8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Analysis

max time kernel
1027s
max time network
1011s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
26-11-2024 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 1 IoCs

pid	Process
2096	Solara.exe

Loads dropped DLL 11 IoCs

pid	Process
5076	MsiExec.exe
5076	MsiExec.exe
480	MsiExec.exe
480	MsiExec.exe
480	MsiExec.exe
480	MsiExec.exe
480	MsiExec.exe
1256	MsiExec.exe
1256	MsiExec.exe
1256	MsiExec.exe
5076	MsiExec.exe

Unexpected DNS network traffic destination 24 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 3 IoCs

flow	pid	Process
10	4544	msiexec.exe
11	4544	msiexec.exe
12	4544	msiexec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
13	pastebin.com
15	pastebin.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
78	api.ipify.org
46	api.ipify.org

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\arborist\load-virtual.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\node_modules\lru-cache\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-cache.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-team.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-pack.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\debug\node_modules\ms\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\minipass\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\wide-align\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\from-path.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\bin\lib\options.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\mkdirp\bin\cmd.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-cache.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\path-is-absolute\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\unique-slug\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\npm	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\fs\lib\common\get-options.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\dir.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\polyfill.mjs	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\promise-spawn\lib\escape.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\pnpm.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\auth.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\gauge\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\string-width\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tiny-relative-date\translations\de.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\tables\cp949.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\is-core-module\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\fastest-levenshtein\esm\mod.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\example\basic.png	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\lib\util\hash-to-segments.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\clone\clone.iml	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\text-table\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\bin\node-gyp.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\color-support\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\test.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmdiff\lib\format-diff.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\star.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\Xcode\Specifications\gyp.pbfilespec	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\http-proxy-agent\dist\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-audit-report\lib\exit-code.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\defaults\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\columnify\Makefile	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\util.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ci-info\vendors.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@tootallnate\once\dist\types.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-update.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\npx.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\explain.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\validate-npm-package-license\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\sigstore-utils.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\exit-handler.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\using-npm\scripts.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\configuring-npm\package-json.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\xcode_emulation.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\package-json\lib\update-workspaces.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\cli\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\gyp_main.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\make-fetch-happen\lib\options.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-root.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\logout.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\has-flag\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\git.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\indent-string\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\get-paths.js	msiexec.exe

Drops file in Windows directory 25 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSID294.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDECB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\Installer\e57cd95.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA4FAFF56D2E40AC9.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1439.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF5ABE6B09CBDE07BE.TMP	msiexec.exe
File created	C:\Windows\Installer\e57cd91.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57cd91.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID234.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDEFB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE499.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1832.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID283.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\SystemTemp\~DF2E1EF5C12CF21894.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE4F8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFA3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI107F.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA8429AC048D6032C.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDD34.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
4184	ipconfig.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe

Modifies registry class 35 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net	msiexec.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Solara.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Solara (1).zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
2784	Bootstrapper.exe
2784	Bootstrapper.exe
4544	msiexec.exe
4544	msiexec.exe
2096	Solara.exe
1828	msedge.exe
1828	msedge.exe
2968	msedge.exe
2968	msedge.exe
1784	msedge.exe
1784	msedge.exe
4672	identity_helper.exe
4672	identity_helper.exe
816	msedge.exe
816	msedge.exe
1468	msedge.exe
1468	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs

pid	Process
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	220	WMIC.exe
Token: SeSecurityPrivilege	220	WMIC.exe
Token: SeTakeOwnershipPrivilege	220	WMIC.exe
Token: SeLoadDriverPrivilege	220	WMIC.exe
Token: SeSystemProfilePrivilege	220	WMIC.exe
Token: SeSystemtimePrivilege	220	WMIC.exe
Token: SeProfSingleProcessPrivilege	220	WMIC.exe
Token: SeIncBasePriorityPrivilege	220	WMIC.exe
Token: SeCreatePagefilePrivilege	220	WMIC.exe
Token: SeBackupPrivilege	220	WMIC.exe
Token: SeRestorePrivilege	220	WMIC.exe
Token: SeShutdownPrivilege	220	WMIC.exe
Token: SeDebugPrivilege	220	WMIC.exe
Token: SeSystemEnvironmentPrivilege	220	WMIC.exe
Token: SeRemoteShutdownPrivilege	220	WMIC.exe
Token: SeUndockPrivilege	220	WMIC.exe
Token: SeManageVolumePrivilege	220	WMIC.exe
Token: 33	220	WMIC.exe
Token: 34	220	WMIC.exe
Token: 35	220	WMIC.exe
Token: 36	220	WMIC.exe
Token: SeIncreaseQuotaPrivilege	220	WMIC.exe
Token: SeSecurityPrivilege	220	WMIC.exe
Token: SeTakeOwnershipPrivilege	220	WMIC.exe
Token: SeLoadDriverPrivilege	220	WMIC.exe
Token: SeSystemProfilePrivilege	220	WMIC.exe
Token: SeSystemtimePrivilege	220	WMIC.exe
Token: SeProfSingleProcessPrivilege	220	WMIC.exe
Token: SeIncBasePriorityPrivilege	220	WMIC.exe
Token: SeCreatePagefilePrivilege	220	WMIC.exe
Token: SeBackupPrivilege	220	WMIC.exe
Token: SeRestorePrivilege	220	WMIC.exe
Token: SeShutdownPrivilege	220	WMIC.exe
Token: SeDebugPrivilege	220	WMIC.exe
Token: SeSystemEnvironmentPrivilege	220	WMIC.exe
Token: SeRemoteShutdownPrivilege	220	WMIC.exe
Token: SeUndockPrivilege	220	WMIC.exe
Token: SeManageVolumePrivilege	220	WMIC.exe
Token: 33	220	WMIC.exe
Token: 34	220	WMIC.exe
Token: 35	220	WMIC.exe
Token: 36	220	WMIC.exe
Token: SeDebugPrivilege	2784	Bootstrapper.exe
Token: SeShutdownPrivilege	536	msiexec.exe
Token: SeIncreaseQuotaPrivilege	536	msiexec.exe
Token: SeSecurityPrivilege	4544	msiexec.exe
Token: SeCreateTokenPrivilege	536	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	536	msiexec.exe
Token: SeLockMemoryPrivilege	536	msiexec.exe
Token: SeIncreaseQuotaPrivilege	536	msiexec.exe
Token: SeMachineAccountPrivilege	536	msiexec.exe
Token: SeTcbPrivilege	536	msiexec.exe
Token: SeSecurityPrivilege	536	msiexec.exe
Token: SeTakeOwnershipPrivilege	536	msiexec.exe
Token: SeLoadDriverPrivilege	536	msiexec.exe
Token: SeSystemProfilePrivilege	536	msiexec.exe
Token: SeSystemtimePrivilege	536	msiexec.exe
Token: SeProfSingleProcessPrivilege	536	msiexec.exe
Token: SeIncBasePriorityPrivilege	536	msiexec.exe
Token: SeCreatePagefilePrivilege	536	msiexec.exe
Token: SeCreatePermanentPrivilege	536	msiexec.exe
Token: SeBackupPrivilege	536	msiexec.exe
Token: SeRestorePrivilege	536	msiexec.exe
Token: SeShutdownPrivilege	536	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1952	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 2664	2784	Bootstrapper.exe	80
PID 2784 wrote to memory of 2664	2784	Bootstrapper.exe	80
PID 2664 wrote to memory of 4184	2664	cmd.exe	83
PID 2664 wrote to memory of 4184	2664	cmd.exe	83
PID 2784 wrote to memory of 1256	2784	Bootstrapper.exe	84
PID 2784 wrote to memory of 1256	2784	Bootstrapper.exe	84
PID 1256 wrote to memory of 220	1256	cmd.exe	86
PID 1256 wrote to memory of 220	1256	cmd.exe	86
PID 2784 wrote to memory of 536	2784	Bootstrapper.exe	88
PID 2784 wrote to memory of 536	2784	Bootstrapper.exe	88
PID 4544 wrote to memory of 5076	4544	msiexec.exe	92
PID 4544 wrote to memory of 5076	4544	msiexec.exe	92
PID 4544 wrote to memory of 480	4544	msiexec.exe	93
PID 4544 wrote to memory of 480	4544	msiexec.exe	93
PID 4544 wrote to memory of 480	4544	msiexec.exe	93
PID 4544 wrote to memory of 1256	4544	msiexec.exe	96
PID 4544 wrote to memory of 1256	4544	msiexec.exe	96
PID 4544 wrote to memory of 1256	4544	msiexec.exe	96
PID 1256 wrote to memory of 2036	1256	MsiExec.exe	97
PID 1256 wrote to memory of 2036	1256	MsiExec.exe	97
PID 1256 wrote to memory of 2036	1256	MsiExec.exe	97
PID 2036 wrote to memory of 1580	2036	wevtutil.exe	99
PID 2036 wrote to memory of 1580	2036	wevtutil.exe	99
PID 2784 wrote to memory of 2096	2784	Bootstrapper.exe	101
PID 2784 wrote to memory of 2096	2784	Bootstrapper.exe	101
PID 1828 wrote to memory of 1332	1828	msedge.exe	112
PID 1828 wrote to memory of 1332	1828	msedge.exe	112
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113
PID 1828 wrote to memory of 3356	1828	msedge.exe	113

