8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Resubmissions

15-12-2024 20:39

241215-zffrpaxrap 9

15-12-2024 20:27

241215-y8hlbawkez 7

Analysis

max time kernel
464s
max time network
456s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-12-2024 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

9^/10

discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	Bootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	Bootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	Bootstrapper.exe

Executes dropped EXE 9 IoCs

pid	Process
4884	Solara.exe
4496	Bootstrapper.exe
4236	node.exe
848	Solara.exe
2608	node.exe
2876	Bootstrapper.exe
2228	node.exe
4252	Solara.exe
4768	node.exe

Loads dropped DLL 15 IoCs

pid	Process
4200	MsiExec.exe
4200	MsiExec.exe
4840	MsiExec.exe
4840	MsiExec.exe
4840	MsiExec.exe
4840	MsiExec.exe
4840	MsiExec.exe
2776	MsiExec.exe
2776	MsiExec.exe
2776	MsiExec.exe
4200	MsiExec.exe
848	Solara.exe
848	Solara.exe
4252	Solara.exe
4252	Solara.exe

Themida packer 26 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/848-3634-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/848-3635-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/848-3636-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/848-3637-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/848-3645-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/848-3646-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3650-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3649-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3648-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3651-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3652-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3653-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3655-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3656-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3657-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3658-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3659-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3660-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3661-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3662-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3663-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3664-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3665-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3666-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3667-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral2/memory/4252-3668-0x0000000180000000-0x000000018110B000-memory.dmp	themida

Unexpected DNS network traffic destination 56 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 2 IoCs

flow	pid	Process
41	1888	msiexec.exe
43	1888	msiexec.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
76	pastebin.com
341	pastebin.com
342	pastebin.com
343	pastebin.com
364	pastebin.com
75	pastebin.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
196	api.ipify.org
194	api.ipify.org

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
848	Solara.exe
4252	Solara.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\mute-stream\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\events\events.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\clone\clone.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\audit.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\bin-target.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\promise-call-limit\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-help.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\ranges\intersects.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\emacs\testdata\media.gyp	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cli-table3\src\debug.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\timers.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\dep-valid.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\models\role.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\fix-bin.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\json-parse-even-better-errors\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\_stream_duplex.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\@npmcli\fs\lib\errors.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-link.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\function-bind\implementation.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cli-columns\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\patch.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\internal\streams\compose.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-stars.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@isaacs\string-locale-compare\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\test_gyp.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\events\tests\symbols.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tiny-relative-date\src\factory.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\error.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\installed-package-contents\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@colors\colors\lib\system\supports-colors.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\make-fetch-happen\lib\cache\policy.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\p-map\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\has-flag\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\readable-stream\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\pretty_gyp.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\AUTHORS	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\data\win\large-pdb-shim.cc	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\infer-owner\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\lib\verify.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\git\lib\revs.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\arborist\load-workspaces.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\easy_xml_test.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\yarn	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ignore-walk\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ini\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\install-ci-test.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\base-command.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-uninstall.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\utils\guard.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\internal\streams\duplex.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\get-workspace-nodes.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\valid.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\delegates\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-publish.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\columnify\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\readable-stream\CONTRIBUTING.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\sigstore_verification.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@colors\colors\lib\styles.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\sbcs-data.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\build\client\socksclient.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\ranges\min-satisfying.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\pnpm	msiexec.exe

