hxxps://wearedevs[.]net/d/JJSploit

Analysis

max time kernel
271s
max time network
271s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wearedevs.net/d/JJSploit

Score

9^/10

discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	Bootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	BootstrapperV1.19.exe
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	BootstrapperV1.19.exe

Executes dropped EXE 8 IoCs

pid	Process
5484	JJSploit_8.6.0_x64-setup.exe
5952	JJSploit_8.6.0_x64-setup.exe
4832	Bootstrapper.exe
1104	BootstrapperV1.19.exe
1968	BootstrapperV1.19.exe
2528	node.exe
2976	Solara.exe
3984	node.exe

Loads dropped DLL 21 IoCs

pid	Process
5484	JJSploit_8.6.0_x64-setup.exe
5484	JJSploit_8.6.0_x64-setup.exe
5484	JJSploit_8.6.0_x64-setup.exe
5484	JJSploit_8.6.0_x64-setup.exe
5952	JJSploit_8.6.0_x64-setup.exe
5952	JJSploit_8.6.0_x64-setup.exe
5952	JJSploit_8.6.0_x64-setup.exe
5952	JJSploit_8.6.0_x64-setup.exe
6080	MsiExec.exe
6080	MsiExec.exe
1432	MsiExec.exe
1432	MsiExec.exe
1432	MsiExec.exe
1432	MsiExec.exe
1432	MsiExec.exe
4640	MsiExec.exe
4640	MsiExec.exe
4640	MsiExec.exe
6080	MsiExec.exe
2976	Solara.exe
2976	Solara.exe

Themida packer 5 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2976-3898-0x0000000180000000-0x00000001810EB000-memory.dmp	themida
behavioral1/memory/2976-3899-0x0000000180000000-0x00000001810EB000-memory.dmp	themida
behavioral1/memory/2976-3900-0x0000000180000000-0x00000001810EB000-memory.dmp	themida
behavioral1/memory/2976-3901-0x0000000180000000-0x00000001810EB000-memory.dmp	themida
behavioral1/memory/2976-3918-0x0000000180000000-0x00000001810EB000-memory.dmp	themida

Blocklisted process makes network request 2 IoCs

flow	pid	Process
321	3920	msiexec.exe
323	3920	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
304	pastebin.com
305	pastebin.com
311	pastebin.com
332	pastebin.com
334	pastebin.com
102	raw.githubusercontent.com
103	raw.githubusercontent.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2976	Solara.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node.exe	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\agentkeepalive\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@tootallnate\once\dist\types.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\lib\nerf-dart.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\disparity-colors\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\release-notes.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\make-fetch-happen\lib\fetch.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\verify.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\models\targets.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\npm.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-audit.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\search.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-hook.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\models\snapshot.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\isexe\mode.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\vendor\QRCode\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\encoding\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-edit.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\node-gyp.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\concat-map\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minimatch\dist\cjs\index-cjs.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\make-fetch-happen\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\validate-npm-package-name\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-search.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\promise-retry\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\dbcs-codec.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\fs-minipass\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\docs.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\@npmcli\fs\lib\rm\polyfill.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\arborist\reify.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\google\protobuf\descriptor.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\is-cidr\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\gauge\lib\progress-bar.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\agentkeepalive\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-registry-fetch\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\safe-buffer\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\typings\common\constants.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\Xcode\Specifications\gyp.pbfilespec	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\spec-from-lock.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\npmlog\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\internal\streams\end-of-stream.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\printable.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmdiff\lib\format-diff.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks-proxy-agent\dist\index.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\tlog\types\__generated__\intoto.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\tuf\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\serialized.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\using-npm\config.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\gauge\lib\template-item.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\restart.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-audit-report\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-prune.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\fs\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\binary-extensions\license	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\profile.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-run-script.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\typings\common\util.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\retry\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmversion\lib\read-json.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-start.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\vendor\QRCode\QRUtil.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\glob\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\event-target-shim\package.json	msiexec.exe

Drops file in Windows directory 21 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI8534.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA969.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAB9D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAA15.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAE4E.tmp	msiexec.exe
File created	C:\Windows\Installer\e5a7b6b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5a7b6b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7F44.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8523.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8BCD.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7EC6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI830F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8BBD.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\Installer\e5a7b6f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7F65.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JJSploit_8.6.0_x64-setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JJSploit_8.6.0_x64-setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe

Modifies registry class 30 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts	msiexec.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 905624.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 994824.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 41 IoCs

