8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Analysis

max time kernel
149s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
15-12-2024 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5040	Solara.exe

Loads dropped DLL 11 IoCs

pid	Process
1572	MsiExec.exe
1572	MsiExec.exe
4852	MsiExec.exe
4852	MsiExec.exe
4852	MsiExec.exe
4852	MsiExec.exe
4852	MsiExec.exe
3164	MsiExec.exe
3164	MsiExec.exe
3164	MsiExec.exe
1572	MsiExec.exe

Unexpected DNS network traffic destination 14 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 3 IoCs

flow	pid	Process
10	4668	msiexec.exe
11	4668	msiexec.exe
13	4668	msiexec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
21	pastebin.com
12	pastebin.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\readable-stream\CONTRIBUTING.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\minipass-fetch\lib\request.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\debug.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-package-arg\lib\npa.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\using-npm\dependency-selectors.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\sigstore_rekor.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\base64-js\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\utility.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\spdx-correct\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\sct.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\archy\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\ca\verify\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\list.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\normalize-package-data\lib\make_warning.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\google\protobuf\timestamp.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\depd\lib\compat\event-listener-count.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\make-fetch-happen\lib\dns.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\glob\sync.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-json-stream\node_modules\minipass\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\inherits\inherits_browser.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\bin\npm-cli.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\timers.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-flush\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-sized\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\internal\streams\utils.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\gauge\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\dbcs-codec.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@colors\colors\safe.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man7\orgs.7	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\using-npm\logging.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\link-bin.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\index.es6.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\build\common\util.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\humanize-ms\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\.github\workflows\node-gyp.yml	msiexec.exe
File created	C:\Program Files\nodejs\npx.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\models\targets.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\node_modules\minimatch\minimatch.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\docs\examples\javascript\connectExample.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\make-fetch-happen\lib\remote.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\install_tools.bat	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man7\dependency-selectors.7	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\supports-color\browser.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\dist\abort-controller.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-json-stream\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\sigstore_verification.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\error.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\has\LICENSE-MIT	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\fastest-levenshtein\test.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\yarnpkg.ps1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\just-diff-apply\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\configuring-npm\folders.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\completion\installed-deep.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\emoji-regex\text.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\git\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cmd-shim\lib\to-batch-syntax.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-ping.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\make-fetch-happen\lib\agent.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\depd\History.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\docs\examples\javascript\bindExample.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ansi-regex\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\retry\example\dns.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\LICENSE	msiexec.exe

Drops file in Windows directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSICEF8.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF94A32081F82B6784.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI535.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF5DE996EC9B75DF43.TMP	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE4C8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE4D9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI274.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2F2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\Installer\e57cae5.msi	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\~DF265E131E02DF21A8.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICF57.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File created	C:\Windows\SystemTemp\~DFCD6FCE0B904FFE6C.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDBFB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDEEB.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\Installer\e57cae1.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICF68.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDE8D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI68E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e57cae1.msi	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
3368	ipconfig.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133787454893114337"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe