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e57c525.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID662.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICF69.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID642.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF313.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICB5F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICB8F.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF391.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF547.tmp	msiexec.exe
File created	C:\Windows\Installer\e57c529.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57c525.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICB20.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID0E1.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID101.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF875.tmp	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 3 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
1188	ipconfig.exe
4792	ipconfig.exe
5032	ipconfig.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133787688722187072"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Solara.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0 = 50003100000000008f593aa510004c6f63616c003c0009000400efbe4759f1498f593ca52e00000083e101000000010000000000000000000000000000006a4f65004c006f00630061006c00000014000000	Solara.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0 = 4e003100000000008f597da5100054656d7000003a0009000400efbe4759f1498f597da52e00000084e1010000000100000000000000000000000000000052272801540065006d007000000014000000	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0 = 56003100000000008f59fba410007363726970747300400009000400efbe8f59fba48f59fba42e0000006c3b020000000a0000000000000000000000000000007b9e8b007300630072006900700074007300000016000000	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\NodeSlot = "3"	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	Solara.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Solara.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0 = 56003100000000004759f14912004170704461746100400009000400efbe4759f1498f59f4a42e00000070e10100000001000000000000000000000000000000f44609014100700070004400610074006100000016000000	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Solara.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	Solara.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3756129449-3121373848-4276368241-1000\{0D712BB2-FAFB-4838-A3E2-D5CC7B6D203B}	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 50003100000000004759684f100041646d696e003c0009000400efbe4759f1498f59f4a42e00000065e101000000010000000000000000000000000000000a622900410064006d0069006e00000014000000	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Solara.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3760	Bootstrapper.exe
3760	Bootstrapper.exe
1888	msiexec.exe
1888	msiexec.exe
4884	Solara.exe
3516	chrome.exe
3516	chrome.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
3656	chrome.exe
3656	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
4496	Bootstrapper.exe
4496	Bootstrapper.exe
848	Solara.exe
848	Solara.exe
848	Solara.exe
848	Solara.exe
848	Solara.exe
848	Solara.exe
848	Solara.exe
848	Solara.exe
848	Solara.exe
848	Solara.exe
848	Solara.exe
848	Solara.exe
848	Solara.exe
848	Solara.exe
848	Solara.exe
848	Solara.exe
848	Solara.exe
2876	Bootstrapper.exe
2876	Bootstrapper.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe
4252	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1168	WMIC.exe
Token: SeSecurityPrivilege	1168	WMIC.exe
Token: SeTakeOwnershipPrivilege	1168	WMIC.exe
Token: SeLoadDriverPrivilege	1168	WMIC.exe
Token: SeSystemProfilePrivilege	1168	WMIC.exe
Token: SeSystemtimePrivilege	1168	WMIC.exe
Token: SeProfSingleProcessPrivilege	1168	WMIC.exe
Token: SeIncBasePriorityPrivilege	1168	WMIC.exe
Token: SeCreatePagefilePrivilege	1168	WMIC.exe
Token: SeBackupPrivilege	1168	WMIC.exe
Token: SeRestorePrivilege	1168	WMIC.exe
Token: SeShutdownPrivilege	1168	WMIC.exe
Token: SeDebugPrivilege	1168	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1168	WMIC.exe
Token: SeRemoteShutdownPrivilege	1168	WMIC.exe
Token: SeUndockPrivilege	1168	WMIC.exe
Token: SeManageVolumePrivilege	1168	WMIC.exe
Token: 33	1168	WMIC.exe
Token: 34	1168	WMIC.exe
Token: 35	1168	WMIC.exe
Token: 36	1168	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1168	WMIC.exe
Token: SeSecurityPrivilege	1168	WMIC.exe
Token: SeTakeOwnershipPrivilege	1168	WMIC.exe
Token: SeLoadDriverPrivilege	1168	WMIC.exe
Token: SeSystemProfilePrivilege	1168	WMIC.exe
Token: SeSystemtimePrivilege	1168	WMIC.exe
Token: SeProfSingleProcessPrivilege	1168	WMIC.exe
Token: SeIncBasePriorityPrivilege	1168	WMIC.exe
Token: SeCreatePagefilePrivilege	1168	WMIC.exe
Token: SeBackupPrivilege	1168	WMIC.exe
Token: SeRestorePrivilege	1168	WMIC.exe
Token: SeShutdownPrivilege	1168	WMIC.exe
Token: SeDebugPrivilege	1168	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1168	WMIC.exe
Token: SeRemoteShutdownPrivilege	1168	WMIC.exe
Token: SeUndockPrivilege	1168	WMIC.exe
Token: SeManageVolumePrivilege	1168	WMIC.exe
Token: 33	1168	WMIC.exe
Token: 34	1168	WMIC.exe
Token: 35	1168	WMIC.exe
Token: 36	1168	WMIC.exe
Token: SeDebugPrivilege	3760	Bootstrapper.exe
Token: SeShutdownPrivilege	5112	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5112	msiexec.exe
Token: SeSecurityPrivilege	1888	msiexec.exe
Token: SeCreateTokenPrivilege	5112	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	5112	msiexec.exe
Token: SeLockMemoryPrivilege	5112	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5112	msiexec.exe
Token: SeMachineAccountPrivilege	5112	msiexec.exe
Token: SeTcbPrivilege	5112	msiexec.exe
Token: SeSecurityPrivilege	5112	msiexec.exe
Token: SeTakeOwnershipPrivilege	5112	msiexec.exe
Token: SeLoadDriverPrivilege	5112	msiexec.exe
Token: SeSystemProfilePrivilege	5112	msiexec.exe
Token: SeSystemtimePrivilege	5112	msiexec.exe
Token: SeProfSingleProcessPrivilege	5112	msiexec.exe
Token: SeIncBasePriorityPrivilege	5112	msiexec.exe
Token: SeCreatePagefilePrivilege	5112	msiexec.exe
Token: SeCreatePermanentPrivilege	5112	msiexec.exe
Token: SeBackupPrivilege	5112	msiexec.exe
Token: SeRestorePrivilege	5112	msiexec.exe
Token: SeShutdownPrivilege	5112	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
3656	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
1784	taskmgr.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2228	node.exe
4768	node.exe
4252	Solara.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3760 wrote to memory of 1492	3760	Bootstrapper.exe	85
PID 3760 wrote to memory of 1492	3760	Bootstrapper.exe	85
PID 1492 wrote to memory of 1188	1492	cmd.exe	87
PID 1492 wrote to memory of 1188	1492	cmd.exe	87
PID 3760 wrote to memory of 1444	3760	Bootstrapper.exe	88
PID 3760 wrote to memory of 1444	3760	Bootstrapper.exe	88
PID 1444 wrote to memory of 1168	1444	cmd.exe	90
PID 1444 wrote to memory of 1168	1444	cmd.exe	90
PID 3760 wrote to memory of 5112	3760	Bootstrapper.exe	98
PID 3760 wrote to memory of 5112	3760	Bootstrapper.exe	98
PID 1888 wrote to memory of 4200	1888	msiexec.exe	101
PID 1888 wrote to memory of 4200	1888	msiexec.exe	101
PID 1888 wrote to memory of 4840	1888	msiexec.exe	102
PID 1888 wrote to memory of 4840	1888	msiexec.exe	102
PID 1888 wrote to memory of 4840	1888	msiexec.exe	102
PID 1888 wrote to memory of 2776	1888	msiexec.exe	105
PID 1888 wrote to memory of 2776	1888	msiexec.exe	105
PID 1888 wrote to memory of 2776	1888	msiexec.exe	105
PID 2776 wrote to memory of 1980	2776	MsiExec.exe	106
PID 2776 wrote to memory of 1980	2776	MsiExec.exe	106
PID 2776 wrote to memory of 1980	2776	MsiExec.exe	106
PID 1980 wrote to memory of 2348	1980	wevtutil.exe	108
PID 1980 wrote to memory of 2348	1980	wevtutil.exe	108
PID 3760 wrote to memory of 4884	3760	Bootstrapper.exe	111
PID 3760 wrote to memory of 4884	3760	Bootstrapper.exe	111
PID 3516 wrote to memory of 1928	3516	chrome.exe	116
PID 3516 wrote to memory of 1928	3516	chrome.exe	116
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 3708	3516	chrome.exe	117
PID 3516 wrote to memory of 4936	3516	chrome.exe	118
PID 3516 wrote to memory of 4936	3516	chrome.exe	118
PID 3516 wrote to memory of 1300	3516	chrome.exe	119
PID 3516 wrote to memory of 1300	3516	chrome.exe	119
PID 3516 wrote to memory of 1300	3516	chrome.exe	119
PID 3516 wrote to memory of 1300	3516	chrome.exe	119
PID 3516 wrote to memory of 1300	3516	chrome.exe	119