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:4184
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:220
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:536
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2096

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4544
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding E8B87CA133041E94C8C3005B118B0017
  2⤵
  - Loads dropped DLL
  PID:5076
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8E857B2AC227CC4EF0E5DA8EAEB797DC
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:480
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 6C58E9BA6C646540D1F98E8E8525E106 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1256
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2036
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:1580

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2168

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3684

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa62c53cb8,0x7ffa62c53cc8,0x7ffa62c53cd8
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2320 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6500 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6508 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1404 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1324 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4137235776701405802,15375850234166073347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2848 /prefetch:1
  2⤵
  PID:3860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57cd94.rbs

Filesize
1.0MB

MD5
1079067d0c1be0362c8f8b219c03fbff

SHA1
84a43ae6a9314eaa44bf8e182c44d8bbe6123ef2

SHA256
ab14ac1d4ef36d146ef9c3853823bb86a1e83d8070ff999e13bf213bb989dd94

SHA512
ee839aea45d3b23b5311c91af47f229588a740a3d0150f62ef7b0f48fef7b4c96d92eba53ba52ec072aaccd11063a63e50e9e92becd3482c7f78f51bbc1271b8

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9314124f4f0ad9f845a0d7906fd8dfd8

SHA1
0d4f67fb1a11453551514f230941bdd7ef95693c

SHA256
cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

SHA512
87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1544690d41d950f9c1358068301cfb5

SHA1
ae3ff81363fcbe33c419e49cabef61fb6837bffa

SHA256
53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

SHA512
1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
16KB

MD5
61e4576e6aa91cd435fe92f085fb0a3c

SHA1
fa21a6bad3a461c8f0e27b75913c8f1cbe0b2b62

SHA256
78d8aca4e50e6ba58890b68f8c3d6e562ff0b16516a0c3df56be18b69dca6aa9

SHA512
b250c2940f7ca24b763bfcd4d39d0022d6441bad54c415b9848ef949f8871f219289f044301de03313bf8cfa53bb2797c5590acc1b32889b0641f7a13b710bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
24KB

MD5
393c299e47c19be05aedcd791517a68c

SHA1
aa99e53e61c241ac15cb261ed804e0bc6cb8938e

SHA256
a5208d79a8ac97ea138eff1f5b7a891da746832266953833e91d811127036d56

SHA512
b72944b87a89a1768439f403a77c978aab86c61ec493c6fc55cbe1208a9cde0152e50931950b09d715d3ddbf77e267e583f99e0a0bf72b924846ffd92f55d1cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
860KB

MD5
f46408e0572c51d4e189bd50af536db3

SHA1
235743eba8fe51da83aef5197e482e6f9381b2b3

SHA256
4dfa913e55425496c9b8eefe772318c78e2a1b54769fcab01d722d7cadc3c038

SHA512
b535237e1f19afdb2e0e45c4b0d074bd11d016f88ae9466dbeb194d779e5e1d2976b109bbdee9be40c7ca5bbec2c3878187996b1db825ee082e65cf72eb5eb9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
52KB