Modifies registry class 30 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1788	Bootstrapper.exe
1788	Bootstrapper.exe
3816	chrome.exe
3816	chrome.exe
4668	msiexec.exe
4668	msiexec.exe
5040	Solara.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2100	WMIC.exe
Token: SeSecurityPrivilege	2100	WMIC.exe
Token: SeTakeOwnershipPrivilege	2100	WMIC.exe
Token: SeLoadDriverPrivilege	2100	WMIC.exe
Token: SeSystemProfilePrivilege	2100	WMIC.exe
Token: SeSystemtimePrivilege	2100	WMIC.exe
Token: SeProfSingleProcessPrivilege	2100	WMIC.exe
Token: SeIncBasePriorityPrivilege	2100	WMIC.exe
Token: SeCreatePagefilePrivilege	2100	WMIC.exe
Token: SeBackupPrivilege	2100	WMIC.exe
Token: SeRestorePrivilege	2100	WMIC.exe
Token: SeShutdownPrivilege	2100	WMIC.exe
Token: SeDebugPrivilege	2100	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2100	WMIC.exe
Token: SeRemoteShutdownPrivilege	2100	WMIC.exe
Token: SeUndockPrivilege	2100	WMIC.exe
Token: SeManageVolumePrivilege	2100	WMIC.exe
Token: 33	2100	WMIC.exe
Token: 34	2100	WMIC.exe
Token: 35	2100	WMIC.exe
Token: 36	2100	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2100	WMIC.exe
Token: SeSecurityPrivilege	2100	WMIC.exe
Token: SeTakeOwnershipPrivilege	2100	WMIC.exe
Token: SeLoadDriverPrivilege	2100	WMIC.exe
Token: SeSystemProfilePrivilege	2100	WMIC.exe
Token: SeSystemtimePrivilege	2100	WMIC.exe
Token: SeProfSingleProcessPrivilege	2100	WMIC.exe
Token: SeIncBasePriorityPrivilege	2100	WMIC.exe
Token: SeCreatePagefilePrivilege	2100	WMIC.exe
Token: SeBackupPrivilege	2100	WMIC.exe
Token: SeRestorePrivilege	2100	WMIC.exe
Token: SeShutdownPrivilege	2100	WMIC.exe
Token: SeDebugPrivilege	2100	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2100	WMIC.exe
Token: SeRemoteShutdownPrivilege	2100	WMIC.exe
Token: SeUndockPrivilege	2100	WMIC.exe
Token: SeManageVolumePrivilege	2100	WMIC.exe
Token: 33	2100	WMIC.exe
Token: 34	2100	WMIC.exe
Token: 35	2100	WMIC.exe
Token: 36	2100	WMIC.exe
Token: SeDebugPrivilege	1788	Bootstrapper.exe
Token: SeShutdownPrivilege	692	msiexec.exe
Token: SeIncreaseQuotaPrivilege	692	msiexec.exe
Token: SeSecurityPrivilege	4668	msiexec.exe
Token: SeCreateTokenPrivilege	692	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	692	msiexec.exe
Token: SeLockMemoryPrivilege	692	msiexec.exe
Token: SeIncreaseQuotaPrivilege	692	msiexec.exe
Token: SeMachineAccountPrivilege	692	msiexec.exe
Token: SeTcbPrivilege	692	msiexec.exe
Token: SeSecurityPrivilege	692	msiexec.exe
Token: SeTakeOwnershipPrivilege	692	msiexec.exe
Token: SeLoadDriverPrivilege	692	msiexec.exe
Token: SeSystemProfilePrivilege	692	msiexec.exe
Token: SeSystemtimePrivilege	692	msiexec.exe
Token: SeProfSingleProcessPrivilege	692	msiexec.exe
Token: SeIncBasePriorityPrivilege	692	msiexec.exe
Token: SeCreatePagefilePrivilege	692	msiexec.exe
Token: SeCreatePermanentPrivilege	692	msiexec.exe
Token: SeBackupPrivilege	692	msiexec.exe
Token: SeRestorePrivilege	692	msiexec.exe
Token: SeShutdownPrivilege	692	msiexec.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 1944	1788	Bootstrapper.exe	78
PID 1788 wrote to memory of 1944	1788	Bootstrapper.exe	78
PID 1944 wrote to memory of 3368	1944	cmd.exe	80
PID 1944 wrote to memory of 3368	1944	cmd.exe	80
PID 1788 wrote to memory of 3564	1788	Bootstrapper.exe	81
PID 1788 wrote to memory of 3564	1788	Bootstrapper.exe	81
PID 3564 wrote to memory of 2100	3564	cmd.exe	83
PID 3564 wrote to memory of 2100	3564	cmd.exe	83
PID 1788 wrote to memory of 692	1788	Bootstrapper.exe	85
PID 1788 wrote to memory of 692	1788	Bootstrapper.exe	85
PID 4668 wrote to memory of 1572	4668	msiexec.exe	89
PID 4668 wrote to memory of 1572	4668	msiexec.exe	89
PID 4668 wrote to memory of 4852	4668	msiexec.exe	90
PID 4668 wrote to memory of 4852	4668	msiexec.exe	90
PID 4668 wrote to memory of 4852	4668	msiexec.exe	90
PID 3816 wrote to memory of 2964	3816	chrome.exe	92
PID 3816 wrote to memory of 2964	3816	chrome.exe	92
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 4552	3816	chrome.exe	93
PID 3816 wrote to memory of 3148	3816	chrome.exe	94
PID 3816 wrote to memory of 3148	3816	chrome.exe	94
PID 3816 wrote to memory of 1880	3816	chrome.exe	95
PID 3816 wrote to memory of 1880	3816	chrome.exe	95
PID 3816 wrote to memory of 1880	3816	chrome.exe	95
PID 3816 wrote to memory of 1880	3816	chrome.exe	95
PID 3816 wrote to memory of 1880	3816	chrome.exe	95
PID 3816 wrote to memory of 1880	3816	chrome.exe	95
PID 3816 wrote to memory of 1880	3816	chrome.exe	95
PID 3816 wrote to memory of 1880	3816	chrome.exe	95
PID 3816 wrote to memory of 1880	3816	chrome.exe	95
PID 3816 wrote to memory of 1880	3816	chrome.exe	95
PID 3816 wrote to memory of 1880	3816	chrome.exe	95
PID 3816 wrote to memory of 1880	3816	chrome.exe	95
PID 3816 wrote to memory of 1880	3816	chrome.exe	95
PID 3816 wrote to memory of 1880	3816	chrome.exe	95
PID 3816 wrote to memory of 1880	3816	chrome.exe	95