cURL User-Agent 13 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	368	curl/8.9.1-DEV
HTTP User-Agent header	369	curl/8.9.1-DEV
HTTP User-Agent header	345	curl/8.9.1-DEV
HTTP User-Agent header	350	curl/8.9.1-DEV
HTTP User-Agent header	353	curl/8.9.1-DEV
HTTP User-Agent header	354	curl/8.9.1-DEV
HTTP User-Agent header	366	curl/8.9.1-DEV
HTTP User-Agent header	367	curl/8.9.1-DEV
HTTP User-Agent header	351	curl/8.9.1-DEV
HTTP User-Agent header	355	curl/8.9.1-DEV
HTTP User-Agent header	370	curl/8.9.1-DEV
HTTP User-Agent header	371	curl/8.9.1-DEV
HTTP User-Agent header	383	curl/8.9.1-DEV

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3760
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1492
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:1188
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1444
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1168
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5112
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4884

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 59E4627011D9F679177F5E61A0F9BD6E
  2⤵
  - Loads dropped DLL
  PID:4200
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding BD2DF35AD5093B4646D51612FEEA5691
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4840
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 0C309A4EF13E70B4E5EC6DD0BF3C95A0 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1980
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:2348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbbcb5cc40,0x7ffbbcb5cc4c,0x7ffbbcb5cc58
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1752,i,13449237133522509943,258845155475491999,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,13449237133522509943,258845155475491999,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,13449237133522509943,258845155475491999,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,13449237133522509943,258845155475491999,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,13449237133522509943,258845155475491999,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,13449237133522509943,258845155475491999,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,13449237133522509943,258845155475491999,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,13449237133522509943,258845155475491999,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4760,i,13449237133522509943,258845155475491999,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:4512

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2200

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3988

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbbcb5cc40,0x7ffbbcb5cc4c,0x7ffbbcb5cc58
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=1968 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4608,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4732,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3480,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=3136 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4492,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=4500 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4372,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4876,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5460,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5388,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5432,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4552,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5468,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5308,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5892,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5840,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1108,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6128,i,1683564554008313091,4309711388198887674,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:2700
- C:\Users\Admin\Downloads\Bootstrapper.exe
  "C:\Users\Admin\Downloads\Bootstrapper.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4496
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd" /c ipconfig /all
    3⤵
    PID:2120
  - - C:\Windows\system32\ipconfig.exe
      ipconfig /all
      4⤵
      Gathers network information
      PID:4792
- - C:\Program Files\nodejs\node.exe
    "node" -v
    3⤵
    - Executes dropped EXE
    PID:4236
- - C:\ProgramData\Solara\Solara.exe
    "C:\ProgramData\Solara\Solara.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    PID:848
  - - C:\Program Files\nodejs\node.exe
      "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 389ae1a7e8a943af
      4⤵
      Executes dropped EXE
      PID:2608

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1580

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3428

C:\Users\Admin\Downloads\Bootstrapper.exe
"C:\Users\Admin\Downloads\Bootstrapper.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2876
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  PID:4356
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:5032
- C:\Program Files\nodejs\node.exe
  "node" -v
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2228
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4252
- - C:\Program Files\nodejs\node.exe
    "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 566496a5fe5b4153
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57c528.rbs