MD5
1c9e86ecd17c616e36ca5e8c2dfc6fb9

SHA1
d7edd6a2ed24bb7cd5c297223b4040f771d557a0

SHA256
e7e818ffe431c1e923813274a232c3f3cc9725b314155475e783393662aad8d3

SHA512
32fddf506598c6d120277b2d6f9260be5c1f82032e779d6ebd9276c922eb0aa38196488ab4b3feaca19493f10ff209a025b85f352bf8117e5a81b2723268fea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
77KB

MD5
11ca8d18666eca712bf00ed1465c8881

SHA1
eae6a46fa6906dfa8c8d3fc12c93717452638aa5

SHA256
99a958e0b8da037e0c6556aa781eb14bf93eb2f2ee5f993cca54be722b04bec7

SHA512
641ebedb56899ed3f7cca0085367bce0ce1093eb92907631006945b96c5345c9a548828f359a02baeaf2e5d9f9a512d12b89af9d6fad30965acd1e5e964e43a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
104KB

MD5
737f72674d3deb581d43f64fdcfc71df

SHA1
0173676bc9dc81f6ab5b7232fe49cd835f4a9258

SHA256
669c546cfb744a00a87b68f0795d6953f8ce344db0f826201ec276b6fc3b42ac

SHA512
0f1ac34939dc218539e050d609de09d4ac65180f0298be02d9bfdc0cd35d41d2da9a0f5cc1a2e1f7afb3db55c7bb54b1daffcbc8779377977b0d7fc02091a7cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
144KB

MD5
b2a1268cd6b5b4ae8afd6bdf6a7b0a8c

SHA1
887706b220ea11b3a07776a93dba21fc80d7edcb

SHA256
b65d6053a12b8e7c5b741c46d5a3e6fea452ddfa19cc3aeda3715d5450bdc67a

SHA512
4ee3ad78e9a184474f241a2ae5b31158574b356cfb6f862375497b0cd717bc81942aaa0f28fd45db9e161ad3f6a166cc61a9c1f51c95fbd52b5ef2167f36a389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
27KB

MD5
dc654d5da1a531fdb3b1bedb619b0182

SHA1
49d3de45bea7c279cf0ffe4cbc43c24779d1877a

SHA256
b395c195a5854253500b3b210e585ec801a47b49ce7b90fa5a9717df387598fa

SHA512
38952929cbf8e103cad50007cb492c93a7feb8d9d1853773883e2771cc97e50d6a514cb6347c912e7945d126a35677cca854ce8542e2210d7e59799238bae8fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
20KB

MD5
0fd3b46fd7e5dd422bde5768a83ffdef

SHA1
00bbe47c66179502aba235f9f5c01a0cf2e76051

SHA256
4027d8ff4ab76b54c34765b96344808d7ec72c0d8e1c26060a8a300f2933a72e

SHA512
d63690a50479d19b959ec1e7ec27214a4a53bb2205b9008982ccc68bab93f1cacc7bf788d20476dd9e0d9b12299f66803f5377136da28470dd460c875dbcea2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
36KB

MD5
98d5154e471349db56da2af6379a4ae5

SHA1
fc0564f95661f417d9f980c77ddf596fbf238895

SHA256
7e4349327ca6f03505096101d60a7d8514719917deda6c5f40b9d418c03bb232

SHA512
e17999431585c1ade45dd27ecded81beb2e1506883fa52212014f6afb3c1bbeef773fee81504f4aec13d14937afad08fde7de8a779191cbf80196ebdacd60e93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
29KB

MD5
db22fbeabe8529e5cff81ae3d581a7b0

SHA1
4d3722f2c511039d4218345c3554327a63ed3bbe

SHA256
6f0da539c8dba33a4ce9143b8a4cbe3ef8d876d761dd081291caea622de7eb47

SHA512
3a02cef8f8def7c8e47824675168c0f8f146f3e78738ca02d394cb2cb2fdbb258c39c2d7f06e7a793c1f6c715542ff05648400bfb408e866fed6bd8ea8252dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4ef1d9abdfe9184ccf615d447fe3d5a1