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1944
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:3368
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3564
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2100
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:692
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5040

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 4EBB6BAD27F19DE3970B678E92A4E32B
  2⤵
  - Loads dropped DLL
  PID:1572
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 512DDA9704E31D115AF58E52175AADC6
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4852
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding ED5841C088B59FEF8B3848EEE20AC22B E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3164
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2164
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:3796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7530cc40,0x7fff7530cc4c,0x7fff7530cc58
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,10263174468956396709,4231952075540113850,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1928,i,10263174468956396709,4231952075540113850,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,10263174468956396709,4231952075540113850,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,10263174468956396709,4231952075540113850,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,10263174468956396709,4231952075540113850,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4300,i,10263174468956396709,4231952075540113850,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4560,i,10263174468956396709,4231952075540113850,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4556,i,10263174468956396709,4231952075540113850,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4272,i,10263174468956396709,4231952075540113850,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3740,i,10263174468956396709,4231952075540113850,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3256,i,10263174468956396709,4231952075540113850,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4756

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2992

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57cae4.rbs

Filesize
1.0MB

MD5
3c2b2f92e9ee542a1e21605d6d734ccd

SHA1
1f4c3e4d88088f8102cec05003f3626f6218533a

SHA256
1514c5c668e46c40e7370b0a823788db2869174ad1889d6123b7e1266b2a4a4e

SHA512
f68f9fee8533515d720afd7c1c4c0f703e3c0d0de6e856737b07db273ffa7c41fa0d6a25055411b7628fba8ffb6986acda09c6715518df9c40940a11132c569e

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4e68bfd4-5c4a-41df-8bd0-a0904f2b9bdd.tmp

Filesize
9KB

MD5
9b0113cb22603b62feee82c8628a23e7

SHA1
221d89fb709168a15099e88999422579c0dce644

SHA256
b8e61207b7639ec830d08b015d2325e446affa3eae20e3abd087ccf912d4f28e

SHA512
614796c82c12a9cf9c4705d7b57f6aa35270c6abf946cdfad3e631fc0ea6c0fc91ca93baa1869f15b9dd055b0fed94956555f7c4845e113dd2c1350a88bfa631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\88d2b43e-e3b0-4958-8606-67cc030116f2.tmp

Filesize
9KB

MD5
fcc3d587c39fe2f86fc3064a02c76b9b

SHA1
1224dd0a4086d679edf0cedc46dc211de3daaddf

SHA256
8b4f60186a056bcceebc715a1d4db157c3beef1708a7915cb16f184d29e427df

SHA512
a631f9c65d3d8758a7f580f4bced4fd52b43cce309ec8910304cbd8376c8234a3446b1992b41a0c2b5941c023ddad3f16d6e9bfc0c9444606f21231503fdfc8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b707b68eb03ef3548b78b59bef6235c2