pid	Process
4468	msedge.exe
4468	msedge.exe
3168	msedge.exe
3168	msedge.exe
1496	identity_helper.exe
1496	identity_helper.exe
5376	msedge.exe
5376	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
2992	msedge.exe
2992	msedge.exe
1104	BootstrapperV1.19.exe
1104	BootstrapperV1.19.exe
1104	BootstrapperV1.19.exe
1104	BootstrapperV1.19.exe
3920	msiexec.exe
3920	msiexec.exe
1968	BootstrapperV1.19.exe
1968	BootstrapperV1.19.exe
1968	BootstrapperV1.19.exe
2976	Solara.exe
2976	Solara.exe
2976	Solara.exe
2976	Solara.exe
2976	Solara.exe
2976	Solara.exe
2976	Solara.exe
2976	Solara.exe
2976	Solara.exe
2976	Solara.exe
2976	Solara.exe
2976	Solara.exe
2976	Solara.exe
2976	Solara.exe
2976	Solara.exe
2976	Solara.exe
2976	Solara.exe
2976	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4832	Bootstrapper.exe
Token: SeDebugPrivilege	1104	BootstrapperV1.19.exe
Token: SeShutdownPrivilege	5640	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5640	msiexec.exe
Token: SeSecurityPrivilege	3920	msiexec.exe
Token: SeCreateTokenPrivilege	5640	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	5640	msiexec.exe
Token: SeLockMemoryPrivilege	5640	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5640	msiexec.exe
Token: SeMachineAccountPrivilege	5640	msiexec.exe
Token: SeTcbPrivilege	5640	msiexec.exe
Token: SeSecurityPrivilege	5640	msiexec.exe
Token: SeTakeOwnershipPrivilege	5640	msiexec.exe
Token: SeLoadDriverPrivilege	5640	msiexec.exe
Token: SeSystemProfilePrivilege	5640	msiexec.exe
Token: SeSystemtimePrivilege	5640	msiexec.exe
Token: SeProfSingleProcessPrivilege	5640	msiexec.exe
Token: SeIncBasePriorityPrivilege	5640	msiexec.exe
Token: SeCreatePagefilePrivilege	5640	msiexec.exe
Token: SeCreatePermanentPrivilege	5640	msiexec.exe
Token: SeBackupPrivilege	5640	msiexec.exe
Token: SeRestorePrivilege	5640	msiexec.exe
Token: SeShutdownPrivilege	5640	msiexec.exe
Token: SeDebugPrivilege	5640	msiexec.exe
Token: SeAuditPrivilege	5640	msiexec.exe
Token: SeSystemEnvironmentPrivilege	5640	msiexec.exe
Token: SeChangeNotifyPrivilege	5640	msiexec.exe
Token: SeRemoteShutdownPrivilege	5640	msiexec.exe
Token: SeUndockPrivilege	5640	msiexec.exe
Token: SeSyncAgentPrivilege	5640	msiexec.exe
Token: SeEnableDelegationPrivilege	5640	msiexec.exe
Token: SeManageVolumePrivilege	5640	msiexec.exe
Token: SeImpersonatePrivilege	5640	msiexec.exe
Token: SeCreateGlobalPrivilege	5640	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeSecurityPrivilege	2684	wevtutil.exe
Token: SeBackupPrivilege	2684	wevtutil.exe
Token: SeSecurityPrivilege	5688	wevtutil.exe
Token: SeBackupPrivilege	5688	wevtutil.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2528	node.exe
3984	node.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3168 wrote to memory of 2788	3168	msedge.exe	82
PID 3168 wrote to memory of 2788	3168	msedge.exe	82
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 3500	3168	msedge.exe	83
PID 3168 wrote to memory of 4468	3168	msedge.exe	84
PID 3168 wrote to memory of 4468	3168	msedge.exe	84
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85

cURL User-Agent 7 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	339	curl/8.9.1-DEV
HTTP User-Agent header	340	curl/8.9.1-DEV
HTTP User-Agent header	341	curl/8.9.1-DEV
HTTP User-Agent header	342	curl/8.9.1-DEV
HTTP User-Agent header	343	curl/8.9.1-DEV
HTTP User-Agent header	344	curl/8.9.1-DEV
HTTP User-Agent header	336	curl/8.9.1-DEV

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wearedevs.net/d/JJSploit
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5f9846f8,0x7ffe5f984708,0x7ffe5f984718
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7200 /prefetch:8
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5376
- C:\Users\Admin\Downloads\JJSploit_8.6.0_x64-setup.exe
  "C:\Users\Admin\Downloads\JJSploit_8.6.0_x64-setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5484
- C:\Users\Admin\Downloads\JJSploit_8.6.0_x64-setup.exe
  "C:\Users\Admin\Downloads\JJSploit_8.6.0_x64-setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6884 /prefetch:8
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,13197150898916798074,5919586584639885868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2992
- C:\Users\Admin\Downloads\Bootstrapper.exe
  "C:\Users\Admin\Downloads\Bootstrapper.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4832
- - C:\Users\Admin\Downloads\BootstrapperV1.19.exe
    "C:\Users\Admin\Downloads\BootstrapperV1.19.exe" --oldBootstrapper "C:\Users\Admin\Downloads\Bootstrapper.exe" --isUpdate true
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1104
  - - C:\Windows\System32\msiexec.exe
      "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5704

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3920
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 9869A56869D9588AC1374D53E7FBE449
  2⤵
  - Loads dropped DLL
  PID:6080
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 85A691ED8F8AF9AC9E872A46DD058F88
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1432
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2B6B5A4F1DB3F25B1CA42E50A016A5A6 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4640
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2684
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5688

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:464

C:\Users\Admin\Downloads\BootstrapperV1.19.exe
"C:\Users\Admin\Downloads\BootstrapperV1.19.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1968
- C:\Program Files\nodejs\node.exe
  "node" -v
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2528
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  PID:2976
- - C:\Program Files\nodejs\node.exe
    "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 131f2503423b4389
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5a7b6e.rbs