Filesize
1.0MB

MD5
285b1eab66080c1c05e971b14b6d7123

SHA1
8eb8e4ab220157f76e989530a5b38bebfe5cb426

SHA256
5ea886b8bf29671632c1ef941f5a203a75030f3d65260e21a05bc6d5c898b1c1

SHA512
91e03d9363597823e3080af9f34b10d16a7680144139f7e68f0e97739ccec43d0a99a125957bade04b83aa79d3889d184759a393a881c60c0e756e2ab1aca4e7

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
db9149f34c6cfa44d2668a52f26b5b7f

SHA1
f8cd86ce3eed8a75ff72c1e96e815a9031856ae7

SHA256
632789cdfa972eec9efe17d8e2981c0298cf6bd5a7e5dad3cbdcf7bb30f2e47f

SHA512
169b56304747417e0afe6263dd16415d3a64fff1b5318cd4a919005abe49ca213537e85a2f2d2291ea9dc9a48ea31c001e8e09e24f25304ae3c2cfefad715ce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
23a4541e3e6c40c3a887a7857c3c08df

SHA1
3eeb57fa7da7e121e457aa07d3c22c0bc4cfe37e

SHA256
07462a98070d10c4e856b5f8285f5a74514b80fbf08a4db7e256c75573492698

SHA512
0159e285f59fa849bd1fa35ac89bdca2b286854dd163953e9c31ba3362be3d1fb52c7ba615b0665703a46c94202c8f8acd63f58c8620468a4b288eaa44210a63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
6e19381f2b49a7d72ba3f3e6fe0cf59a

SHA1
2c83a5e014e10c8fa47fa5eb5059647f6f85c67b

SHA256
cbd1e4e7ef592f28a90eb57b0e0e8719d92e6f8beea772dbe3424ef268e0b693

SHA512
947b6aad5dcb1abf74cf4bf7281aa3ea03b3230b71734c75c8f82ffec6853ad54d3696bbf544dd34bc019acf65f1252b3598038e7fb3d284bb537de13b62595b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
95351a0ccbbfe8fef0e946dc53161e16

SHA1
4000ca8b3c5b885002f552fde9efec74e4d2ecf3

SHA256
28b3abac1c7c27351d0d4f3f01fc631fe932fc8f276d4d6b55b15892e598a131

SHA512
4ebfd31b77fb2e7b868268b41d2ab5a337003cf4a10074441bfe861c3f4ce21858728a54f08965703c30b729cc6c5076d999091e3fa5531a1b8c97746c44fadc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
0c91db6214f5ecf8315eb8602ae41c64

SHA1
16f959dc12b3c9852bc72fff9ee74c7d674d23e4

SHA256
435bd888d4776201552bdea304d975022cb88afcc14545003409a18ccd7f70f1

SHA512
47113c84479db4b6702bf71436502e3476855b7bcbba1d4ec6c3a1e33efde3a4b94d556d955bff29fb3e0f56eb2bf92cc6f6b04a69d19c5c37c867efe55e89e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
bc95b619c6dc5d62724623bd5e45e151

SHA1
25b49d606a0f5e5cd83e7f904fb0c08bcb84eecf

SHA256
2c5431a7346f48e22007afac51c6d745b8544d7cc3522c837ea2ed6a156df73f

SHA512
1ca21fb00646fe0d5f0d9be42b9aa508ca1b1e6cc2a4c8813b8cfaad9290d26f8394427dfdc4004c39e1660e9d22fe75772c0438639aebf77224227acb392aa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
48KB

MD5
973cf2b8a2e253472f23cb7f145085fd

SHA1
da1cf9844954413a6e9fe12c6009753a01af5180

SHA256
9f27725a1171f81ba8653e7bd6748cd0bebda13ddb6491c536efde0dbc97eb0a

SHA512
0a70e06a4c03fe67d69434300465a49074a464333f1e5a0532ba106c0b8bc28696ed0695726b8e20689e8d45a49b76c72d6fb5247f67670c52bd49619479cfb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
40KB

MD5
6450530510e7a5cfc9a329f23fe4f251

SHA1
9bdd763a94052094d2020a4160f2b2ef7eda5fed

SHA256
3b83037fdc4423f785642e3fc75deb35ca49123d77e89a9ef646f8330ce6796d

SHA512
b8ee2af590692e20b1850cca5e1c37d95a1ff7173b55455e2b46a06aacfe93deff3de45364429092059475be5cc6fa658232894ba4b7aa135514e1e77aec70a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
19KB

MD5
ecc54d290d71eacdb2a7c1a8f197f4c6

SHA1
e319d3049de92263bbad8aaeebc45b04297b9181

SHA256
985c7093992515bf42cfc44bf2c2695968e95e327342bed627aa3eef1aa7c628

SHA512
5c766ade6384c9ae1a37acb053f738d03e5eafda0da90283355ae678fe660b58b83e431432f7841f9903940413bb586617028f5352a27e4989b2349b28d178c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
41KB