SHA1
104378f045c384cddbe090e20251d0640237207c

SHA256
b6195a3f4a307446a223c51fb69a1e9e4507d1ab327a787a5c1e4bd7e3d5fc83

SHA512
4eb32b64344952d608fa9ec562d81a002f3760c25cf78457c17ce5b113d9941fbb08b7bd02dea5aa88dc5392c20d5311c235e355e931e2b14be8445c3da9c834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
243f722ab01ac71e7878a671a69b40fb

SHA1
32f767ae30d5983e74d2ea9975627a74a1112318

SHA256
6464a411168bf9aadcbcc3d6d68dd570cf11e307412877085fd8e85499cfae20

SHA512
7f3de2964003b284d30873a19e09af5d4e30a6605fb5d620eb1694954ca15104df0c8cdb870f193c956d78abb9ca1d510d51de2a570036be9f6dfbfe4371ff1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1dd39b3edf68acc6240c2becad30877d

SHA1
f22e8c25e388ea5237a020d554b42ced10867b6e

SHA256
4fd7c35cff02d06b77999d9c4195548f2a587727ef6f586e4a631adbeef58ecf

SHA512
69678583c63610a04f5060c8d18b763ef4c70f96c30ca3136f621c044f252267b910d82cdb8417ea7940325196517fb119c4cc1eeb5152dac06d71cca253d94a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6ddbce0c1355a0532acd841a323f2adb

SHA1
1eb62028fc02fcf9035340ae956314c59b7b98c3

SHA256
f42655d325f5ffbc2fd85a2c7e5fb5d051602f8c3ce5b33831d16c35f898fdf8

SHA512
b9329dd3de63772c422f1938fc025505cc2edd4831c1dc8ca120973a09e9507625f8595e652ec0469a3f5b5d219f69098933536aada8b9aa67475845c04d9009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f1078506007a454cae72db87c730d23d

SHA1
c262c0447598eec8747f10c189d29e81db455e74

SHA256
1bc1161ccc388bdfd149fb50c9265699651fad2095b97a1cee75d518a2498a92

SHA512
dbf40fb582e1aa2f8f9efb22a5e1beaeffb7b25bae2ee60349a46e6af693c6a4fc69a225e9214ee4cf893433a2ac0ac809df365bfcd84760d0d714cd92fb49e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5737aee5512f11397e31038cebe8b9ce

SHA1
833fcffc6fc2b56a760570b6df66579c9efc08a0

SHA256
d9ce043d696541d29076a2c6e8d5ee2969e3c8244ded8f31951c431432cebb48

SHA512
bd6e7fcd1e0f0eb693a336ecf7c60d109c2964037551a9f1072808bbf4995e371bce49c69732b9640efffff431034603d9c5c3ca8e4f89f730a3744dc3c126df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
bb955ea0c51c10c7225d6c137c60595a

SHA1
96eb3b7b3bde9a67c76142d998e4e315a87013eb

SHA256
f71799525eef88f1a5ca83e6210a25545e912a46c28985dc9c3c1884bb780081

SHA512
92123f98ec141dd327f2e6d42bee014bbf6764ec84e16f1b34308176477d666ba86a10f0830b913f04c25d2237ff621275167fc8db6f7f52c65174c543671ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
05516fdfb71fa7eeeec6936bd94f533e

SHA1
ca6c44a485be9f46db626810afdcc478025c929b

SHA256
53450381720e53af0444099f5c93c5db167bca0f57b5da60b13a38d974aa6b99

SHA512
345a2412a9212e7a64307884545473b086ac0ae1da4a315f14b982b3a8eecdae7271868d19bfbcfe8afd12a10076b080a47a3ae909e617aff2c484defbd67b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d1c03b7f7df8b53d7334dc4cb0d15939

SHA1
2eace5e9459d8903045b5a502fb83f1c04cf7174

SHA256
d240330964affc6a56938f8fbb32006c6a2f0b64863952dfd71205a125ac864f

SHA512
3b68645d93753c4f1eae5b070965d500f52f009b2821640e90aaac19d5b1ffa9eec8b937f5cacab265f6f2dcb3e9d944592f14e2eea7bc000ae6cc6b058457e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a630e114d37e9f015e3db9e1f55548ff