Filesize
1.0MB

MD5
3e2f2f89877cb54588766d1f8ebf6c9e

SHA1
ed06e609b66922b68b835d16b046a8b522a173d2

SHA256
0bf6beace977186bc292f1341dd2ee4e216a3dfc13b993be42d4f7d74fdff80c

SHA512
90b1017dba16f95b4f866152f9d7ddc6a794ec1178d7b1b74e946af952bc7549e212554fce0c880f17fe40ffffc0cbf839d77938570aa2b3022d5652f9c80c59

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
104KB

MD5
aab3d354121bf076837aad79029043c6

SHA1
177fb2834bbebdcd76d538b6181342b14b4f213c

SHA256
81dc53b2dd82f889dea6394c5369759929f47ea26f48d24401e15b0b90a50afe

SHA512
00295a367f55b7ae7379acf3b22b0b08c5762381debb7693489e2de59a941cb62312498bb84b3332dd70d3b808dd2781b19f81c37228b18b150f4ef81a45514c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
51KB

MD5
9a4dd60773b2dd4b0b83f18df68d6024

SHA1
f865d8fab1bfc201393bfb8ee983a0a5e72dac46

SHA256
b4284cba00733654ae48f4a2f8c917e0957c9fcc3fc7d1edf0d928d6e42eb1ed

SHA512
433c0c733c4b8a7f6cafc7b7bce8cb1e53aa3214de44aeb1f791e6e88dbedf3adbb1ea69c18d9e3db88bb3e53a12340dcef3394268cf9b01dbe0e288ed2d489e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
72KB

MD5
65646a06ef412175f2038f3091a3bb5b

SHA1
45567d9ecfe6bf2c7f39d5308a00fccf6ca32d7f

SHA256
96db9d227c27185937eeccd72f720f0a0a676695cb473aef662b81ca7deb472e

SHA512
1161693620b0932adfbfe67c59cdcb9df8cb9c766b99bcc5195701a6275d1cbee8ae20358b80b4196e2648ad3f2a0576556e5f858c137ff72f69439250414ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
31KB

MD5
eddac26c95e56c2f847f5fb2610c0710

SHA1
695813ec207e1b9fb0d8c9aa9c1dc1cfa420a0cc

SHA256
ffd1a69c340ff8ffc05d3cf85292973b0bbd818747fd9a01282702a9fb90c069

SHA512
54d29766e86022d53366b0690a7a29db1e070af7d698e6070b78a3af47c477a1aed68dc4d4c22398e76a875e1a3b26c023898d8675e7deac3d60bc2c555c736a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
137KB

MD5
fc518866747bd1444ab49ccb4a84824b

SHA1
1963ee8c41dee7b03b3858a3eefb2941210e8f35

SHA256
f78c0fcb5596aa08c903c380e1d01126edd84b0909c3a82f30b43b38a8f22cdf

SHA512
23232801ee3a5b185aa8b5b9cbce24df1abda1f3ea03ee1711323a435bdf5d4d749eb2fe043a33fd5088563ca642aa8370200a8f9b07b2ad5beeacc279fd1bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
8aa3d963cc63b6df4e1e1815c36bc6b9

SHA1
e0a3027e20b6a1aa9692aaaae97ec672e2b7a466

SHA256
49e97ebfefeac34521b1b77161f5627915ae3d70b8a5ddf150e70ee22abbfd7e

SHA512
7a25e4c3a880a9a50105fd54056bc69ae12d9b1bd5079fa665684452a4815cf7d6ae6e2b1f75a05c85636c38c6ae3afc0b2f3c6ac8f31ed8c222c755ff814a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
63KB

MD5
c87cf6549eb181e9ff0a8ec56e0e58e2

SHA1
6109f2d395d746077b181e147c6afb36fff4d231

SHA256
9db94718331e8bb85997cb885c24d726fd5f5106b471d0fb3a10934f01b0ce29

SHA512
5527d84f4421f654710e4986a3eeff93f100a6d76ca8c5215b2b5c9915e001bfc88be40e2b677c92f0f3bb1ad9710801c7f34fc7bbb1f0316fb96eb07b7239e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
21KB

MD5
0d2b9578b9a115be4fb928c62c4beedc

SHA1
93013b18649a0ea0973e571af7ba99131ca32f34

SHA256
de369635b20283c14ae8b6d0d3f9eb0b7d9d7c0471144cc78e366d3c8f5e12ab

SHA512
1699cb781f0d00236d3bcf2c30f37d2a3a604e34316105985d5ac48ddc02b61064ee3b22363addea2144f562adccef7e77bce09d8431bf9e75498bcb7636e3d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
16KB

MD5
a2edb5c7eb3c7ef98d0eb329c6fb268f

SHA1
5f3037dc517afd44b644c712c5966bfe3289354c

SHA256
ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e

SHA512
cc5644caf32302521ca5d6fd3c8cc81a6bbf0c44a56c00f0a19996610d65cf40d5bae6446610f05a601f63dea343a9000e76f93a0680cfbf1e4cf15a3563a62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
20KB

