Overview

overview

9

Static

static

3

Bootstrapper.exe

windows11-21h2-x64

9

Resubmissions

28-11-2024 18:42

241128-xcezwawmfz 9

28-11-2024 18:40

241128-xbpgxswmds 9

Analysis

  • max time kernel
    478s
  • max time network
    480s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-es
  • resource tags

    arch:x64arch:x86image:win11-20241007-eslocale:es-esos:windows11-21h2-x64systemwindows
  • submitted
    28-11-2024 18:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bootstrapper.exe

  • Size

    800KB

  • MD5

    02c70d9d6696950c198db93b7f6a835e

  • SHA1

    30231a467a49cc37768eea0f55f4bea1cbfb48e2

  • SHA256

    8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

  • SHA512

    431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb

  • SSDEEP

    12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score
9/10
defense_evasiondiscoveryevasionpersistencephishingprivilege_escalationthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
    persistence
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 27 IoCs
  • Loads dropped DLL 31 IoCs
  • Themida packer 12 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Blocklisted process makes network request 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

    discovery
  • Checks system information in the registry 2 TTPs 10 IoCs

    System information is often read in order to detect sandboxing environments.

  • Suspicious use of NtCreateThreadExHideFromDebugger 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 37 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 45 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 13 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Gathers network information 2 TTPs 3 IoCs

    Uses commandline utility to view network configuration.