SHA1
939449f22099b059ad224ca400530f6f31ba0412

SHA256
92854863a3a839c3ac80a930c1571b87efebedb48b557bec2a7177a759071392

SHA512
b20505f6e81bd0cb9971495bc39cd46b1fa2ea9d6d1b69f087add74c1b8fce2d410f0ba6c7b489003ebfa36dc7d2ff2e55f51c260b6263130d2a0891cb44dbf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6c69a196517a9b1c35625ac85b57f48a

SHA1
344607b7beca3d1440386be717d3ceeee6935dd8

SHA256
cf3fdf8182a5b3ce7614990ad2520ec58366c3696baa89af2afc465321e2c2c3

SHA512
62d8d3f1e92a2f5ac55adb2548e0fbd3eaf5a08f4b150b30cddd2e8c05d507a1088bb07baf7407599b7607bc4fcd23ba1d598f6281ea53bbde188596623fd195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3902af0ddfaa5bc268d971870aac0d34

SHA1
11c638fc21709dfba9cd3c0ac08a83343d466499

SHA256
7d5de32b6a878c8a11c280d8798640488e44bda4b21713a269179421cbe3d34c

SHA512
93be7ecc720c318858b8c6de652596441e9cb1ebd64b409ea897ab4d8687d77776b3615d86ca09ddc173e34475b50ed3ef7ca62f94ff5709a93758572c293116

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
11e16062ee34c9a54d7a688c29e166bb

SHA1
f7b51794cb62a9a3a90fe1146522edf44f279424

SHA256
25778417b1e098f4e825b83a7866d386b2508494b921e20eea3c2639a891dcb5

SHA512
b066b8663e273fbc2e21d2adeacd61ee98fb35b1840561b3e306f14a09dc95d023d87171a1b82825f8b80089e2fba10d9f470f2cc77e9f7892af3acf96e54052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
76fcade20ee2945106855d27b27ae413

SHA1
5ded11efbfa3baec5894be0f1e016f26456ccde2

SHA256
7cc08f1bb203cfde989ae5eb6c55a5c79d5e2397260bde818aee263ab9e55621

SHA512
4174cd5614bc934a4a74a3871f14ff6388b1a083b441fb0dbcf7ad917eaaad3c6289722ffe2e0687eb1008ace98ff94d5e8e1caa6fac32a4e2ea43d2be5cb71e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
2628a2a2189ec77366aa8944ef8aa336

SHA1
18983b8a4103a36b01753c06a7106361fdf4e2af

SHA256
f58132b272c8e5f9b691ca234a2aacfd708f0338b577b6f321b48cd9743d4fe8

SHA512
b921e5f4d09ee7fd477ece31a841b28f2eb2f1272a7bfb616126b60e94c453ee98187cfc6dde6c32819f895773b444bd7619d49a34dd9b89a5ed0b379f7ebcbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8b7a44e9043e30973a8253e528476735

SHA1
0a5cc85ee72f8488fb1cc8e4199b128c4194f101

SHA256
d462d849b77e302ab697ac69cb2fa3459f3a17f77d0ade21e053d00f8fe01b02

SHA512
b592dac24a929ec1985cd3f4ab3be9f815697029f92f2e2f1e6ff3993d6c33af3070fc3e8bfb3c7cb8e6cc4e56af6e506e39bc7b6790cb7540412d37bc0bc43a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e4c872f9facee39f23ad98994c5293b1

SHA1
8eff816b7c708e1107e1e0e06d8ca19eb7176486

SHA256
5b60014fa7c8577171438e2ad0c110ed5e68933342064a6145bf95a5e1f385d4

SHA512
f41b98edfcb0ac8d78feb97b989ae57af1af4e674dd111766cdf3e146afd862d82be8d2a288193848415d404f934ed17687e36812e6cd42502885b412bb81b58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
55422fcffa1f17a08797fa6b8d062e54