SHA1
df99cd22167e83761805a5dd087c337428912ace

SHA256
e671d80dc1b9395aa6c93906a83855d227788cd27a608f1368b4debb6e8010e5

SHA512
5c6ba55b117701ac40cda5b69cfb68e62136d06fbd6392f6cbb9725c0a1c60676c6aaaf3ab5370466effe48e70b6ec5bac2aafa25b0f5490a5adf9c9f8ceff63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f3864533df800c6cd088b7ce1f20eda8

SHA1
eba645dd481172fbacf01567cbff1baa3fbc3afc

SHA256
a4f4eb1840c7cba58c1343e9210822df4a748bbcb4354ba4caffdd6ee2356d7b

SHA512
1e6f2068a5926a371289cd8a532d9ae09a45ed10d8f83a7c875dbe04923bea9856f0d5ddbd2fe60c6fc0c71e47d064b8233a54dacf1fa6c51db117f144787368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1a6c8bb6b6a74313a775f781927b262d

SHA1
3392f08c8d81734196fdeae4c90a29433d3c8e57

SHA256
7fb53a4d4558aa3c8eb2ea180bebf49319c36d6fb21dfde0798eaf4fbc7dfe8e

SHA512
07b010bad7b706de8bfd40cb189f1340705c6117483b7e7eaf815d2ae52d4b099d69fdffcb5882761d5e41507eec8a7ede050291fb7f12c86be35cd6422e2006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
861af6454e6b90d4a16ff0a8f76616c8

SHA1
f84466a5c277a9c415eca58adc7fda3a30a86778

SHA256
94937e254968f7f93ce8f5a39a21ed3143a2b081ae0867d15200b1636d48f8e7

SHA512
0b81d07e32a4b93fe56794bb2c5f762f138f9dbb1ad225385a6b493e044e16313e5c661224c5a4d201de24cf4b238684853d3e2472855df5c13b7337861dd08b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
abfaaae15a77e210b5c67cf734cbfe13

SHA1
2710fa58d8b4f336461a8338abdd13284d6384ab

SHA256
6af602decc464a44a7984a6335526132cf80e4435682cca0f2bc675f3d8a3264

SHA512
2bebecbd9506e69081dbe550108afa4160c7c086302d2e54a92dcf4ddf3f052f12fd1e967f770f911142c0e7ac2ad8a9e226761cc9444d7050b146dc42cf94ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
11f8ce6a5051665f00cd044faa49f5d1

SHA1
4147c09ff5cd25e2f4bdba7ed70750595eaa58a9

SHA256
0252993efc1df76e9637c4590531c23f14d5df94694f3bcc0bd20f1a65364ed5

SHA512
3e8969244946d46a3419cbc68f72d1ef427c65b25575b8f7497c4ba068a0e68579ff0801f0d43f30d0eff783e31f5a42923d6d99e7fcfd1ebb2fd903fc1f0a7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9594ec994b6026cd7dd8f7a2af596c80

SHA1
0638edb582345fa4be039bc89ca2d1f4691e8197

SHA256
69f47372da17f4e17b7c75428b047f6c95450e0b8fdb5298547979d171c7c75d

SHA512
88db3d5ed65474b0e1b6097cc325de65949825c210e1d48d9250be59528641718542862ae15d9fd7383cca20147a53a89db1e4ba43c89283241b546a97066b9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8d067722dd8119e77f4cb316274ee7aa

SHA1
19d0af6444fe7dda03fd46ccd75894a602f89a96

SHA256
9ce37f29f3dfa69dcfe2b69cffc0707a36330f683982004203cf4300a018cd0f

SHA512
d72013148cee4ddde88aa48e6e7481389b7d7f2ee3f78454f61f1c78d11726f07d7e5fbc2d9e3d4650f94627543a0d715ea8eed371418187b0de7f8f4cf890ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
affd22771071fa2678700b15b0ad3f8a

SHA1
36ffeca87a4fff4d45dcc546bdb813e1897eb279

SHA256
7a32d3dda6724908a901120c99b6eda0bf78d64fc30ac301340ac922b0f55244

SHA512
904826091b05bbf5f23eaa7d70311b4193b1ed51434c5cb69431bef4d0b7b58db2196a854dd4092e7e59c71810fd8cbe4705581a1d38b7ad4e396cba09dfdbda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
95062e56e21601c81c7cd3b4305c7123

