-owner\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\run-script\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmdiff\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\cert.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\ca\verify\sct.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\git\lib\is-clean.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\MSVSToolFile.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmfund\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\depd\History.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-whoami.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\humanize-ms\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ansi-styles\license	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\function-bind\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\utils\config.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\string-width\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\buffer\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-query.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\glob\sync.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\safe-buffer\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-collect\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-login.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\make-fetch-happen\lib\cache\policy.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\util\add-git-sha.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\util\params.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-dist-tag.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\logout.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\stream.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\queryable.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\agentkeepalive\lib\https_agent.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\tlog\format.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\classes\comparator.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\msvs.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-pick-manifest\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\star.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\http-proxy-agent\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\processor.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-unpublish.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\updater.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-audit-report\lib\reporters\install.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\encoding\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\abbrev\LICENSE	msiexec.exe

Drops file in Windows directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIE976.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA6ACA2857852EF9E.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF30F.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\Installer\e57e465.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFB5824D050E826585.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF1CF0B10DE8375D2F.TMP	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Installer\MSIF767.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI196A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e57e465.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE987.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF33E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF756.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF1E5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI156F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI165B.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE937.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1850.tmp	msiexec.exe
File created	C:\Windows\Installer\e57e469.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFBDDA150635E7BB0C.TMP	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Bootstrapper.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1476	msedgewebview2.exe
3288	msedgewebview2.exe
5592	msedgewebview2.exe
1384	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
1156	ipconfig.exe
4964	ipconfig.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133786325339132907"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 780031000000000047595c5f1100557365727300640009000400efbec5522d608e5902362e0000006c0500000000010000000000000000003a00000000007bf2870055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Solara.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\NodeSlot = "6"	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0 = 560031000000000047595c5f12004170704461746100400009000400efbe47595c5f8e5902362e00000060570200000001000000000000000000000000000000c14177004100700070004400610074006100000016000000	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0 = 4e003100000000008e595336100054656d7000003a0009000400efbe47595c5f8e5953362e0000007557020000000100000000000000000000000000000041f09500540065006d007000000014000000	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Solara.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Solara.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 50003100000000004759c366100041646d696e003c0009000400efbe47595c5f8e5902362e00000055570200000001000000000000000000000000000000e8fedd00410064006d0069006e00000014000000	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Solara.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Solara.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0 = 50003100000000004759c56110004c6f63616c003c0009000400efbe47595c5f8e5902362e00000074570200000001000000000000000000000000000000b86dc9004c006f00630061006c00000014000000	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Solara.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Solara.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0 = 56003100000000008e59083610007363726970747300400009000400efbe8e5908368e5908362e0000005fab020000001e000000000000000000000000000000e81888007300630072006900700074007300000016000000	Solara.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Solara.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0	Solara.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Bootstrapper.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2168	Bootstrapper.exe