  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 49 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 37 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
    "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4100
    • C:\Windows\SYSTEM32\cmd.exe
      "cmd" /c ipconfig /all
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:752
      • C:\Windows\system32\ipconfig.exe
        ipconfig /all
        3⤵
        • Gathers network information
        PID:4520
    • C:\Windows\System32\msiexec.exe
      "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2432
    • C:\ProgramData\Solara\Solara.exe
      "C:\ProgramData\Solara\Solara.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3592
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff14f9cc40,0x7fff14f9cc4c,0x7fff14f9cc58
      2⤵
        PID:3336
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,16622669057690827731,11394485689382692166,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1888 /prefetch:2
        2⤵
          PID:3632
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,16622669057690827731,11394485689382692166,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:3
          2⤵
            PID:4252
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,16622669057690827731,11394485689382692166,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2224 /prefetch:8
            2⤵
              PID:3268
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,16622669057690827731,11394485689382692166,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3252 /prefetch:1
              2⤵
                PID:3628
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,16622669057690827731,11394485689382692166,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3280 /prefetch:1
                2⤵
                  PID:4948
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3568,i,16622669057690827731,11394485689382692166,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4480 /prefetch:1
                  2⤵
                    PID:4020
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4768,i,16622669057690827731,11394485689382692166,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
                    2⤵
                      PID:2272
                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
                      2⤵
                      • Drops file in Windows directory
                      PID:3420
                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff735234698,0x7ff7352346a4,0x7ff7352346b0
                        3⤵
                        • Drops file in Windows directory
                        PID:244
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,16622669057690827731,11394485689382692166,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:8
                      2⤵
                        PID:3720
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4380,i,16622669057690827731,11394485689382692166,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:1
                        2⤵
                          PID:1328
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4372,i,16622669057690827731,11394485689382692166,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3508 /prefetch:1
                          2⤵
                            PID:2584
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5260,i,16622669057690827731,11394485689382692166,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:8
                            2⤵
                              PID:4672
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5252,i,16622669057690827731,11394485689382692166,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5400 /prefetch:8
                              2⤵
                                PID:1472
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5564,i,16622669057690827731,11394485689382692166,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5544 /prefetch:8
                                2⤵
                                • Subvert Trust Controls: Mark-of-the-Web Bypass
                                • NTFS ADS
                                PID:4664
                              • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
                                2⤵
                                • Executes dropped EXE
                                • Checks whether UAC is enabled
                                • Drops file in Program Files directory
                                • System Location Discovery: System Language Discovery
                                • Enumerates system info in registry
                                • Modifies Internet Explorer settings
                                • Modifies registry class
                                • Suspicious behavior: EnumeratesProcesses
                                PID:2576
                                • C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                  MicrosoftEdgeWebview2Setup.exe /silent /install
                                  3⤵
                                  • Executes dropped EXE
                                  • System Location Discovery: System Language Discovery
                                  PID:2224
                                  • C:\Program Files (x86)\Microsoft\Temp\EUA692.tmp\MicrosoftEdgeUpdate.exe
                                    "C:\Program Files (x86)\Microsoft\Temp\EUA692.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                    4⤵
                                    • Event Triggered Execution: Image File Execution Options Injection
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Checks system information in the registry
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:1796
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      • Modifies registry class
                                      PID:3632
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      • Modifies registry class
                                      PID:2236
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                        6⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Modifies registry class
                                        PID:3584
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                        6⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Modifies registry class
                                        PID:2548
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                        6⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Modifies registry class
                                        PID:2728
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTNERUY2NDEtRTQ4MS00QjI5LTg5NUEtMEE0MDlDQzdDMzFEfSIgdXNlcmlkPSJ7QzcyMDYzN0MtMjE2NS00NzkwLUJEN0ItNEQwQzU2Q0ZDQ0ZEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5RDBFRjhDOS02NDFBLTQwNUYtQTY1QS0zQzE0NjU4MjI5OTF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY2OTA5NTA2MTYiIGluc3RhbGxfdGltZV9tcz0iODA4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • Checks system information in the registry
                                      • System Location Discovery: System Language Discovery
                                      • System Network Configuration Discovery: Internet Connection Discovery
                                      PID:2584
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{13DEF641-E481-4B29-895A-0A409CC7C31D}" /silent
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      PID:4316
                                • C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe
                                  "C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 2576
                                  3⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious use of NtCreateThreadExHideFromDebugger
                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                  • Suspicious use of UnmapMainImage
                                  PID:4764
                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                              1⤵
                                PID:3640
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                1⤵
                                  PID:2132
                                • C:\Windows\system32\msiexec.exe
                                  C:\Windows\system32\msiexec.exe /V
                                  1⤵
                                  • Blocklisted process makes network request