MD5
9661c577bc73011d8a5c6db1bc003b0e

SHA1
b1e08f242d408dfd66b48180d14b5b81f05b9c06

SHA256
c0e83bea51a6a24619632ec1a2dacc1e36d4f441fe01d0ba79571dcfa4f8e6d3

SHA512
2fb87d4bc5b10be5ecf173726f6dcc5531722879a046e7fd5328406b2c2395be4298e1bcd3b73ac0cd81b53bbd2b2d6d76e6c733ab79ba9865db3672f40bb25e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
32KB

MD5
673269c477f35966b5031f665816d043

SHA1
d082b1a27742e92a108112c2473a43e73cf5618f

SHA256
42008d6a28b6ea01964980c7691aebb91b93cbb5f8ae8b2668c94d1483a225ad

SHA512
423c2dccf173a1a193138f776befda7b708f5fbd0b4fd09bd278954fcd87d2510d73ec6f5bd0a3133e9e8f946c256ed26040125694c1db6d7d57cb4cae5af4ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0657bd1c894a7dcc_0

Filesize
55KB

MD5
8e5535a7b3d5d755397aa22007317640

SHA1
3190dada044c849995d427d27d96837ed9bd7511

SHA256
722144cfa13933fa9b4ec81d4098c26209a276ffd526f9521d3979938ddac7d0

SHA512
f5791d73d6888810c64e7abf4e91bcf279308fa6ed1bd518682e4c4f5fb1b6fb7b4a42ae48d0efd5bdb3c333e7336603cc218dd299f4f0d8464ddf5431f9c566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

Filesize
212B

MD5
03c3277a539818c3c7f2f1357966ce28

SHA1
52fd0051069e560fcbca5a2f876541ed91976e67

SHA256
8d2859e3c7e29aa9845e82bda339acd4d8442760ebea421b58d6b95e638bded9

SHA512
89a22ad122bbc33faece6a6f7efb31db5c8d806b1a17121812a8289ec61d5b5a3ba7cc3e2d277fff3c0ffd02f54861d5d897bb70733d218176bd9bf8b5e6dd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4206a98fa762d1e9_0

Filesize
359KB

MD5
9f10ee8687ad794eb7515015e4a3139b

SHA1
0a1a6a0b187e83b48360c623d2e91447a159ea83

SHA256
0ee809bf737e52e2f3a4081495a924e51c7c88c6e1b3c11d8c83b457c0db0e39

SHA512
42000f72deb46a2ba9d5248242bf8f52f897fcf177dc110b239a8363eba219d2a34225cfee7c5e2bec0d36df89880ab99d47ba34d4849970ceb5d8fff74defe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71848a3da7ea1aa8_0

Filesize
301B

MD5
c3e83075f9e021954e0b7c854ec604f2

SHA1
dc261ae1bb227ddc8a90ae9d402a486d9370ca12

SHA256
dedafc5949be1686804617fb8fba59130e3a799ba6b9c48be6d786356d4e65fc

SHA512
6b5165d630d08ec0887af628a0acd8865e938a3ca74b25baae7fd531d6f3ebbbf955d7cb58a42ea05cf2cca8056dee52eb135e34115bf230bd8fe089c57aedd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\75690fd738a24ddf_0

Filesize
31KB

MD5
1590c0977bffb59b9452934830219ef5

SHA1
f0776597b6b9fd4bbe284bc1e8fc8a8c55ff266a

SHA256
3a3fd6a7f30693bb0b01b183e8aa87331299b29c7b059e34c99a552551c21f17

SHA512
b6f607394a185330dbb2bbcdb6dd8d1380fccfb2cfa54432d2cd55ae1bac1f993ef615ed39545dbada261b204b9211ba68025e285496b73a0f8389c2b9801aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7ad09034ada6111d_0

Filesize
325KB

MD5
fc433fd72bc7a3168d0bf2e7d65459ef

SHA1
8d08bb57250fa93022e0443ae0d0f6eeac108605

SHA256
60772d4403b9bd99d7e65646a464adb8de6202b76e2173ed9a259a4692395e5b

SHA512
bd228a691b114072239affe75f8118ba1d1664e9764b8d88b5f0702709e8922ba294e3e70aba8caa8a2d438e4313bb0fa6da13e555fd06d5e4f22ddc638deaa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e4cf25b8cd50e68_0

Filesize
55KB

MD5
ce2ad8a80e080b1b6c6f9093bfa558d0

SHA1
32fb4cf36c930bc85a270bf13ba4beff11b5151b

SHA256
52322d4afddc7cc69adeb680f49afdc922afdb103ac53cfef4f8f9c459c57133

SHA512
cc20e6bc0f2a10598387a375f60d4822263a560f8fd786e7295310728f891fb1ea09efb2b497795d14036924a3fade6d8645bee72f341390ac7aff77342b2b01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9bb6711f9871a43a_0

Filesize
237KB

MD5
cf16c8737075d47896340bd6d52a0999

SHA1
3145fc16fae19cd25706e3bd4dd9c8ac7147662e

SHA256
76d72ac8603318fe8be71ef0bc80ef99e02c116ce0baeac51e022e12991b559d

SHA512
d2abcdd1525830b4f1fa40de598c9f070723494f81d2412bb896a6386a6a2a7057547070d35c5e478e73329189e2a787d4204077f695b4e36236966d6405de33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df53bad28ea1e322_0