2168	Bootstrapper.exe
3044	msiexec.exe
3044	msiexec.exe
1240	Solara.exe
2872	chrome.exe
2872	chrome.exe
2624	Bootstrapper.exe
2624	Bootstrapper.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
656	msedgewebview2.exe
656	msedgewebview2.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
5592	msedgewebview2.exe
5592	msedgewebview2.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
5736	chrome.exe
5736	chrome.exe
1064	Solara.exe
1064	Solara.exe
5736	chrome.exe
5736	chrome.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe
1064	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
3864	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3472	WMIC.exe
Token: SeSecurityPrivilege	3472	WMIC.exe
Token: SeTakeOwnershipPrivilege	3472	WMIC.exe
Token: SeLoadDriverPrivilege	3472	WMIC.exe
Token: SeSystemProfilePrivilege	3472	WMIC.exe
Token: SeSystemtimePrivilege	3472	WMIC.exe
Token: SeProfSingleProcessPrivilege	3472	WMIC.exe
Token: SeIncBasePriorityPrivilege	3472	WMIC.exe
Token: SeCreatePagefilePrivilege	3472	WMIC.exe
Token: SeBackupPrivilege	3472	WMIC.exe
Token: SeRestorePrivilege	3472	WMIC.exe
Token: SeShutdownPrivilege	3472	WMIC.exe
Token: SeDebugPrivilege	3472	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3472	WMIC.exe
Token: SeRemoteShutdownPrivilege	3472	WMIC.exe
Token: SeUndockPrivilege	3472	WMIC.exe
Token: SeManageVolumePrivilege	3472	WMIC.exe
Token: 33	3472	WMIC.exe
Token: 34	3472	WMIC.exe
Token: 35	3472	WMIC.exe
Token: 36	3472	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3472	WMIC.exe
Token: SeSecurityPrivilege	3472	WMIC.exe
Token: SeTakeOwnershipPrivilege	3472	WMIC.exe
Token: SeLoadDriverPrivilege	3472	WMIC.exe
Token: SeSystemProfilePrivilege	3472	WMIC.exe
Token: SeSystemtimePrivilege	3472	WMIC.exe
Token: SeProfSingleProcessPrivilege	3472	WMIC.exe
Token: SeIncBasePriorityPrivilege	3472	WMIC.exe
Token: SeCreatePagefilePrivilege	3472	WMIC.exe
Token: SeBackupPrivilege	3472	WMIC.exe
Token: SeRestorePrivilege	3472	WMIC.exe
Token: SeShutdownPrivilege	3472	WMIC.exe
Token: SeDebugPrivilege	3472	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3472	WMIC.exe
Token: SeRemoteShutdownPrivilege	3472	WMIC.exe
Token: SeUndockPrivilege	3472	WMIC.exe
Token: SeManageVolumePrivilege	3472	WMIC.exe
Token: 33	3472	WMIC.exe
Token: 34	3472	WMIC.exe
Token: 35	3472	WMIC.exe
Token: 36	3472	WMIC.exe
Token: SeDebugPrivilege	2168	Bootstrapper.exe
Token: SeShutdownPrivilege	1016	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1016	msiexec.exe
Token: SeSecurityPrivilege	3044	msiexec.exe
Token: SeCreateTokenPrivilege	1016	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1016	msiexec.exe
Token: SeLockMemoryPrivilege	1016	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1016	msiexec.exe
Token: SeMachineAccountPrivilege	1016	msiexec.exe
Token: SeTcbPrivilege	1016	msiexec.exe
Token: SeSecurityPrivilege	1016	msiexec.exe
Token: SeTakeOwnershipPrivilege	1016	msiexec.exe
Token: SeLoadDriverPrivilege	1016	msiexec.exe
Token: SeSystemProfilePrivilege	1016	msiexec.exe
Token: SeSystemtimePrivilege	1016	msiexec.exe
Token: SeProfSingleProcessPrivilege	1016	msiexec.exe
Token: SeIncBasePriorityPrivilege	1016	msiexec.exe
Token: SeCreatePagefilePrivilege	1016	msiexec.exe
Token: SeCreatePermanentPrivilege	1016	msiexec.exe
Token: SeBackupPrivilege	1016	msiexec.exe
Token: SeRestorePrivilege	1016	msiexec.exe
Token: SeShutdownPrivilege	1016	msiexec.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
3864	msedgewebview2.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4092	node.exe
4564	node.exe
1064	Solara.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 3824	2168	Bootstrapper.exe	78
PID 2168 wrote to memory of 3824	2168	Bootstrapper.exe	78
PID 3824 wrote to memory of 4964	3824	cmd.exe	80
PID 3824 wrote to memory of 4964	3824	cmd.exe	80
PID 2168 wrote to memory of 1776	2168	Bootstrapper.exe	81
PID 2168 wrote to memory of 1776	2168	Bootstrapper.exe	81
PID 1776 wrote to memory of 3472	1776	cmd.exe	83
PID 1776 wrote to memory of 3472	1776	cmd.exe	83
PID 2168 wrote to memory of 1016	2168	Bootstrapper.exe	85
PID 2168 wrote to memory of 1016	2168	Bootstrapper.exe	85
PID 3044 wrote to memory of 3596	3044	msiexec.exe	89
PID 3044 wrote to memory of 3596	3044	msiexec.exe	89
PID 3044 wrote to memory of 3252	3044	msiexec.exe	90
PID 3044 wrote to memory of 3252	3044	msiexec.exe	90
PID 3044 wrote to memory of 3252	3044	msiexec.exe	90
PID 3044 wrote to memory of 3488	3044	msiexec.exe	91
PID 3044 wrote to memory of 3488	3044	msiexec.exe	91
PID 3044 wrote to memory of 3488	3044	msiexec.exe	91
PID 3488 wrote to memory of 3964	3488	MsiExec.exe	92
PID 3488 wrote to memory of 3964	3488	MsiExec.exe	92
PID 3488 wrote to memory of 3964	3488	MsiExec.exe	92
PID 3964 wrote to memory of 3840	3964	wevtutil.exe	94
PID 3964 wrote to memory of 3840	3964	wevtutil.exe	94
PID 2168 wrote to memory of 1240	2168	Bootstrapper.exe	96
PID 2168 wrote to memory of 1240	2168	Bootstrapper.exe	96
PID 2872 wrote to memory of 4356	2872	chrome.exe	101
PID 2872 wrote to memory of 4356	2872	chrome.exe	101
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 2632	2872	chrome.exe	102
PID 2872 wrote to memory of 4988	2872	chrome.exe	103
PID 2872 wrote to memory of 4988	2872	chrome.exe	103
PID 2872 wrote to memory of 1060	2872	chrome.exe	104
PID 2872 wrote to memory of 1060	2872	chrome.exe	104
PID 2872 wrote to memory of 1060	2872	chrome.exe	104
PID 2872 wrote to memory of 1060	2872	chrome.exe	104
PID 2872 wrote to memory of 1060	2872	chrome.exe	104