SHA1
210dae6116ebc7e094b97d05d8b24ea4c0a54d29

SHA256
e30d5e2ce84cb001637d7e5216690e03c3efc318035e339db7769ddf7663fc4a

SHA512
84b36a2112784f9558a66de73f748101174db4c1cdbd2ef02320db38d670747880657731c1a852cc748dea6005eeec07a1efe7c3cec2e09712a640e9631c76a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8501b531fb08e91fd10ce83df8e9e104

SHA1
cd960a0da23eb8738c5161f359246d105f50e1e9

SHA256
6830e3123fbed3ae0437a82d1efec8ecf3dab3ff47ad2b1b7cd512508d52495c

SHA512
50c899daf5f48c17588e61d537b1e4262cacddea90d77dcfbbc1d143069ef22d9ed97dd0d376bc882a3ab0d999beee191ab49c16ad53353ca06054f49c0b1cb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8c8effc5f83d2061754d95a5807c186b

SHA1
7ef2d5ff3b7f3f28415dea32556e3bd30da6bdaa

SHA256
79f8ed71639d0b4eac82b64984b70c6fbd2f3541d89d7528d1f391ea16e58f9f

SHA512
cc179c63c81684ea46c9dcdbfddc83238fdd95a5f160f97eb5785fd0bfaea684f9229060324e97f41bdc4aad711c17bac683d539fc9d7d3d48a877481d2c51a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1197c1905b6ea8c493d70de141050bca

SHA1
9879cea2a650106250c1a4c72b3e6da3496f88b9

SHA256
c75273ae7882cd0f72fb7020fe80c01502baffc6099a0a25dcd43cb08df6decc

SHA512
d85c83a27012e3805cc385dffaaaa116b86cb7ac6937c0ffa10a91e9009e677daa788be2b25e1c45ea26f03df8249427b2d1b671e639527a9b03e958b55d4d75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e83201fd9c9919123117c179f39bc038

SHA1
b2573ae0940ad8a646c24dfb4b35ed58171fb1c7

SHA256
390a239ae7ae45f2aafe3350db94b19da3eff614a07f7db83538bf651ac00800

SHA512
843dafd9cc31accbc31741f2dde13841a6cef0bdcbfd9fa24a2995bcfcaf4cc12f60f0fae0fba54eb75578b5604a6842909d6e94eb36e51ef0671b5172d8a166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5446b9ca248e3036d7e5fff489f01b3d

SHA1
d9e29f6e5b72d43ecff6a56f5971d0b538c324ca

SHA256
b8ac8ce301f7a80225b0e1f22986d517b6a95d56a5cdabba1bf0bd04b8122146

SHA512
398d6cf75c0c431bee1194ba442f86cf7d2ad76d3db53d7ba8ec7164b10b115dfc3bd51e106de88854b84d2df911206c27a984d2d5064d6ff7937b336e97414c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3a62d6066461f0bdcd33fa292c30b790

SHA1
183d16f7ba6d2b3f6329df011def88e3351eaaff

SHA256
4ec843b504032a70b57e07bb172f32a0ca8f077585efc4a93f1d330bd7d3f91d

SHA512
2dcac79fb0e48b45f5fb18b739bfc2db13b530df64d34e61bb71923865ff3685f39b31394e87f55828e2c3dbaf9ccf09957644364fd90f93e16da0f584d9e70b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
16e3f5e266cfb9ff2e3f1b4d11201294

SHA1
469065f16ebdb0807c470ef4b561e1983e9e4135

SHA256
cb528dc90f5d911e826113a70d7f34b4ced3324956315de5c6b6f4057013b084

SHA512
97c36ae38168122fc56d008430f8f867694685d81d3e9645a6bb31185a460ede00e6886e78f71f246650f8090aabd8a669a7d03d1d6a4a4af14cf60d89903470

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad99bfe6ada3a7f3579f366b17aa7498