MD5
86f397e234b93b017685b2a4c5647b69

SHA1
667ef16baa9c9a860d86d1c5f919d4404cdc9f36

SHA256
05327af4a43f8272322d30db69a34781e9f0dd4bc87c858f72aab848c536e951

SHA512
33e564c218f12adfca8c9842d647a827feb116bf9fd67445c3879a71c3b16a8b66edda3b19ebe5065cbbaa2bac94484f1d6e9642a4934ea9f3741b8f7ccc336f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
981669cc0880776ca4c37d772cee50e2

SHA1
b20e4d75979ef42ac8ba9f5b2c8ea5fbc2bff7d2

SHA256
fbf7aaabf1d32a35dac5ba3ed4f61d37537aa5fabe1ede85b114dc7c4b4c9c22

SHA512
59f5bfa21fd4311e2de7d5a20942812332bf0a63cf7844ce9fc203c87a125edfff761b4840a4668dfe7d037011a20a47e1891a757e88a8ff393b186e2490c2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
97a863aa4a32a82231dc8c2e977f9293

SHA1
de34ba1ff8176fcad0332c61a9aa974b599082ce

SHA256
8dac9c056e98bb0b24ad77f213f6fb772e7d9cae12ce1ae361983853eb2f8ca0

SHA512
dff7dfcebf0ca5c2a1ae74f793f6af9e4ea87a4e6015b19a58529cc486d2e69876f5151c07cf8ca5bc8af65ae4e41becd05a513f98161881c6e5a14a130cb7c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ababc14824460769e0d05ecef09c265a

SHA1
8dc89f5ab176d02ac458a85bbdcd6f48cfe92443

SHA256
a84535b06f16c57dae7477a06c2cde6413a99fde6f4440d6572e7f4787aa1801

SHA512
68fe262d10f9b576e0a76edab4a2e5d9872a7eb4766172f34a37100be6e6191fa13c71ac10ca0648af8627da32214dda756995ca7156db65c68cbb792e4683d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
611ec6e4053e9b82cb09df6dbca3edd7

SHA1
d60440f6bfed0631e7fb22ddefa97b3e116128cf

SHA256
b041b134ded4019f0ab15d8be33e4d57a7ad240245fee3002f651383fcd2b19f

SHA512
852e70ea5223d6633ce8657885c9ec777aa4f3bd4007075814891fb57bfe2780626289c63eae90bab24462e62fb7d0b3f88cb05e65884f95d2ddb11b25fd9f22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
4f1a49605a125db50f92d6f7c9affa8e

SHA1
0e73ed3c472fc056b71569a0704cc84f9682a4c8

SHA256
ad736d0fc5c4d18fcb576fce2407e93d51b7c7801b6cb5339110b7022fd64b11

SHA512
32b7acce77a3b57c31e9e5bd2eac82cedf8afac3404ada3573a56d2d0af8e73911150c70ea2c4962fc56d91a6a721911fb1038d8403902d7a212326321ccd04f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
aa52878cda35b4987d61f02b52c0e1f9

SHA1
1d99cd63119937be013863100ba38276e8461127

SHA256
058f5081ff3d0e32e27f764a1fd42b376c30786aa6a1cb5a93c8ee81be6b8965

SHA512
5f7cd72d43c215b97b64d2cf0ac35d9bfa6d6e5ae4c7db0502ed48771aa6705a841a4ae94213a9cd4e6ae9ad4c421288682cf344087b9bcb55d2e56874961c1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
88be999eb42497b3d602b6e305a3787a

SHA1
8fd61cc1415b4bc7a0bd6a0490b1ce45a4dadb0e

SHA256
4da6dc4066fdb7eb190094b37b6622b0a4d87d73fa8a71d1144e65f378952a96

SHA512
e27df26514b07c7b773c0a4be87eda4d34bdc1e22535af2281badf7934829656a92b77bb34d9db055e04cf653beef16aa4e634265d92f670222ac8af7cd38444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
5ccfd0149121172b5d2682d7f2fe3741

SHA1
b08613c414e4537de16970c880c692030ac19f51

SHA256
70df8f51f631f817940c77ab3c8ae0ee36719225d732c50398931e64972c1427

SHA512
06b63d10aeabf7ce35c01e14b5664492f60ff1b802b3704003f3456417839b8cfb9118e905bf750559c673e07bf1c129efce2cecd0e8737e879ece9dbfa91aaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
34ca92771435224824f4f7c871115288

SHA1
12f2aab13628a19050a7c47cb13229e7a5fbca97

SHA256
bd32b3afacc258b410306672db8b45f1720fda59b5e680744a00919a4d56c59c

SHA512
874e184af2831ca6972017c198800aea9273eafd65759c0ae53f6cecf618e4db148029ed193dbaa43c645155cc363324fab232297c6bdf99befae33e3849d7b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eb20add87b4706d83a72e8f119eadee0

SHA1
5d266a87c627b8dc2860e4c0d3e7064894e8f2d4

SHA256
edbaaa61e81dd7259129fa44ef447930df6cae7f4b573f489a4742b16b5a2597

SHA512
209d7e5e0862546b2cab5cec65c5072a7947b974100da215359f3fd9c85334c7018f2f1e9307ec8022301f82a08f52ed3f8dc82dc08ea97bbad6dae67b1df39d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6f7e4672e58e9bdade38b408703f4cc2