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3824
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:4964
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1776
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3472
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1016
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1240

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 1E1A7B898B6A91FE0B73890F501C7348
  2⤵
  - Loads dropped DLL
  PID:3596
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding BFCA64B760244456FCE343B9C0E4A84C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3252
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C3DE338D2482E2B2E6A1997979E0A2BA E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3488
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3964
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:3840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbef01cc40,0x7ffbef01cc4c,0x7ffbef01cc58
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3768,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4660,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4696,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3456,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4432,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3776 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5452,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5576,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5896,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6048,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3436,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3372 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2284
- C:\Users\Admin\Downloads\Bootstrapper.exe
  "C:\Users\Admin\Downloads\Bootstrapper.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2624
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd" /c ipconfig /all
    3⤵
    PID:2016
  - - C:\Windows\system32\ipconfig.exe
      ipconfig /all
      4⤵
      Gathers network information
      PID:1156
- - C:\Program Files\nodejs\node.exe
    "node" -v
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4092
- - C:\ProgramData\Solara\Solara.exe
    "C:\ProgramData\Solara\Solara.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1064
  - - C:\Program Files\nodejs\node.exe
      "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 8d3121b26e61456e
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4564
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=1064.4088.8513295831214287003
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:3864
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x1d0,0x7ffbcec13cb8,0x7ffbcec13cc8,0x7ffbcec13cd8
        5⤵
        
        PID:2876
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1720,14697990084784998462,18109939920748415640,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1384
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1720,14697990084784998462,18109939920748415640,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2200 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:656
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1720,14697990084784998462,18109939920748415640,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2504 /prefetch:8
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1476
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1720,14697990084784998462,18109939920748415640,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:3288
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1720,14697990084784998462,18109939920748415640,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4208 /prefetch:8
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3460,i,8779106547768346607,11879999277210601835,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5736

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1988

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:684

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57e468.rbs

Filesize
1.0MB

MD5
7b164b9af142520a2c4c280bd41ec163

SHA1
33de9364e2c996a103ba00590ff98faf00bec194

SHA256
b3b449aa7d67c951750a5be0360848b1bfc5641170d0396366bec84f969df5ac

SHA512
f178352020511e5c22580fae4d5b58b0441e651f088b7152b8c326be79e8a06056b9c1940db24750f715574f01f104a01b30e0614148a19dbf7134e1c4b4436c

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
2a6686d512ee9ba8b75e0bce9a794770

SHA1
465e00320c74d4481a5e7e7242aaeb60d02e2fab

SHA256
5afa5bcab0d66f0dc65ccad359650730ace53dff1d891cd33a9f54aa43d34419

SHA512
ff44d6f3e7be06c98077a00854edb0ca122fc5c98c976f86787c7b003d224f62c1079412e7c5cdb36c2a6df0825dd17ccbffe44eb264fa63e3d1e44654af74b2

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\index.js

Filesize
6KB

MD5
0e709bfb5675ff0531c925b909b58008

SHA1
25a8634dd21c082d74a7dead157568b6a8fc9825

SHA256
ed94fd8980c043bad99599102291e3285323b99ce0eb5d424c00e3dea1a34e67

SHA512
35968412e6ed11ef5cd890520946167bcef2dc6166489759af8bb699f08256355708b1ab949cce034d6cc22ed79b242600c623121f2c572b396f0e96372740cd

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\body-parser\index.js

Filesize
2KB

MD5
b9e991c0e57c4d5adde68a2f4f063bc7

SHA1
0cb6b9eb7b310c37e5950bbcaf672943657c94b5

SHA256
9c6c900e7e85fb599c62d9b9e4dfd2ea2f61d119dce5ed69ac3a8da828819241

SHA512
3bbd31eed55c32435b01fe7356d39749e95f8f49222115ada841e751ad36227e6f427efdc4e8bad36d8ccd37c2e92c01fa67c24c23f52023df8c1e1be1a3b4f6