Filesize
303B

MD5
043e75987117e480b37c1911a5283a62

SHA1
ad6d5e13c10d3d23528dd8ab7d66561a6915a62b

SHA256
69d227ce0ef9235f5b4a832c13ad2ffb9967860ec749cedbe6309e510e7d096e

SHA512
21faa221d03f51ee4b84de8cc5112426c24ef6aaef8ad7e1606ad6549808ed912da68c48834021ce112e12d75b89c35e1297aaedf903b96d3c0683ee749263fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9545717e6d151d2_0

Filesize
212B

MD5
9e127212d3c7129fcc0a2e5f058296c9

SHA1
00155e06f75e978aeafaa673c61e1fc43cdc4969

SHA256
7989998fbc58280c75d9b056576527ed042f70b64d06975f4a4f93c0709a3bbd

SHA512
72db5ab4b2322f72162ba8c29265315572523a9bae9cd9f8a4dac3fd13e15670cfa986399d9d4d0885942eef3858d8f293f109475f8422cee088da8743736da7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ee46582361c18fcb_0

Filesize
264B

MD5
ab771cb818a6760fc2f0ebb920d2b3b8

SHA1
bcadd691746d3503f2e943cb6a060d614c1ee4dd

SHA256
27c4a1869d815fe9b0216a3c7f38fbad3731182cc8b97307ad2b81ca277c9d79

SHA512
66fd24abbb4dd2e118db3ed535bb187541db9fa5bdf011f05d8c89dab97a720b4a89072187fff7b2c19524c1642d5c1b019ec6525e8dc33adf5e2200a6c25ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
02dda81286da6f1fff7e529636dc9728

SHA1
17ccd3d4a69cdb0a4d274ff5dd4d3952fb91f65f

SHA256
3437c4d29e543c5a609594f09b7637cc61333244001f4af02f5afc5c76ae835a

SHA512
2aea179a1dedbe344aaeb68bb2f39ba06be6dcae6f4304553561fcea6315fbadc4b54dbfe4645dd2cbb1c3d67549946aba0f6319da03daead05e02fcff8b7048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
733b1f6fdd1dbe02cc28696e08bcd9a5

SHA1
9c08cf6b819cad1c4519d8afe4f68b2ebc873b27

SHA256
b7c74566071233717d6ffead48e336bc7d28df264bcfc3f5663bada8cf505da9

SHA512
c65e8a27b495eb86bfe07c17382c370d1dca651d94e5bcf17c62f850b8591d203e96340f2416ba5e51249901d2a33c3298b066f45345dd47e75561bd6edb5292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b7196d365c7846de517b6ddaed2a94f9

SHA1
09d7c955ad383b5f00cf929a2723a36f7ab48134

SHA256
10f83ed90c76f841db641d132390963d543753af83a6c5281fa6232eae108d1e

SHA512
a40e3622b52b06ed7df1a13bc9f5d42e6595756b337e53e2453ae39f7692f35b67515c11df9f31d0c27e9fa3d1b6669600254ea9256acb30ceb8c6c96e812b86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
cdd0b058d337b0e3bb58371de380278d

SHA1
0c9bd5e01b91d739f1cf61309f7844bd79bec806

SHA256
bb3b842c605990df46d87046cfb38b751463f89c9d6aac82a2ac487866990da5

SHA512
618f23f11f98a7bbf9bb4fd2c4d8a1d368df38e13305871357c4dbdae5df9de410149346d1c6893ad8f715fd7b2cc447b0edbb96c847428b887f697a35ed6b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
3b85a54ce6afc813452e4d44feb9b16e

SHA1
3914872ea3c09e8bfd65bb327a662e8c12917007

SHA256
03877856bee71a50d228dc3e20e0429b3be5cd998318bf689746b677d7bd0463

SHA512
c706e93ce3bb320def28d19692231170ac89453889b2b1d44f390463be82bd86844334ad9b566ffb2aacba7755a7e9940d21fd6900217acc6a344aebc4487130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
28ed64a696a527e71e857874b62b1493

SHA1
5b14369972c240506157ada3ae315ae1b995b482

SHA256
a1e489930a713007dbafbcd0f3c249bce0df50900f519b6c21a1b318b02f5efc

SHA512
6ba90fa83998663c8ca8f7df7523aa710bd720a1a7e0fc4c25fdf7d290285325c6683c55952a1d482ca02418f12582eb9f9c28bf5c7323fe7caa0ac573d7dccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
02a9afe4e015fd4881ebe00ae993e14e

SHA1
c8a054c782692d98aac37b5141da993ab3face29

SHA256
2e148b2497bb968808a8bde0df14c12c74305d3286ffd693d76a88116eb760be

SHA512
8cce030b53d0f66e7f540c25b819c9ec23b89c5a94a02f6398fe7d15d3555de79aa8b0a64ab4208970c9bc2b29c92055d020ac62d004e9a3ed7f94480b0ff4d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
92a0a5b4172df9457542cba932cc350c

SHA1
fc151ae874ffb94c6b5777a6443e8c800a78f8d8

SHA256
486fd8fde80a805ee84dda27510587b7ed9c68cfa2ced8237032229d5acdd5ff

SHA512
ebe2b367ee504e03c9f8ddcf1f815d01875af4f7ae66eb7bca7ae5ca5fc3c496992cd36905b96a9e85f1df50d0f1825f72e3beab23116d05a1801c2c9e577d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
61a4c3962c430be7600497dd661f6851