SHA1
265b7c9f2507fe7697b21d545fc4babbb671bb5d

SHA256
ef62665c988b148151bf2d9302c4f8d4f18e91485cb107dc14b1177afdadb044

SHA512
8d1534080c6372bd5f373ca912715cd1ba8b29e2dc1d5bb538315bb830bf821da509058cdfd66ca1b299ca106ddcbf76b14966548c3b1064590d3b3664bb0ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7cd561b75f6217e98535401e295019da

SHA1
ad02e2b4bc4be6bdaecff50939465340ea4b0568

SHA256
aa5ec4ff07624f3b1b2e63582e81efbdfb98e042de3fd30740a3c97acc30bee7

SHA512
4d0e1a84fc2d5102ce9d06d4fa99711c0cd01e6b005c1ab0c82beeac6a0351b6bdbece303c35f69303aba139730bbecdffd6f28abeed54ab9ce9c260ea20633d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8787eb47198a8ee5ec42620e04f5ff87

SHA1
ef49d6f2c51a1b7bfe40900ed52df047ebde0446

SHA256
432a855c8988fb40690bd74715cdeb986f820599a6d6e8e494f9ed2c297f5b57

SHA512
6f895894ded39c63e93fa22f49523d53b0c3efdaf2303aaa79411c589d5dc00e5b1f37ef9c7d262ba0e14360d26df1f99d29b320480c584ae73de599da8f128d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b4f695ffc192fec319575c7ae15c9050

SHA1
50dc0fe184f50b87a5d50c4e1929ddcee636708b

SHA256
739b8f0b0a26ad609728a7411fe0dca162fb3d45da92b65a64d57bcdeab1ddeb

SHA512
eea0f9655156bf9dcb82f3437d80052b5eacb548e0e0754949ad60ed8cf0724f87fe64b07d38adef8ec9f0b71481c4ead2718f94e711fa9897b51302854d1f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ec9148ba3e7f99f42404cd203152b468

SHA1
4aa597c45bd2e66dc2270107a307087bd5cc47e1

SHA256
41e53de86e09eb67a42876bafe875694bde6a0aea36280a9677a2d4b8c3324c4

SHA512
ec57ed14d0d8a8877e75b2a37be060a992ff9626a35bf0b81b70fac63b3b6d7c509b28d37b8d5b16d866bdf294de2c8aa4cca42f1d3bee8b30aeff879af2d6b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f1991d0b3b937d7fee77f48aac3c01ac

SHA1
93712a155640ad240351852482852249d48fa266

SHA256
8f8aee830d86d07e5aba9c3bf00d071329e6cc9d9a4d0fd0c33814a46e71ec33

SHA512
f9ba629e806661eca17d8850c3c8bb494ce7343d1e77ab23c52ea1fb6cabef7f44c1f82c3ba5894d48a246038d9689cfce2db3e62c7d63e68612ae63efa903ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
260786fce231b3c532e654fdb78c7203

SHA1
4b50017f9648bc89ac792d486b0d53d431eb10be

SHA256
5068e39568081270514f99692205f994b9321d7fe68b576cd16bfd3f9c39d966

SHA512
c4177d165c7c8bf4d8025e06a059e18fa646fb1c508df50a9f573650dce3562e19b5f93a68dea7e06aee748c0efe02e92bf701e5709eaed242ea9a45a752308f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a7abf.TMP

Filesize
1KB

MD5
a97b3949978f66fce7625bfb19434f8e

SHA1
b60c4260f7a3209f7388c69fcd0c3c7573225310

SHA256
108c186fcac3d4cba28ff7d93c60db5c94c15c9bd34e036ff7b279ca4e6d7338

SHA512
f675567dba08693db0d6f78899b4999bdbd9d276088959202ddc6211a91054470125ae63a680ae3296cdc56c3ecacf45c7ae9aeb114b1874f94e4cf3b4562d6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9eac9298569126d7aa4f7ab8e5fe74fb