                                  • Enumerates connected drives
                                  • Drops file in Program Files directory
                                  • Drops file in Windows directory
                                  • Modifies data under HKEY_USERS
                                  • Modifies registry class
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:2484
                                  • C:\Windows\System32\MsiExec.exe
                                    C:\Windows\System32\MsiExec.exe -Embedding 1722848097590ACC5FC79D736E2FFBC0
                                    2⤵
                                    • Loads dropped DLL
                                    PID:2712
                                  • C:\Windows\syswow64\MsiExec.exe
                                    C:\Windows\syswow64\MsiExec.exe -Embedding 98A6F17BC1641DC12A2FB3544204BA4B
                                    2⤵
                                    • Loads dropped DLL
                                    • System Location Discovery: System Language Discovery
                                    PID:2888
                                  • C:\Windows\syswow64\MsiExec.exe
                                    C:\Windows\syswow64\MsiExec.exe -Embedding B1DE58A72927FB1DD273E6114ADDA415 E Global\MSI0000
                                    2⤵
                                    • Loads dropped DLL
                                    • System Location Discovery: System Language Discovery
                                    PID:3720
                                    • C:\Windows\SysWOW64\wevtutil.exe
                                      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
                                      3⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:2676
                                      • C:\Windows\System32\wevtutil.exe
                                        "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
                                        4⤵
                                          PID:1092
                                  • C:\Windows\System32\rundll32.exe
                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    1⤵
                                      PID:3880
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                      1⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • Checks system information in the registry
                                      • System Location Discovery: System Language Discovery
                                      • Modifies data under HKEY_USERS
                                      PID:4132
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTNERUY2NDEtRTQ4MS00QjI5LTg5NUEtMEE0MDlDQzdDMzFEfSIgdXNlcmlkPSJ7QzcyMDYzN0MtMjE2NS00NzkwLUJEN0ItNEQwQzU2Q0ZDQ0ZEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0RUM2MzYzMC1DRTQwLTRGNEEtODBDRS03NjZEQzA5OEY3QzV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY2OTQ5NjA1NjciLz48L2FwcD48L3JlcXVlc3Q-
                                        2⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Checks system information in the registry
                                        • System Location Discovery: System Language Discovery
                                        • System Network Configuration Discovery: Internet Connection Discovery
                                        • Modifies data under HKEY_USERS
                                        PID:3992
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5DBD485-9323-43E3-86E0-79EBC07B8438}\MicrosoftEdge_X64_131.0.2903.70.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5DBD485-9323-43E3-86E0-79EBC07B8438}\MicrosoftEdge_X64_131.0.2903.70.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                        2⤵
                                        • Executes dropped EXE
                                        PID:708
                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5DBD485-9323-43E3-86E0-79EBC07B8438}\EDGEMITMP_2A492.tmp\setup.exe
                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5DBD485-9323-43E3-86E0-79EBC07B8438}\EDGEMITMP_2A492.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5DBD485-9323-43E3-86E0-79EBC07B8438}\MicrosoftEdge_X64_131.0.2903.70.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                          3⤵
                                          • Executes dropped EXE
                                          • Drops file in Program Files directory
                                          • Drops file in Windows directory
                                          PID:4788
                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5DBD485-9323-43E3-86E0-79EBC07B8438}\EDGEMITMP_2A492.tmp\setup.exe
                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5DBD485-9323-43E3-86E0-79EBC07B8438}\EDGEMITMP_2A492.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.86 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5DBD485-9323-43E3-86E0-79EBC07B8438}\EDGEMITMP_2A492.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.70 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff679d22918,0x7ff679d22924,0x7ff679d22930
                                            4⤵
                                            • Executes dropped EXE
                                            • Drops file in Windows directory
                                            PID:1756
                                          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.70\Installer\setup.exe
                                            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.70\Installer\setup.exe" --msedgewebview --delete-old-versions --system-level --verbose-logging
                                            4⤵
                                            • Executes dropped EXE
                                            • Drops file in Windows directory
                                            PID:4364
                                            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.70\Installer\setup.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.70\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.86 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.70\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.70 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff78f902918,0x7ff78f902924,0x7ff78f902930
                                              5⤵
                                              • Executes dropped EXE
                                              • Drops file in Windows directory
                                              PID:4468
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTNERUY2NDEtRTQ4MS00QjI5LTg5NUEtMEE0MDlDQzdDMzFEfSIgdXNlcmlkPSJ7QzcyMDYzN0MtMjE2NS00NzkwLUJEN0ItNEQwQzU2Q0ZDQ0ZEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins3Q0YyOTcxRS1DMkZFLTRGMEItODE2MS00M0Q3NjQwNTYxNzZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzEuMC4yOTAzLjcwIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NzExMzIwNDI3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjcxMTQyMTI0MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgxMDAxNzA0NzEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2Y4MTM2OTAxLWM1ZjAtNDMyNi1iZjMzLTRkNzNiODdhMTk3OT9QMT0xNzMzNDI0NjI2JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUVLSkpHbTRKOURBVXd0UllrV3IlMmJCVFczd3ZnQ09lbzREcjdoMkloWCUyZmxzQVdtRGRLQzglMmJWSGJhTHJJSTZKcW5MdlpLS3IzSTFQUDMlMmJDdW1OOGlLSVElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzY2MjIxNjAiIHRvdGFsPSIxNzY2MjIxNjAiIGRvd25sb2FkX3RpbWVfbXM9IjEzMjAzMSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgxMDAzMjEwOTMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MTE1MzkxMTkzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NzQzMjAwODU0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMTE1NSIgZG93bmxvYWRfdGltZV9tcz0iMTM4ODc5IiBkb3dubG9hZGVkPSIxNzY2MjIxNjAiIHRvdGFsPSIxNzY2MjIxNjAiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjYyNzc2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                        2⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Checks system information in the registry
                                        • System Location Discovery: System Language Discovery
                                        • System Network Configuration Discovery: Internet Connection Discovery
                                        PID:3896
                                    • C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