SHA1
6a0f757def88810793cdf1c2cc0f58a0f83838ac

SHA256
20c2ab93a7a27a92f25b096c40027661e9453ffcf126e630cd69919a0d66fdc1

SHA512
bd6a2ba4fd8df8c77a84f4fc4d9c8d04e70e708a3cd5e9dfaf41e79f56cb44bd21298e06ec96109739286b47b63020db15348eb1ebe1ca34c8a52faf9548794e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8ddbbdeaea022407f9c3fa33de75136f

SHA1
92f475eb4ae016ef7444fe487a6d85479dc5d434

SHA256
466c2346ba47efc668d558866f95e2bad3f7fcb91cefd9329af76ef95726cada

SHA512
fbbd9d6159b57707edd0faab722803a6f86b9897750ea130c7ea98e71120e950ee8b8774c8360913b1e9ef29b2e1e95017c9c4f7081c2f9869927a39924ead6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3529a1163d31cb98839c6627bcb65c2

SHA1
c3e62d676afb10285febfbb89b6f0a8c2e2c3bcb

SHA256
9dc7eed6282265750991249b0aa871b4a9762b15706d169c5f1eda4878ca95de

SHA512
f3cfa01220b992e81607db92d76effc7837cd748b6c05ce5ffc3a8221799949f4eab17d5f963c273f5ffb7d5d3ed1d3f66931f5a334d448c6fe2a80b82ad0592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f99245068991bc8422c941e5eca1b2b

SHA1
0d54b8814240201c748cbe53fcecab9863e84ed7

SHA256
b0682a870410adcb5fa8cab91ce84872b5665e322d133f822d906e41b8c4db74

SHA512
8462ab9bcfb091ea5cc8d13603ac896d961457f26494e96dfc85bd6a1b3101ec89d07f543e51f2e1991d239ae0a3b70c79313ef26b56ed47ef519caf3f5db2b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f9378fff39b8e236136ed0effe974e9

SHA1
1950e8165c31f8ea4dbf35bb7857058735ceb8eb

SHA256
6964bc0d318bad217507870d218d523d4cf803debd71f69e12833ed57463f6da

SHA512
0f76ba1092d85c680e23645c9f429e35d5a8779c181d43c06c29dca855dd44364f72cc76a068f5bfa75dda12e2df0688f1e5c5ea4b36c0b14f9f652cf87957f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ff3ac760cf1ba633f41ad8dc06da3f0

SHA1
78070f6f295cc6557825396a1e461fffb6d20ace

SHA256
292a064a2dc618405d1b6b5f9283d8a249bd9862f9b38981bce72c8d6fc59879

SHA512
41ec3d1285decca61774813970b4904441fded9bc44c4d9ca2e251a33d56b4c8995c802de50f51f832cd3a5c2e10309042fddd20949f38bbd13ac588cbc09ad0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
37a36711bb5ca9eb97b70e5b4cb71e38

SHA1
8e45d01907d924da72176ed8fc823db861f4aaeb

SHA256
9c89ee625f4b0bba2ddbf895dfea2a14702556bbb27071e85a0d4b09366cdc07

SHA512
515f21cb90aec1c0ff4dd124f74826aed05337918a3ba4ed962bb5c05d330fb858892edf342908ecd4745eebcd997f6f88d21f81a2c6d391d51375d051631fc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f743d9b7af2e54310baaa011f3ff9de

SHA1
0d51c073485755f64480bd87abdeed198eef6fd5

SHA256
bb0244d8d9ce79cabe8724f1d134e79e4ae9e3201b287dc72d26cdd215410ab0

SHA512
e0923459c8359314feb3220e2b0ef6b4e2a0fa6a9df39697888ed558218810dfe653147aa1ebe816dc4045bb2827d17add59f76961d308553546b1e279ab4ed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fff77d0819d6ead189cb7d635fcc080f

SHA1
f171a506fdb5e611fe07a134f5779c404ced207a

SHA256
659bf77bbe82a4c7b61e069ccb6f7e47a5819dd3b95f22005ec5ad5e702450db

SHA512
a8d9a84df02e8c90f50a9e3c23a6b3f54783bb50b5cf9536877aabfe96add5158a97248bd2594f3eacc233b88d2e344dafb033218908fd6f76d73c370139ed2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3e3f4929ee0727e1b8464e22b7fea376

SHA1
50c4dcc1891b8a7bc1a129db0d5165192a98c632

SHA256
a0bc2bb513fe743d76f253f69908afa911394e49a1b85e75116fad47544f1250

SHA512
fdbf386689a3ff7971b5af6902e921320426522f8f6e4f7076d52e22252d94799e53f3ef2fc0795588e3c5d638966ba3f813b95dc14fdd94946ebfc0b7922fa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f095f4f9415277f8532d45957a85fc6c

SHA1
d9911d20b09614adeca4ecf377d774544550e32a

SHA256
b5ff52d51e9b706604098fd7d35e03f3937194d8bad17a97e03c865b801db41f

SHA512
eaff283434528be68c5fd47eca39412ed41b701156abe0558110ec5c055719075637519621351732df6618294eb98aa81cd78fcbbef8300aa8174b4f2a432fbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
967ccf911f0547a5c9420215178b7248