SHA1
03eb858f3f2d4126fdc62147ea1883e7c4f9ddb0

SHA256
8886ffbc059b027dd77d041a02ea5ade6ee8ca4a860a0bbec1d52878f578fbbd

SHA512
6e6ac956207d9f9ce6b285c2d061b0344134c15820acac2963319cf7bfa9db7933d758ed0e8ff8f80bd786ae30d0b8304246dcd2d34fc2c0dd176156349e4ac0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
df4a0d3f2d8b7129cca93fc5091678ae

SHA1
04f5e73bfeed7e141fa16500ef73d3f352fef97c

SHA256
ec71b2f043577239ade956d9670fa937481a1d952cf7d0b2609f58bd7ae0276f

SHA512
b7b11679348f9b4b5b225a217aa2997e37a2ea4940bbaceba902993cdcb7ee51b11495068d71e56c83b4c1571670b3c6ae60380d22ed6d4be780b88a8d09f938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e705488a-7544-4111-abb0-c2aa95afbe8b.tmp

Filesize
9KB

MD5
b49a487640fc8354358fb6c9b79587d0

SHA1
1ebabf3dfcadb713d547f575ddce038a26d3a2b0

SHA256
678d54faa84043fdff7d468460764a248f29803a7deb5c2c1da7bce60b375676

SHA512
50efa57dc8673eb0751baa1b24a357583cd1e3c1a140ccbedca363edd6276a37f2bab7baafa6fb9b044c4b2a5d068aea6e7cdebcc7e657990691c1169f2b4d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
1bc72868ec17dd0379ffa34a781d5ea5

SHA1
3d81dc26cc26ccfd15b57f038910b2dae41d13ba

SHA256
602228972cecff4449a80e680192e6aa3a03a764664adbd808689f87b53dd5ed

SHA512
9587c7fc8c63695490346a9c02bbf1c64a5f91c930fcd464fe75f945a43c9aa5899c9ef2ae40a1f56eff69f3a25e4dfe49f6159923a94fbe78e3f865a62bb7e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
7da7edd61f4f91b0c7824b5b020cf03e

SHA1
1b22dc1b9163e246e375c5dd4a77f4cfb42eb4e3

SHA256
fa84da1b5aaf4d68bc1ab447cea94094adda7668f208add736e06d359144cc12

SHA512
42c9ab00c37dafacb0787e1a793c3c21186e12883ee58fc399448f03c7ef480ea6e96546a4a1e024e1ab523b7a878f0b6e0b998c54afffb55af9c526e6bb5aa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\Installer\MSICEF8.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSICF68.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSIDE8D.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
memory/1788-4-0x0000027A4CAA0000-0x0000027A4CAC2000-memory.dmp

Filesize
136KB

Download
memory/1788-2864-0x00007FFF67D50000-0x00007FFF68812000-memory.dmp

Filesize
10.8MB

Download
memory/1788-2439-0x0000027A4CBE0000-0x0000027A4CBF2000-memory.dmp

Filesize
72KB

Download
memory/1788-2437-0x0000027A4CB60000-0x0000027A4CB6A000-memory.dmp

Filesize
40KB

Download
memory/1788-1-0x0000027A323D0000-0x0000027A3249E000-memory.dmp

Filesize
824KB

Download
memory/1788-0-0x00007FFF67D53000-0x00007FFF67D55000-memory.dmp

Filesize
8KB

Download
memory/1788-2-0x00007FFF67D50000-0x00007FFF68812000-memory.dmp

Filesize
10.8MB

Download
memory/1788-5-0x00007FFF67D53000-0x00007FFF67D55000-memory.dmp

Filesize
8KB

Download
memory/1788-20-0x00007FFF67D50000-0x00007FFF68812000-memory.dmp

Filesize
10.8MB

Download
memory/5040-2867-0x0000020DE41F0000-0x0000020DE42A2000-memory.dmp

Filesize
712KB

Download
memory/5040-2865-0x0000020DE4130000-0x0000020DE41EA000-memory.dmp

Filesize
744KB

Download
memory/5040-2863-0x0000020DE44C0000-0x0000020DE49FC000-memory.dmp

Filesize
5.2MB

Download
memory/5040-2855-0x0000020DC8120000-0x0000020DC8144000-memory.dmp

Filesize
144KB

Download