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\body-parser\package.json

Filesize
1KB

MD5
826bd4315438573ba1a6d88ae2a2aa65

SHA1
3e27986a947e7d10488739c9afb75f96b646c4c5

SHA256
0fd31ad69fdcf1e2a94530f9db9c93e96709b690393a14711643123f678ee956

SHA512
2e98ba8e57cb0950e45d20365d16e86ad94a60cfd4cf103b7d55dae02de677985d37c0f771e16ae0a628cb3b59adce8a9e1742cffc298f18cb7d935d72536e6d

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\depd\package.json

Filesize
1KB

MD5
7f0a9d228c79f0ee4b89fc6117f1c687

SHA1
3c10082c1464a6f589aa10cda88285e780ebf857

SHA256
5a3659bcc2e47b25ebf9f23f38eb9452a58920bfe4b59410bfa6fe84639a3b99

SHA512
7bdd7259bcb8d79aa41777f03d3a3f8a29b60c2d25104072edba9febeb813e12ef78d31573637702decddbaa97d8fec263bc413bd27dd660ded17d644458cbc2

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\index.js

Filesize
224B

MD5
866e37a4d9fb8799d5415d32ac413465

SHA1
3f41478fdab31acabab8fa1d26126483a141ffb6

SHA256
4d2f5afc192178c5b0dc418d2da5826d52a8b6998771b011aede7fdba9118140

SHA512
766d2e202dd5e520ac227e28e3c359cca183605c52b4e4c95c69825c929356cea772723a9af491a3662d3c26f7209e89cc3a7af76f75165c104492dc6728accc

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\lib\express.js

Filesize
2KB

MD5
d467bc485eddf6d38278bc6b1dc16389

SHA1
e233882de62eb095b3cae0b2956e8776e6af3d6a

SHA256
2f25585c03c3050779c8f5f00597f8653f4fb8a97448ef8ef8cb21e65ba4d15d

SHA512
2add66b4f2e8ce463449ca8f2eac19363844b6ab159a41b42163028c57f07a4245ebefe759a6f90e8685b5bd239c969fe99366eff89378cb8b92b8a703dacd61

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\package.json

Filesize
2KB

MD5
3b5b76b70b0a549dce72c5a02756d2a8

SHA1
07786baebb5c52882e28a8bd281c9a36d63dd116

SHA256
bdd67333ab62b0bfeb10ecbbb23936db57b743a3eec580a354591fdf63334859

SHA512
bb266dfa725421fb26d26fda0f45a5fa5cd832667b05f27ceaf4e7fc1e032aeea8700493cfdd2941c3c38cd166eee1000d2b9ae3ddef375714e25a2027a943a3

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\package.json

Filesize
53B

MD5
b9f2ca8a50d6d71642dd920c76a851e5

SHA1
8ca43e514f808364d0eb51e7a595e309a77fdfce

SHA256
f44555af79dfa01a68ae8325382293fc68cd6c61d1d4eb9b8f7a42c651c51cde

SHA512
81b6352bbabd0bffbc50bfcd0cd67dc3c2a7d63bda0bf12421410c0ec8047af549a4928b5c5c3e89ead99aa9240bddb461c618c49287c15d9d4d3a899e8f596a

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
3903a700171ecc28514dbfb052e38b07

SHA1
c3c9392dad9dc6dbf4a92b05ce9e3c6ea237c54f

SHA256
02c3db5eda16677cc795e30b03ff0d04a6ab23195d77a2157c41f6e4940bc8a2

SHA512
00846b2df5954e6ecfb82b2118153ae4e34c106f563a29c7d651765571da94c598a9905bb7dbe90a768f146b5fa4d5b9fdf4ba7a819f1701faec7d04f66dd594

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
f46ef16948de92c1eddc3ba74aa4f71c

SHA1
0f5ca379c8e9333472cb47a58e4fea223eaf168e

SHA256
8a4cf678acb7c8dda054f02aa81011eeb6c53599f7459a45856aaa482b2509d2

SHA512
e2149723eccfb4f5e13c89c5998fa21a7c0e05ee86c5f2d6eaf5ec2d3bb9b064eb6c5dbc5bcd6213276bd0a8fae41730df7a2854bbcb2e449d035fc8d0133156

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences~RFe5a97ad.TMP

Filesize
3KB

MD5
57d1595c1c3b84788af44b33a4d78294

SHA1
a58907c20c10403fa09737b3f437398d7159dd03

SHA256
e929f3be7dafb6b533c08aa27beb48bf4fa6fddad970d0ec1bcce0367c0ea11b

SHA512
1c97398bb1234510c80c1163d425ed7c7a86f7db37145aa9c640920ab879ed938db9f9919dd8e3d0d2947a1f42d399fb98bf78161745db498d38df8c01422374