SHA1
a6c272a467c8dbaf6cabb4258eafe2ad9fb5f70b

SHA256
4d41252f5d042b94229f5e49945a50067a4dd376e2c010000a0c8cb9c2c4064b

SHA512
823926542d349d75eaf81e214ffa26d241e890c9d0bb59f9e810b44c26f43224fd530b2731dd0d3a5949cf9a1adedb352126ed063a41840d1c260da88a284285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6b4a0149eb967f5978103e8328dcc65a

SHA1
72ec51ccafb477f0c218e7c60a655c452e46c7d6

SHA256
b3cd7df837e6dc815e6d92759c81a5e1b78db72619fcc7983139d690d9368c93

SHA512
9032121a7bd7279675c1e8ab258bbc63e26b48380d23832724bf44524fca2cdd3e17c4614bcb80c71cd67c30b2a610259bab574065fd2855a83f7b3bd14f17f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f84c040c50fc82fc042e04617b7b5293

SHA1
93967ca520c6136dc2b2b123f116949d7a7ef8dd

SHA256
fcf80af0fbeb6fbe0e11d386a0ed79ae439ae2c745f93c52934c687b95a93a50

SHA512
2799c6c3f34e246736100d8f737e2bc4014c33bf933bec23eaf144be05fd96fe0c2421aba436bf1063dd15cc8672f10862efe9b763b2b127f967876d6d70ba36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2ed02525e535bf9aa7c14b575a7d31aa

SHA1
49237724e5644eb6a687025998524ab648729432

SHA256
adfedf0aa02b2a7934e48a074ca5ffc97ae324a502b365dab6fd0ae30a4ce6ee

SHA512
7793be2e79a27300afdba399a298f2be37604be630b38ee7055e804d01fc46ed118b8f36587cce462f08d542c665d23f536801ec3ac480c7fdb22906dec9e978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5012ad1c2a53f3c99ad4e4a7573de710

SHA1
a4b957f25ffede5e4e2078849210efb3d976c67d

SHA256
58071d3f619598c858f285522a254c7ce6d636f9767ace0f74e0562d1d66d3ae

SHA512
6d23176a6ed85c84ed42a85c84e42caab0e9f80fbbb806984d5d998001041ae78a172e877a9698536d2b326f827e7682521795a54c4a6c770a96e411ddc2f596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3e9ccef63bd51251a3c1c67618be107b

SHA1
e2ee523aacd014909df3c41bab3c950791962237

SHA256
25cff9c5654433641d3db183be7934ad02002b06281279ea79b1fa1cdfb2ebd9

SHA512
dcf977998a6eb249d2fa48b639701959e2d75b019a57be9419b7adb9b4a839456bd7b6b344cd92fa918808b4aaa28c7c0c6387ed273989a24285834414180c29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4616042882a14b21fbf8e4a0790b4a64

SHA1
2b5457b625ea388507496fd3aff1a24a0adcb02b

SHA256
4a6709a45ab16a573cfb8e9a9c17808cd4d73e307f38c0b989ac876be3567f81

SHA512
8089c2e80825871670f84df198332293d83959266f5e13e1d85a242e068806a2d8d7af8f780ebd6de372d65301bc2cd897d8d563e04e7f5a53554d63b780f12f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2760d94296ecbe07456383aa1a5fc275

SHA1
d2ba5b4a015d68e4a8355a6b5aa11c82027193a3

SHA256
74aeb255a1b79c7ba9d7100a63390436f8a383c1a9407415f5d032dfcb48b99e

SHA512
456c3a2a214739bce16542a0a3d509a90c1526b7eb11901688859f61f2dfbd575a346213858adb40ef1bc890b6a853317884227fffb3b2dc3556e27ee3c2b553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b2b1.TMP

Filesize
48B

MD5
8ec475f125aa50b8db64b73e753a2fd7

SHA1
19d8406da9a3d6a3d31ff250f749bc62ccfb88af

SHA256
9d2955c1965be3019bf3d93c6cc093befa577fa52c14e059e5069471a6720683

SHA512
2d2b3817dce5ae9265fda3be4c7bde379a8b58a4f72867cce641c645a077be4bc90540561ba78681b2793cf6fe84151f470aae2a2ec19a1a934a8d20b4628e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
96cebd3aa097a85df3bfbe70eaaa8147

SHA1
b255ee9e9c6c244e4d318874b65e0082b37a7c88

SHA256
d83c75d00d5c7052647083d1572bab2243c8a6296f5734a22f044b6be0acb8ea

SHA512
6a81ea0c1f6615743504d8e526a1091185e01563ff6213cac7a32e274bc3b5ec8a4518160db9e03d03c90d6957373ee1814c68a356b1d035e43e9b21d8817957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
38b7a34f10bc04874c19c22b979486ee

SHA1
330d8e6770772e11114659ac239f299b0cd2c3e9

SHA256
75f0fc9fb485a5133d906bda03f07fd1a21fbb833d0fd2418198c1ab7139342d

SHA512
ef5ddf959d02ea1edd9fb227cc24b9b3d2e6f27e1fda5992e9419667dff177f18b53e5a8d30881ae58b9fc1af5faefdc48d5b544aebff33cfee9df92cc82c978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f6157f1210ab5d56542dc771d209018