SHA1
abec2cce4eeea68ae9d3c594778b75bce210b349

SHA256
3780aece0acdf4880a89a87cf1f7d5f227d7db609cc704025d90adec020b27f3

SHA512
68ef20ca4626390157f18ce87e5d38186769dc03583e6e6ff22c648e9bae4f3d19965dab26a39f10c3ed07f468cac1971a188a00f576102126605e51024e58b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b6d36e83a04b45dc86ee96f65ba67d4

SHA1
b7bc6d8714e4a7d3b6bbbb0c0b750a02ae967120

SHA256
56497ba9a41fd5d764f3ed921cf1fd214c204caa8bd83df2881217a1e3174c56

SHA512
fd2050013c3609616a08008db5b41a2a95a1d5284c766a8e486259c0526c580b4310cb845484616e7b9d183dea1fc7a10575f74730a7a1a22a95e0af75cb72a8

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\c4b1b35b-5883-434f-8ace-ea5c21cba85c.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
855fdc529c01f6fe863c36810f1b2561

SHA1
abb00ec0a1f308302bf8949575f4a3ea97d4a2cc

SHA256
0f3eabaae568289109200c3b040c0fa2f902826f763bb98979b41da161cd4802

SHA512
1f80b0ab8a663a7cb4e07e15b27cb83e91b047cdc5c24f77e05b7d1080429220f218bd09281ad8b7645339a51dc490cc7169c27aa8b690215f9e555f13a1e5c8

Download Submit
C:\Users\Admin\Downloads\Solara.zip

Filesize
474KB

MD5
31a0df2ea8367aab3ff0b6eb2b7e5679

SHA1
4c10c3bcb78d7c1153e246695e4f02ffae7fa66f

SHA256
1b5559dbeb9c8e0bf4412839633f97cf85d398effed8170588447eb53f23ff8a

SHA512
2ed028bedccca24365c5313be1ba6247c06cec6260dfd4c954011dc73e652c6dc0c72af20cc49a16b300c6b6eb934d28edf3f11688d6df06c580cd0d02fece36

Download Submit
C:\Users\Admin\Downloads\Solara.zip:Zone.Identifier

Filesize
550B

MD5
5998e9fbb7f07fcc03f2d8d27dc27722

SHA1
ef2d7aba262ae35f0b6b34b84373c03678ec6a49

SHA256
aae41a1404be8219707a11de6056d6f576293d4919ff6debec54c3f5b88063b5

SHA512
70c5a69232f025dec1c82a8077b3aaf3d032325d0b929cc51991406299b24a5968955d66bd5f2a52a732b03a8205b311a19d324777a78eb5d78c1ed71e04e8f4

Download Submit
C:\Windows\Installer\MSID234.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSID294.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSIDECB.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
memory/2096-2807-0x000001FEC26D0000-0x000001FEC278A000-memory.dmp

Filesize
744KB

Download
memory/2096-2802-0x000001FEA7D10000-0x000001FEA7D34000-memory.dmp

Filesize
144KB

Download
memory/2096-2805-0x000001FEC2A60000-0x000001FEC2F9C000-memory.dmp

Filesize
5.2MB

Download
memory/2096-2809-0x000001FEC2790000-0x000001FEC2842000-memory.dmp

Filesize
712KB

Download
memory/2784-31-0x00007FFA63030000-0x00007FFA63AF2000-memory.dmp

Filesize
10.8MB

Download
memory/2784-2806-0x00007FFA63030000-0x00007FFA63AF2000-memory.dmp

Filesize
10.8MB

Download
memory/2784-2384-0x000001F4CB880000-0x000001F4CB88A000-memory.dmp

Filesize
40KB

Download
memory/2784-1-0x000001F4B1150000-0x000001F4B121E000-memory.dmp

Filesize
824KB

Download
memory/2784-4-0x000001F4CB800000-0x000001F4CB822000-memory.dmp

Filesize
136KB

Download
memory/2784-2386-0x000001F4CBC60000-0x000001F4CBC72000-memory.dmp

Filesize
72KB

Download
memory/2784-2-0x00007FFA63030000-0x00007FFA63AF2000-memory.dmp

Filesize
10.8MB

Download
memory/2784-0-0x00007FFA63033000-0x00007FFA63035000-memory.dmp

Filesize
8KB

Download