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
8KB

MD5
d2852d831462f657347ef8cc17089ecf

SHA1
ad71496674ec0d988d55c55ff884704669fbd4eb

SHA256
ec36d2a160ce8f77799dcf692f4527e271e63aec903d3444ea07585467998441

SHA512
8662018690f40e8b9cdbbf913f1abca8ab5cda13a43f21109cddedd0bca72f72823e03f93e129effe5c10287e51c1aa767d5cd1890004da81a925265d0e1b4a3

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
8KB

MD5
fa13c78d3443e33ae0a9cd8463319b1c

SHA1
1b4d575f65b04a7a21003845cb79037d74c29953

SHA256
79a0c070273a1b2797a5637fcfd153107bde073cd8c2b471450635a8d086358a

SHA512
7bd08bcee5f70d6bb7789212658952d26027901e0eaf8951fd7536f451208e3ac58ef4d07c5ebb8c97c13aa6741e243fcfc97e1a8acbd75db2896fc88410eee8

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe5a4864.TMP

Filesize
8KB

MD5
53670d960599cb02665f6f314d36fe9f

SHA1
d5aa2b261c0daec5a85c890a5352e866b15d33e9

SHA256
e28177399d971b01ec1b148f06fa13dc2a21fe14d7ea67ad8bd5167792f4104e

SHA512
fa0ff49ee61b075846cb734745f6010e35987f0bbea8ac6abe49290893c124f84337ae2b80e04cdfbf642846cd3bc8e21abef5ae1d92127c8c41f81c2d4ab0d5

Download Submit
C:\ProgramData\Solara\SolaraV3.dll

Filesize
6.6MB

MD5
3daecb906d45a7625d3cc10e5a4855d9

SHA1
4937a978edc76203bc779146f371b89c4a5a6e7b

SHA256
b91b1be84411aa19d13a56a0621f451bf7593105bff48d5c177db900e5a20f3a

SHA512
e913306d8634a2e0202cbbedfe2b7545dc4f5476c5b1ceb62056424534fe1582dc22220b07de4a54125701007a13a424d30e57934da92e6cf80b361253108e4d

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\ProgramData\Solara\bin\version.txt

Filesize
5B

MD5
37aa1f84af14327f56844e2a6e046b8e

SHA1
4ab41557ec631ee3866c62a76f31339f95da5c40

SHA256
800febbfd5e51c2df3529c3dbd5ac3216cb3485be40ec10c9f9168382c4bfcd9

SHA512
ef7237d3f954790262bd73f129fda3db2fa7c3b4f9eb827d46d38a033c3198ed1e4921374a9d66a523de7d13bc5754e462b69dab93d7e62827453b0d813ba7de

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
544befa6ddc62d6908118e1511746fad

SHA1
66980c327a511712d1e76b9836fa4af119b5c88c

SHA256
267f52746f12d66a5cb7219000a014374a640176aa29d6c20c8977f2832ea0d7

SHA512
a0c558fed79ad18d4b3231a72f661f59664dffae8a04082f6128c93a152e87d39599ac6f37b5b244534e9dfb2a1609d56997cbc55d4094dfba4641bf6be65a90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6371412700ee167e509080a0c06d15f1

SHA1
98b4537e0032602896f56bca95dcd9124807cd20

SHA256
cb8d476ebe42a7f7f9daae44019b3a9db79b12c85b8abc249d47bc159769f2ad

SHA512
dd1f67a4b2fc8ada19c1c35854a67aaad5d98b2abb7875f5478c56b2d007007a7154111c246b043757fd42075b9876ae04fd9ee813028ead275b9de114d64139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ba276ef380e4c8a280ddd6077973ac30

SHA1
3ae7068776937fc1f45d72de487c225cf6654b65

SHA256
4c81c5068a306a030f68bb96e32dfdb1a181a6642acd0958fe0423c409a024be

SHA512
11a6e1743e7078175455d12bd015260a24b6c0be19dec47ea908ce3f7d8310e05a51850117d1475d1f7cf6e44c976737916fdb9aca3cb1eb38bff36b625eba23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
294a6e6d3795bea8ff17e7a88c8b30ce

SHA1
07c640c49107adb7851933f7ce006f1013a75ee6

SHA256
86795e80e6aa61693e046c5e6481cfd10a1bd7359cdf44aea3ddef0f2b995955

SHA512
d734e06c3b440181d77b0e2c2167954fbf4b7ab5d522d35b12164d24d9b47d2aa89df5d39bed0c2e8dd009316a15a2c09e947deefe748f5541f31df33732e2ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
225f49127c05f79b596fc65c39d79ce4