SHA1
737ad455e4a17ba9b097eaa7675714742cdc2f5e

SHA256
abeb4fe8fc6814fb32707731f8c18854271a7ad90d45b141d97ee300ca5f474b

SHA512
bbd72938b62418e55b043959e866f20713e2b0a5a6c14cd82965740040a0427b826e99760dfd994f36532a7d5bdacd21011a53d02f41e8b094bff73c3caf87c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ba55f63c6b5dce46358049e44d5606b8

SHA1
540b11bfefa16de87b772776f8de33fa3771f19b

SHA256
968b05103d7e7d9247abc5a49ad1f921de2fb9f0d416d77fcd673fe7e0206e89

SHA512
fdfa3934922388c8faf36ec3a09ee7e5661c0752bbffc31c568b7b15989aced4724db1af573c25cac1e0625b038307ad2db1bc033afd90a9e86c6fff0e7542a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5f3428c83710538bca6c23851e982c60

SHA1
f3fba7a8c9903022aa481b51740dc8a5e6bd689c

SHA256
399a9535d09544fc83d73552ef720981b01011d76937aac2958dd20e7fb79613

SHA512
bbfd86aaf832d7e51f5f7e77c980a37baf12ee7456e1aac08265ee7a0cdf18060fa31feba6bee941c923ee14d7f01f87401e33b6470b4a10f8af21dcadb478d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585b79.TMP

Filesize
1KB

MD5
51445633564c9bd9ef30514cc67d5add

SHA1
091a60e4a7aaa7a5965a288190e6d87a84c36c26

SHA256
9d0051c985c7f1bc73435be95ddce652cc20e09e6014e24973343fec6f562332

SHA512
f6514bb1e31882876365b924a39ac23e74f583a67dd01605b0d358311183e63c33db2ab7310f537cfcf3477497e6dbe1ef2ca914b9282d9e152e6bbfed7585b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c3c96f19-b578-4f86-99a4-724043edf87b.tmp

Filesize
8KB

MD5
ccfd52bfa7d7c9d8aa683b32fc611d41

SHA1
2a9736a8572f55f9f9d7991bc3e276cdfc83f2cb

SHA256
53d22ed06ec584b164a850ffb0d4e1c60f1421e5da5e9699a19a382bd037722b

SHA512
3dffc7c685444a4c270b27355c1886851a69d52b80bf479b10e974f211df61cbbb03e8e7e04b9d725bd824001430abe6bff671f7a0e6b849a458ffb3312fcf59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
38955ef94fd6a7d642164f5c8db1d58e

SHA1
01a8bbf97bf66c07343e75f41eac8b703b749b68

SHA256
443e6c5bed8c13dff0386c0caa5eb044265536fb6dab9f25085b9002393fc7bf

SHA512
0ebb340f3f451ca025e08573ef26f35edb5fa150623553d24fa282d6c0593858286afc0501c647347f39357eae04ae356ed33f8d89c6ba8d98408232d1555f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4d5ce9c032bb96e3eef7bb8412bbdf47

SHA1
0ca14d022cc3fcd59835ced29653c297b2422259

SHA256
c97df4074e0fd26e91e3f40b7f24d346225bba4aa4c3db6c1a4e875892c53473

SHA512
5ab3151fbc027975863f167963dfdff56c7d1f33596e7798812a7104c2de64c3d120e87186679123d8a193ac9b1b0c187bfd4abd7f27c76a40789c5037e57903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c876cf2f29c2dca32dc1f408e81b3cea

SHA1
5df71a3d4a73dc8c698c7a7cfbd89d423a6e4ba4

SHA256
63b0daa0664fd5550e9b5a9ae8404511ec1b1da808e799415595f42c282b85b3

SHA512
008d3de0b77ba4e91352953fe1baa5a16ad9fed0448d02eb01c576c5e2f2f5ec15ef7a8fac4097827d46a6d37a64b213b6eea9efe77110d5da3e18a6f59ec4ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
07ecc65d6b7e200915b060c5048cf3ec

SHA1
3bb6377d427dffb60676228cbca3baa9410b08cc

SHA256
33e9a3fe86f53385dbdc3df538b6fab32cdbb7c8fee0f53d3c8d49555fd8f024

SHA512
d4021d9335fb8eae143138c6f2d785717eec6a581d9f32fa400512eade3c2a0827444d22fef385887e7da7c54541fb0d7d1526df191c6b60d04cfdef66690bd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

Filesize
1.6MB

MD5
d2ebd82a5d3fac11d44d90d8df253bb9

SHA1
ba94b456e111ea9573fe150ad4090a66540c9938

SHA256
04b65aa7b23d0c7ebbd6e022a600fbc43c0ee896ed280e48ac59e17fb0a2311d

SHA512
49e9ef8066200cd6ec079943c1fbcda95cab2d3042f635ed57949e0c0701ecdf34ea8f16324994dc77bc3ec9fc67882ea88b4d543974e90bf4e8cf69b15e073c