                                      "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
                                      1⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:3324
                                      • C:\Windows\SYSTEM32\cmd.exe
                                        "cmd" /c ipconfig /all
                                        2⤵
                                          PID:2324
                                          • C:\Windows\system32\ipconfig.exe
                                            ipconfig /all
                                            3⤵
                                            • Gathers network information
                                            PID:4224
                                        • C:\Windows\SYSTEM32\cmd.exe
                                          "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
                                          2⤵
                                            PID:2280
                                            • C:\Windows\System32\Wbem\WMIC.exe
                                              wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
                                              3⤵
                                                PID:728
                                            • C:\Program Files\nodejs\node.exe
                                              "node" -v
                                              2⤵
                                              • Executes dropped EXE
                                              • Suspicious use of SetWindowsHookEx
                                              PID:3964
                                            • C:\ProgramData\Solara\Solara.exe
                                              "C:\ProgramData\Solara\Solara.exe"
                                              2⤵
                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                              • Checks BIOS information in registry
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              • Checks whether UAC is enabled
                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:2500
                                              • C:\Program Files\nodejs\node.exe
                                                "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 9791fda87c384c9f
                                                3⤵
                                                • Executes dropped EXE
                                                • Suspicious use of SetWindowsHookEx
                                                PID:680
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=2500.4880.4949461299531662148
                                                3⤵
                                                • Enumerates system info in registry
                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                • Suspicious use of FindShellTrayWindow
                                                PID:1848
                                                • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x134,0x7ffefec93cb8,0x7ffefec93cc8,0x7ffefec93cd8
                                                  4⤵
                                                    PID:4588
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1896,8747585995637223581,14024737135370095724,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
                                                    4⤵
                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                    PID:3560
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,8747585995637223581,14024737135370095724,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=es --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2212 /prefetch:3
                                                    4⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:1388
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,8747585995637223581,14024737135370095724,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=es --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2504 /prefetch:8
                                                    4⤵
                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                    PID:4100
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1896,8747585995637223581,14024737135370095724,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=es --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
                                                    4⤵
                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                    PID:1996
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,8747585995637223581,14024737135370095724,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=es --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2548 /prefetch:8
                                                    4⤵
                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:3292
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1896,8747585995637223581,14024737135370095724,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=es --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4176 /prefetch:8
                                                    4⤵
                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                    PID:2584
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1896,8747585995637223581,14024737135370095724,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=es --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3960 /prefetch:8
                                                    4⤵
                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                    PID:4172
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1896,8747585995637223581,14024737135370095724,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=es --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=5060 /prefetch:8
                                                    4⤵
                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                    PID:2972
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1896,8747585995637223581,14024737135370095724,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4152 /prefetch:2
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                    PID:3280
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1896,8747585995637223581,14024737135370095724,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=es --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2316 /prefetch:8
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                    PID:1980
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1896,8747585995637223581,14024737135370095724,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=es --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1316 /prefetch:8
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                    PID:3412
                                            • C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
                                              "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
                                              1⤵
                                                PID:2236
                                                • C:\Windows\SYSTEM32\cmd.exe
                                                  "cmd" /c ipconfig /all
                                                  2⤵
                                                    PID:3992
                                                    • C:\Windows\system32\ipconfig.exe
                                                      ipconfig /all
                                                      3⤵
                                                      • Gathers network information
                                                      PID:2920
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:4616
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:4808
                                                    • C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe
                                                      "C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of NtCreateThreadExHideFromDebugger
                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                      • Suspicious use of UnmapMainImage
                                                      PID:1900