SHA1
4d8359f850afa96fe811893065754403b62a8de2

SHA256
677b8018cb7ba812b20da8cef2ecae672f80856f040a8aaedfc1a22b672f3162

SHA512
f008ad369b4e4a139143edf22a6cefbbd94c8c221b74fd6444e79a86e5c5b6dc2f7b15dcd133a1488ae5048f86945ffc624ce203cda578f0e26d7d6505be39c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b64b8d9ea6e2b740a16ea0cd4b834d33

SHA1
b6c88a621c89661347fb18e9ce5a7820ecf75fcf

SHA256
b4542f09dd27d38f3ddce0fa2992e5845d298680daa52dba9b4c498b024063ec

SHA512
aeb735e690b7a918d2692be1a02419d742afb8f4335e3c99702d4de05df73f78ff326d1799a69f0794b79d92498e7281def94d8946c1abdc06c4660886fe2e18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
59aa6c36ad5d0d49c04a540cc011ca2e

SHA1
0dfbcb9af5d62121487967eeee297c426f2c8966

SHA256
ead0918609ebbe0a9740e5dfe281ec8aadf0cd66c6701c3e5a018765c2dacc5e

SHA512
725d4ece418e87578261fbad5f9460cb0a5e74da8e343a2cbb951923aa611acc1ac010eefa6d70562d5a5511822868e9992fcddf734867f5c1f479208437307e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c2525205cdfb16319633a228e489e057

SHA1
a056a910235aed0a7c2023a927e6a8dd5f6e300d

SHA256
2dd2dead15e153b3f799a6f18704810bd50a1e296d4894866887c9745da17d0b

SHA512
1270aef0ab2a0c2a67e66d88dc4fb8759bd900aa145b98fbd1dc6707f67174a0eccf43d16e3a4bd6cf80b89168d0bea55ab1ff9b03ce0afd022f9420ae5ffa54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
03031575fc243af0465b85a7be98d035

SHA1
6425091058c794864475d5e89accbea07c402b99

SHA256
443f035724807b8a99646aa3d4145b3b0ab595a7fce556e2de5f09f6d93ca15b

SHA512
7672e1c1aba24dc6931e9d283d7c3ce4e59aed4d3a663647e8c768176642e75096d82c46ae958bb5c2b612c83acc81d266d00f4a48b27a47d6e2ea06b01f2581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
05b2379e6a7ac400fa7f3520a97fb3b4

SHA1
913feadcd3aa7585fc0f2b1837a79793a602ea5d

SHA256
b6ed088a347e6fd5de09e33c2292d44bbb2d05fdebead5d3252470c7325068b8

SHA512
398221d57c2d730ef2b1def8aa898ea02ca7fb5a147554e12c48492a27baeb73eb7767e6bbd41ff8a97b3faadaf8e6ca4964656576c7e67544711e8d505473e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b8abf86ceb2cc5ebb69c8f9d45f8986

SHA1
ea835ce3da45c63774af71269d0b314d12c8f249

SHA256
117632e152d91f6eb5d498583b41ed396206bdf1e546e2132505be801cb0eeaa

SHA512
01de5d37232422b7e87b5dab9978fbacaab8fd5ea19b232fc782119cd537ee28c6170b2e74ec0aad8f870e85eb614e40e30a80b5dfa4a9b8fc9006589f32f71d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
009ab274571de422dce8d97719993cac

SHA1
69e86349ef01d5866c2ac42b549e1b9c16d071fc

SHA256
f7e21254507feb93fb0388ad28b810437321c9a8ae4d3474d01dbdbcf2527c86

SHA512
3171c2f46a557edca763887e25f4d3c8c7feb6f7bd72400b01b3541a2d80092ecf372529eccc4a1f3894ccfa37de84898a76c18ea86f15dd6a0913fc84e2a9f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b096dacd205d9a458b62e92014a48e1

SHA1
773ab80e457043fc17941bc1422d1c7fc6b71e34

SHA256
b485785a1c0cdd582a7b5142c6ef43f994fcea7447d830760434258422af4e00

SHA512
e474a157e7d56fba8aa8f04f96b194fa08b4b4a0b13f2282cadf86f6dcff4a54f0e31af0ec17777a0014bb77c838e03aa71bdbbc5d075f2d82711eef842d0aa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c1dd71d50b9d17b951d90e9ac34c3012

SHA1
7a79fea66c01c43a6a687a2f5e2e7c23ba6c9a68

SHA256
e4932850317ca154000fcb30832734523184a0ba417906ebe37dee2eeccd5f66

SHA512
92dbb743e8703c2a367aac40da115a2164cf60d9b7c8de8354fb66bcd48aeab577701e6c7843654dd25d016929d99d73e94e7bf54057fa1146cba75940fd4ca6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c901533106471b92ba783bbaa642e5a