SHA1
680150814b204ca02e48b868ba8e123b77b26cd0

SHA256
2973db99789555495bd0b7249e571ad1f977ce7c61bf1430b8da44f95bbbd13a

SHA512
f84f3e9004b494b21db52f7eee98f965b977df9c0ebfb10ec00a7d46dfd4dc00e27a1c038ca3ea71f45fe2c885d44905cb463561781fea334b5a344168edba86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
42d8a1ceb5b6c25c8fcd75f3cd7cfdc9

SHA1
1d1d0db66ba4c8e035482fcfdd6d073573dfe411

SHA256
22534a15f46c29db904272848cdccd6c42c3cea033ecfc2663b11cae7d52d95a

SHA512
adfd1e47f89b73a688a4803045c1c0501e25bf5e1af69fc92c912a8692a88530f9e9ecf552585214b04a84284324dc3c76ccb4a2acc6679357341ce26a18a431

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7ab74f73aca3a4e72417e9f8b32fdbee

SHA1
db1fcde9ddb325a8d84f3c74e889e0bd1e978954

SHA256
b88d0380624ee3f85c264ee605d7560caf3b84df42eaa41b449ed46f126a1a6f

SHA512
28ae1dff5f18cbe4d0df5f79a6bdc547aee9c4295f66ce223baff8c4d1ede18371d366fe99b8afeab2ab31f7ca015e52fee1c3b851b3b36107db0531bce0b764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
6b6ee181723a9128dfb180fdf1b02200

SHA1
aa01444fc710ca382bd3538a8a4a892f307df1ed

SHA256
1c11e32f8e62d4b29eb4f172f68955c7d3e94068cb6fa3b7e914b60ab73506cf

SHA512
c20a55103f25f2d7f6e78ae714e1aa4423c7044f652b1698a06968050fac543e1149e1ccadf976191619c740612e4356c22c9be890bd5cf2645d39ca23979979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e8fbb25f-cae3-4777-8fe6-e4185c78209e.tmp

Filesize
11KB

MD5
777c7f9f778171a573d99932aea75da3

SHA1
1b35c05954a619b409815b6288118bcfcb709405

SHA256
4f351c0c6ed92620c007de34350685330331c1930e99bdc0fff1da1055e0d42d

SHA512
4150e079ba0e1b93b35996dd62563a2da42df05187771fffd18d1f98481ac2db55ec41d088622c0067925e74690ad1c28fa50e80b3b906f7e9b071ed6d3b9788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
7a0938fb76f8ce8257af0a92efde2af1

SHA1
6d05ea2ce4e4fb9f6850d188b60f1cac368eaa95

SHA256
03bffc207c18247bbeabd0089872bdada288477981a660da2f1c0d9e18685c44

SHA512
0cc2211990ec4923ef86a89f580745b320954a563330e0625e75730edc79ae4c2d0003f6f677644b04f884eeec89510fb5224383f58d18b1e3c5410527f59670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
89457efa12a29ec5d7fe744c75323f81

SHA1
d6479fd5f2656d8c9ba0c43d7292f781033ad29e

SHA256
aea1ac203130d775cb935b5f216ad948a297e926c65291839fc1a93294c48133

SHA512
1195933cd84f07947d6a0ea78d6680e3de8cd88d411458d55dfed77427173cf1fa0a9f5a21298b7031bfac3a5da1ce33d68efa9a576794273932160982144743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
524ddb9fcf0b8295cb4a7a2983100eae

SHA1
d5ea594a5a98660465b6570fd684f12d6a69ef2f

SHA256
5126196503672dda39261b0b2c1b9cae3c00dd725efb99795338c99e08dd0287

SHA512
ab90d005932606f8ba4bcbbaec095b0d19a7b031483cc86ded629acdeab3116e94e3fda4d34a994a5975d3658c4989d27bf679a384e6f40c227b33a27cf3c72c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
d9ed8d4b1591c707a9e7490afd27e73a

SHA1
e8cd3655003bfe91cfdc7d991b547f55e6d38af5

SHA256
71638a8527874f9a64e3ba7918a7f2350d3fa0f838181a3b488d23edb7d68d70

SHA512
899bcec4e611ef80ed7d9163ea4a9ffc5f97d80cbe655a68a7030b0f7587cb038dc7c1880648ecbf4aa78361659a27ec5844b266d5d29dda59a0b81ff6455063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
2a1910a94271edb03f0745e17e8e50ae

SHA1
0e4bee6160cfa2f2a1bb4dbcdc0f71c9e777fe6f

SHA256
08fd0f2006d5a36c6c619eb40d4a383f1c4216951b351f621b4dd7874e311a9a

SHA512
a945357c83c568297ecccab8d9e292555e30f86a435cbcee97db10bb2c333e9a3b6a2b8b5edd03c5eab7a5b89c9506f4eaa9246b348ea894f8055a5847e8aab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ed82a366361278bf7fa1acbdf5a78e13