                                                    Network

                                                    MITRE ATT&CK Enterprise v15

                                                    Reconnaissance

                                                    Resource Development

                                                    Initial Access

                                                    Execution

                                                    Command and Scripting Interpreter

                                                    1
                                                    T1059

                                                    Persistence

                                                    Event Triggered Execution

                                                    2
                                                    T1546

                                                    Component Object Model Hijacking

                                                    1
                                                    T1546.015

                                                    Image File Execution Options Injection

                                                    1
                                                    T1546.012

                                                    Privilege Escalation

                                                    Event Triggered Execution

                                                    2
                                                    T1546

                                                    Component Object Model Hijacking

                                                    1
                                                    T1546.015

                                                    Image File Execution Options Injection

                                                    1
                                                    T1546.012

                                                    Defense Evasion

                                                    Modify Registry

                                                    1
                                                    T1112

                                                    Subvert Trust Controls

                                                    1
                                                    T1553

                                                    SIP and Trust Provider Hijacking

                                                    1
                                                    T1553.003

                                                    Virtualization/Sandbox Evasion

                                                    1
                                                    T1497

                                                    Credential Access

                                                    Discovery

                                                    Browser Information Discovery

                                                    1
                                                    T1217

                                                    Network Share Discovery

                                                    1
                                                    T1135

                                                    Peripheral Device Discovery

                                                    1
                                                    T1120

                                                    Query Registry

                                                    6
                                                    T1012

                                                    System Information Discovery

                                                    7
                                                    T1082

                                                    System Location Discovery

                                                    1
                                                    T1614

                                                    System Language Discovery

                                                    1
                                                    T1614.001

                                                    System Network Configuration Discovery

                                                    1
                                                    T1016

                                                    Internet Connection Discovery

                                                    1
                                                    T1016.001

                                                    Virtualization/Sandbox Evasion

                                                    1
                                                    T1497

                                                    Lateral Movement

                                                    Collection

                                                    Command and Control

                                                    Web Service

                                                    1
                                                    T1102

                                                    Exfiltration

                                                    Impact

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\Config.Msi\e5978b4.rbs
                                                      Filesize

                                                      1.0MB

                                                      MD5

                                                      99047b0208a398d48c29f08f19b60365

                                                      SHA1

                                                      c74dda57d880413106f0fba7dc43a48ac7bbff68

                                                      SHA256

                                                      ec642c2bb9647ae4ef0151ac3293709e73a8a8c592fd88539e6383caac65e9c7

                                                      SHA512

                                                      db834ec406cb9aec0a9bea8c533df9b76d04dcd1244536cda4ad4d13e4ba8fd8419ad7386d05aa40cb77785ea737c6bb0b5f5c8ffdbd1260e251f40dc2355ced

                                                      Download Submit

                                                    • C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.70\Installer\setup.exe
                                                      Filesize

                                                      6.6MB

                                                      MD5

                                                      8ae106f9f32723071b7d89c0dd260569

                                                      SHA1

                                                      c66b0f1b5f01b0a6a8eb0dc32842983f05c992c3

                                                      SHA256

                                                      c4b55f6e4150ef16f731a7b10012eecb83b5557ae45ac2b3d37b7865d69d1b26

                                                      SHA512

                                                      e96e3f14239b4fd1c2e6defa65e1eb9920efcf870ad98bee872b6248ab13032976d0340f99b490d6b7034f2ac099ff4d5e613d8f46a812483b1996569bc31dd1

                                                      Download Submit

                                                    • C:\Program Files (x86)\Microsoft\Temp\EUA692.tmp\EdgeUpdate.dat
                                                      Filesize

                                                      12KB

                                                      MD5

                                                      369bbc37cff290adb8963dc5e518b9b8

                                                      SHA1

                                                      de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                                      SHA256

                                                      3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                                      SHA512

                                                      4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                                      Download Submit

                                                    • C:\Program Files (x86)\Microsoft\Temp\EUA692.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                                                      Filesize

                                                      179KB

                                                      MD5

                                                      7a160c6016922713345454265807f08d

                                                      SHA1

                                                      e36ee184edd449252eb2dfd3016d5b0d2edad3c6

                                                      SHA256

                                                      35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

                                                      SHA512

                                                      c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

                                                      Download Submit

                                                    • C:\Program Files (x86)\Microsoft\Temp\EUA692.tmp\MicrosoftEdgeUpdate.exe
                                                      Filesize