SHA1
cc973bb212f38bf891f1f8b3e69b44743a8e7963

SHA256
5916801237ce6dab21a6e09867138bfab54bc3a718b9edfefd3464c62df13a88

SHA512
86e5b56d8066064ebcf3a24c06bc4db8eab6f8225a9aa8ec292106c8a0ffb8b06a41de1968b0f6bf692fde8d5e8c9819c3e610148fe2033b8dca6ed4a0a6e26b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d72c782ca81837527c50296fb933d94d

SHA1
a809d571ec0826670f91e9b8eb62512a9a8566bd

SHA256
d53c7dea493b8187515ec54befbae4fffa40524d21775b7e9b3b64a5a1090d33

SHA512
4d3574f3ed1a2b0ed70ffbe68a212984a58b2966ef972dca0daa6ca6c871e045ecf22370c1c3746671be5c96851232a1a1437fa086432db96bb1437d5fc514c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
28d46af0fac459ce95661d110cc76aa2

SHA1
45c0b77bf13195801ee075a14d8af1dfd1233fb8

SHA256
abde3d5f2c77be2ec2e4b57c8bc7e6caccf89288db2cba2b3db6df6c02af5b69

SHA512
fb05f1be1441908c7cdfee7157e2d430d665aa9c38bbf897e9d24824d154315c1a695d55b58a68688baaac635fb51acec523b5824f0850802189e2b0e31f9914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cacf6cb7c576c8521f7631fa589b2569

SHA1
1275d9bcb0173ea80efd6321ef93729a42afc0d0

SHA256
e1e6812781f4c9cbf03993d8320886175df9b1fee54305823251ac9e4d949a3e

SHA512
5c30b6a443d26420779f0dfee81a302ca9e75b0f96dbd023069bd5de2239bf0ecf62342a4ca97a32eb70fbf7118a770f994344b54eb2ab6916afa5d1d7921613

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e14ee026e6a0ad933146f81d68d1406b

SHA1
02badac528dccc79c0b6f6748b54fc96d0b4583a

SHA256
32a12126fc3b3c464a4dc82c9f6ba3bb379d2c7ccbe17bc6c41cd2b630f94ae2

SHA512
e22628a6d132c38393c216ac581cf1db7f4dbd93c124d3c0246155093165d702c1c5346ccc62a66f4c6c2a2df236ac1dc6976cb040484701db68d10a61efb1fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
53c2c9c454821a294e08e9ad654b8d62

SHA1
f68b45c675af6efaa784efa85451876fbed6f839

SHA256
9c860e83c12c9814042873815e656e0b28792890d9ac404ae64bbecf6cd5439f

SHA512
fa3b94248a566ab19d372ef9d4b1b5344885ac62276e7f0fedfdb793910985ab09dc9e95f7eb77c5d1651c215fd1e5cfb7ad60eeeca2c967fc406e597fab16f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
439282db285a5891ed54a4365a543725

SHA1
964465a0ddcc376f8c7a865d558cbce6b566b957

SHA256
e8193035f2b10a8a31d3f6d35766f83c3a23055aa410edd39eb9871c8cfcef3f

SHA512
e5c77f453a3032f1c12996fa7e99c9e2e2c752a588175f054802e7d623b24d98787c844be1b2deda8ec42f591eb05b71d80cb75443b7463336f9d12692d5fb56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
d74118977631bc7a0278793a6bd44652

SHA1
3398815082b82216a436391d6715768ff7212e1c

SHA256
56a94025d22e07848dafe4275f70e34e8718d9cc9d80ef1ceef614839142bcba

SHA512
5d337bd6f6853951587e0407c169c19ebbadb94b29980a5e7de6e238be05095e3037705c981b5615945fc9adb188d637bb89767112b0ecdd06bd2d1a8bfabaa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
2f528d149453bcb08ab8d2b240658320

SHA1
13044b6cca21af8ad1fedbef175465ac178af852

SHA256
78caa9269c45cc348b1326ffbe7d5748197ef3c2e5118f7ceb6a04b33d075b1f

SHA512
00c90c47d6f19d7165801b444e3a25900617bab7d6b35f73b09a49c83900343f33cc05276025d427b49f04d51006e527b4a47987ecbbd616a8c7cca994e40a61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
c7591bc12996670fae9acc0b5c5a20ba

SHA1
5decfe1e379a265a8718e7cbcee2f0de1e1be59c

SHA256
09c9b6c2afe918008e7ab052f8870e292a096b94795f8005465d167dac2e4417

SHA512
3245d1a2d3b08fbb2b9db8b8f9f30a44bfb0ed121d018288c08ca2cd2bd9166d7fb20134aba1915bcaa221ed77571769e8a16649f906a55a6d5ab9a09951f168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
1279b44ec9432cfc9a2db5a8a9276dc3