SHA1
efa845b09bea268e6fcadb25bc188a5a53670287

SHA256
d6f7c24a934e3012348b47fd4cc45c5b0e3eaa0d1578058663fa087579529af5

SHA512
53589cef56ea79f387e8e2d0938f49a7f9f53e20d61168ade3708a91e2b0deb00b7dff6585f10dadeed012957ea2593146f9910d829d4c7883f1a408adeb41d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
1cdd11de503c530c5cbcf8ab5a49e9ad

SHA1
1cfd30d14ac03ec872fe6b5998649412448369b0

SHA256
ab21fd9a8552af1322e775bdb8694cd87f1cc262fe1c44903601e4ad49cfb560

SHA512
ab1454a0d3f527937105054e8ff63a9f628faed16c21587ac7e3ad7f6e8f7aa69bcdcac653d18e67d551f7249f3c3a0931e1e38d2ab349a045d394a829ade773

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 2763.crdownload

Filesize
800KB

MD5
02c70d9d6696950c198db93b7f6a835e

SHA1
30231a467a49cc37768eea0f55f4bea1cbfb48e2

SHA256
8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

SHA512
431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb

Download Submit
C:\Windows\Installer\MSICB20.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSICB8F.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSID0E1.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
memory/848-3639-0x0000015939C70000-0x0000015939C80000-memory.dmp

Filesize
64KB

Download
memory/848-3637-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/848-3635-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/848-3636-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/848-3641-0x000001593A8B0000-0x000001593A8B8000-memory.dmp

Filesize
32KB

Download
memory/848-3634-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/848-3646-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/848-3645-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/848-3644-0x000001593E5F0000-0x000001593E5FE000-memory.dmp

Filesize
56KB

Download
memory/848-3643-0x000001593E630000-0x000001593E668000-memory.dmp

Filesize
224KB

Download
memory/848-3640-0x000001593A8E0000-0x000001593A970000-memory.dmp

Filesize
576KB

Download
memory/1784-3023-0x000001D94C3D0000-0x000001D94C3D1000-memory.dmp

Filesize
4KB

Download
memory/1784-3022-0x000001D94C3D0000-0x000001D94C3D1000-memory.dmp

Filesize
4KB

Download
memory/1784-3029-0x000001D94C3D0000-0x000001D94C3D1000-memory.dmp

Filesize
4KB

Download
memory/1784-3028-0x000001D94C3D0000-0x000001D94C3D1000-memory.dmp

Filesize
4KB

Download
memory/1784-3033-0x000001D94C3D0000-0x000001D94C3D1000-memory.dmp

Filesize
4KB

Download
memory/1784-3032-0x000001D94C3D0000-0x000001D94C3D1000-memory.dmp

Filesize
4KB

Download
memory/1784-3030-0x000001D94C3D0000-0x000001D94C3D1000-memory.dmp

Filesize
4KB

Download
memory/1784-3027-0x000001D94C3D0000-0x000001D94C3D1000-memory.dmp

Filesize
4KB

Download
memory/1784-3031-0x000001D94C3D0000-0x000001D94C3D1000-memory.dmp

Filesize
4KB

Download
memory/1784-3021-0x000001D94C3D0000-0x000001D94C3D1000-memory.dmp

Filesize
4KB

Download
memory/3760-2385-0x0000015C60DF0000-0x0000015C60E02000-memory.dmp

Filesize
72KB

Download
memory/3760-1-0x0000015C467C0000-0x0000015C4688E000-memory.dmp

Filesize
824KB

Download
memory/3760-2-0x00007FFBB9E70000-0x00007FFBBA931000-memory.dmp

Filesize
10.8MB

Download
memory/3760-0-0x00007FFBB9E73000-0x00007FFBB9E75000-memory.dmp

Filesize
8KB

Download
memory/3760-3-0x00007FFBB9E73000-0x00007FFBB9E75000-memory.dmp

Filesize
8KB

Download
memory/3760-5-0x0000015C60D00000-0x0000015C60D22000-memory.dmp

Filesize
136KB

Download
memory/3760-6-0x00007FFBB9E70000-0x00007FFBBA931000-memory.dmp

Filesize
10.8MB

Download
memory/3760-2383-0x0000015C60D40000-0x0000015C60D4A000-memory.dmp

Filesize
40KB

Download
memory/3760-2808-0x00007FFBB9E70000-0x00007FFBBA931000-memory.dmp

Filesize
10.8MB

Download
memory/4252-3651-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3656-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3668-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3667-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3650-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3649-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3648-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3666-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3652-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3653-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3655-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3665-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3657-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3658-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3659-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3660-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3661-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3662-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3663-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4252-3664-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/4884-2801-0x00000241BB190000-0x00000241BB1B4000-memory.dmp

Filesize
144KB

Download
memory/4884-2807-0x00000241D5A50000-0x00000241D5B02000-memory.dmp

Filesize
712KB

Download
memory/4884-2804-0x00000241D5990000-0x00000241D5A4A000-memory.dmp

Filesize
744KB

Download
memory/4884-2803-0x00000241D5CE0000-0x00000241D621C000-memory.dmp

Filesize
5.2MB

Download