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvC66F.tmp\NSISdl.dll

Filesize
15KB

MD5
ee68463fed225c5c98d800bdbd205598

SHA1
306364af624de3028e2078c4d8c234fa497bd723

SHA256
419485a096bc7d95f872ed1b9b7b5c537231183d710363beee4d235bb79dbe04

SHA512
b14fb74cb76b8f4e80fdd75b44adac3605883e2dcdb06b870811759d82fa2ec732cd63301f20a2168d7ad74510f62572818f90038f5116fe19c899eba68a5107

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvC66F.tmp\StartMenu.dll

Filesize
7KB

MD5
d070f3275df715bf3708beff2c6c307d

SHA1
93d3725801e07303e9727c4369e19fd139e69023

SHA256
42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7

SHA512
fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvC66F.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvC66F.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvC66F.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\Downloads\BootstrapperV1.19.exe

Filesize
972KB

MD5
90fd25ced85fe6db28d21ae7d1f02e2c

SHA1
e27eff4cd4d383f5c564cce2bd1aaa2ffe4ec056

SHA256
97572bd57b08b59744e4dfe6f93fb96be4002dfe1aa78683771725401776464f

SHA512
1c775cf8dfde037eaa98eb14088c70d74923f0f6a83030a71f2f4c1a4453f6154dab7a4aa175e429860badda3e5e0ae226f3c3e8171332f5962bf36f8aa073fa

Download Submit
C:\Users\Admin\Downloads\DISCORD

Filesize
103B

MD5
487ab53955a5ea101720115f32237a45

SHA1
c59d22f8bc8005694505addef88f7968c8d393d3

SHA256
d64354a111fd859a08552f6738fecd8c5594475e8c03bb37546812a205d0d368

SHA512
468689d98645c9f32813d833a07bbcf96fe0de4593f4f4dc6757501fbce8e9951d21a8aa4a7050a87a904d203f521134328d426d4e6ab9f20e7e759769003b7c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 905624.crdownload

Filesize
6.1MB

MD5
4b0af7286d36f64ffcb0e846946e6b76

SHA1
7cb9523daac3d722bbc4272b0cd154564a909516

SHA256
19372df10d7a069a9e4b74cde6b901332027cbc9f6322730e5e7c1cf5f0bbfb0

SHA512
12ca5d2fac06ca440a35e0fd2caff295eddc8e490c8365777f15ff299e049ef31a2b955b08777fb7a312e93e18f5f0c199325c5a9bcb1180e863ec9c9d4d9e81

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 994824.crdownload

Filesize
796KB

MD5
4b94b989b0fe7bec6311153b309dfe81

SHA1
bb50a4bb8a66f0105c5b74f32cd114c672010b22

SHA256
7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659

SHA512
fbbe60cf3e5d028d906e7d444b648f7dff8791c333834db8119e0a950532a75fda2e9bd5948f0b210904667923eb7b2c0176140babc497955d227e7d80fb109d

Download Submit
C:\Windows\Installer\MSI7EC6.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSI8BBD.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
memory/1104-1073-0x000001967ECF0000-0x000001967EDEA000-memory.dmp

Filesize
1000KB

Download
memory/1104-3465-0x000001967F5A0000-0x000001967F5AA000-memory.dmp

Filesize
40KB

Download
memory/1104-3467-0x000001967F610000-0x000001967F622000-memory.dmp

Filesize
72KB

Download
memory/2976-3900-0x0000000180000000-0x00000001810EB000-memory.dmp

Filesize
16.9MB

Download
memory/2976-3891-0x000001B0080A0000-0x000001B0080C4000-memory.dmp

Filesize
144KB

Download
memory/2976-3892-0x000001B022BD0000-0x000001B02310C000-memory.dmp

Filesize
5.2MB

Download
memory/2976-3893-0x000001B022840000-0x000001B0228FA000-memory.dmp

Filesize
744KB

Download
memory/2976-3894-0x000001B022900000-0x000001B0229B2000-memory.dmp

Filesize
712KB

Download
memory/2976-3898-0x0000000180000000-0x00000001810EB000-memory.dmp

Filesize
16.9MB

Download
memory/2976-3899-0x0000000180000000-0x00000001810EB000-memory.dmp

Filesize
16.9MB

Download
memory/2976-3917-0x000001B022BC0000-0x000001B022BCE000-memory.dmp

Filesize
56KB

Download
memory/2976-3901-0x0000000180000000-0x00000001810EB000-memory.dmp

Filesize
16.9MB

Download
memory/2976-3903-0x000001B022550000-0x000001B022560000-memory.dmp

Filesize
64KB

Download
memory/2976-3918-0x0000000180000000-0x00000001810EB000-memory.dmp

Filesize
16.9MB

Download
memory/2976-3913-0x000001B023410000-0x000001B0234A0000-memory.dmp

Filesize
576KB

Download
memory/2976-3914-0x000001B022B80000-0x000001B022B88000-memory.dmp

Filesize
32KB

Download
memory/2976-3916-0x000001B027160000-0x000001B027198000-memory.dmp

Filesize
224KB

Download
memory/4832-1058-0x0000026DA3B00000-0x0000026DA3BCE000-memory.dmp

Filesize
824KB

Download
memory/4832-1060-0x0000026DA5910000-0x0000026DA5932000-memory.dmp

Filesize
136KB

Download