SHA1
5979c3719086c155eeb6d9315dced2eddf60702f

SHA256
d5b3761da60f20aaf8482e763430245080d3a7f4fbfa477b9e9e7a8f50c67915

SHA512
0800717ad1687edb2d7a4a529998f7c7f153a80a86cb31f0f55455e91e1950cb64ff087211dcee5afac019c91329d4f49dfefd1e19f9036d5f161af4742c31d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Bootstrapper.exe.log

Filesize
1KB

MD5
b9aa6d2ae7fda3d4487a6b9d0b40c3da

SHA1
3d17d741be40d1b10e2c984c2fd4573c371ddc4d

SHA256
dcbcdbab49c35e623c96dd82e13a2bfcb434dbfd511c1451f8c8bb5d4efb7d0a

SHA512
c387d9bebe8a74f8129eacc8c53393e7c12bfd48966204c574f5c8d971b490a1f48c65643c71fed02fb8568033fe789b527c44d15be951cc274bfbf812e3d0f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\Downloads\Bootstrapper.exe

Filesize
800KB

MD5
02c70d9d6696950c198db93b7f6a835e

SHA1
30231a467a49cc37768eea0f55f4bea1cbfb48e2

SHA256
8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

SHA512
431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb

Download Submit
C:\Users\Admin\Downloads\Bootstrapper.exe:Zone.Identifier

Filesize
62B

MD5
ab5ae4c6aede1dbf44ae8e0aa7a933dc

SHA1
2279aa17a3fd6f112c74b38b0fe9e9ac0352074e

SHA256
212f021f74e1be6b5ea9dd7d46ede1ffa2d234d7b2486b4cacdb0df4b3588cdf

SHA512
52071cbd2cf8c9f990c42f52087895241d346bf782274c0d4db13f413d1fd6d5b47dc6507224b781a3afb27c69ee4349ea7251d28df0635abdc2a1d6f5382c56

Download Submit
C:\Windows\Installer\MSIE937.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSIE987.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSIF30F.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
memory/1064-3279-0x00000277BE3F0000-0x00000277BE480000-memory.dmp

Filesize
576KB

Download
memory/1064-3267-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1064-3282-0x00000277C1760000-0x00000277C1798000-memory.dmp

Filesize
224KB

Download
memory/1064-3283-0x00000277C1730000-0x00000277C173E000-memory.dmp

Filesize
56KB

Download
memory/1064-3529-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1064-3510-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1064-3278-0x00000277BD7C0000-0x00000277BD7D0000-memory.dmp

Filesize
64KB

Download
memory/1064-3463-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1064-3372-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1064-3266-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1064-3265-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1064-3440-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1064-3264-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1064-3280-0x00000277BE3C0000-0x00000277BE3C8000-memory.dmp

Filesize
32KB

Download
memory/1064-3491-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1240-2809-0x00000203DBEC0000-0x00000203DBF72000-memory.dmp

Filesize
712KB

Download
memory/1240-2804-0x00000203DC280000-0x00000203DC7BC000-memory.dmp

Filesize
5.2MB

Download
memory/1240-2806-0x00000203DBE00000-0x00000203DBEBA000-memory.dmp

Filesize
744KB

Download
memory/1240-2802-0x00000203C15A0000-0x00000203C15C4000-memory.dmp

Filesize
144KB

Download
memory/1384-3296-0x00007FFBFCBA0000-0x00007FFBFCBA1000-memory.dmp

Filesize
4KB

Download
memory/2168-2386-0x0000024BB7BD0000-0x0000024BB7BE2000-memory.dmp

Filesize
72KB

Download
memory/2168-2384-0x0000024BB9B00000-0x0000024BB9B0A000-memory.dmp

Filesize
40KB

Download
memory/2168-2807-0x00007FFBDD050000-0x00007FFBDDB12000-memory.dmp

Filesize
10.8MB

Download
memory/2168-31-0x00007FFBDD050000-0x00007FFBDDB12000-memory.dmp

Filesize
10.8MB

Download
memory/2168-4-0x0000024BB99E0000-0x0000024BB9A02000-memory.dmp

Filesize
136KB

Download
memory/2168-2-0x00007FFBDD050000-0x00007FFBDDB12000-memory.dmp

Filesize
10.8MB

Download
memory/2168-1-0x00007FFBDD053000-0x00007FFBDD055000-memory.dmp

Filesize
8KB

Download
memory/2168-0-0x0000024B9D290000-0x0000024B9D35E000-memory.dmp

Filesize
824KB

Download