                                                      201KB

                                                      MD5

                                                      4dc57ab56e37cd05e81f0d8aaafc5179

                                                      SHA1

                                                      494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                      SHA256

                                                      87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                      SHA512

                                                      320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                      Download Submit

                                                    • C:\Program Files (x86)\Microsoft\Temp\EUA692.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                      Filesize

                                                      212KB

                                                      MD5

                                                      60dba9b06b56e58f5aea1a4149c743d2

                                                      SHA1

                                                      a7e456acf64dd99ca30259cf45b88cf2515a69b3

                                                      SHA256

                                                      4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

                                                      SHA512

                                                      e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

                                                      Download Submit

                                                    • C:\Program Files (x86)\Microsoft\Temp\EUA692.tmp\MicrosoftEdgeUpdateCore.exe
                                                      Filesize

                                                      257KB

                                                      MD5

                                                      c044dcfa4d518df8fc9d4a161d49cece

                                                      SHA1

                                                      91bd4e933b22c010454fd6d3e3b042ab6e8b2149

                                                      SHA256

                                                      9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

                                                      SHA512

                                                      f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

                                                      Download Submit

                                                    • C:\Program Files (x86)\Microsoft\Temp\EUA692.tmp\NOTICE.TXT
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      6dd5bf0743f2366a0bdd37e302783bcd

                                                      SHA1

                                                      e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                                      SHA256

                                                      91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                                      SHA512

                                                      f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                                      Download Submit

                                                    • C:\Program Files (x86)\Microsoft\Temp\EUA692.tmp\msedgeupdate.dll
                                                      Filesize

                                                      2.0MB

                                                      MD5

                                                      965b3af7886e7bf6584488658c050ca2

                                                      SHA1

                                                      72daabdde7cd500c483d0eeecb1bd19708f8e4a5

                                                      SHA256

                                                      d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

                                                      SHA512

                                                      1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

                                                      Download Submit

                                                    • C:\Program Files (x86)\Microsoft\Temp\EUA692.tmp\msedgeupdateres_af.dll
                                                      Filesize

                                                      28KB

                                                      MD5

                                                      567aec2d42d02675eb515bbd852be7db

                                                      SHA1

                                                      66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

                                                      SHA256

                                                      a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

                                                      SHA512

                                                      3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

                                                      Download Submit

                                                    • C:\Program Files (x86)\Microsoft\Temp\EUA692.tmp\msedgeupdateres_am.dll
                                                      Filesize

                                                      24KB

                                                      MD5

                                                      f6c1324070b6c4e2a8f8921652bfbdfa

                                                      SHA1

                                                      988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

                                                      SHA256

                                                      986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

                                                      SHA512

                                                      63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

                                                      Download Submit

                                                    • C:\Program Files (x86)\Microsoft\Temp\EUA692.tmp\msedgeupdateres_ar.dll
                                                      Filesize

                                                      26KB

                                                      MD5

                                                      570efe7aa117a1f98c7a682f8112cb6d

                                                      SHA1

                                                      536e7c49e24e9aa068a021a8f258e3e4e69fa64f

                                                      SHA256

                                                      e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

                                                      SHA512

                                                      5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

                                                      Download Submit

                                                    • C:\Program Files (x86)\Microsoft\Temp\EUA692.tmp\msedgeupdateres_as.dll
                                                      Filesize

                                                      28KB

                                                      MD5

                                                      a8d3210e34bf6f63a35590245c16bc1b

                                                      SHA1

                                                      f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

                                                      SHA256

                                                      3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

                                                      SHA512

                                                      6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

                                                      Download Submit

                                                    • C:\Program Files (x86)\Microsoft\Temp\EUA692.tmp\msedgeupdateres_az.dll
                                                      Filesize

                                                      29KB

                                                      MD5

                                                      7937c407ebe21170daf0975779f1aa49

                                                      SHA1

                                                      4c2a40e76209abd2492dfaaf65ef24de72291346

                                                      SHA256

                                                      5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

                                                      SHA512

                                                      8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

                                                      Download Submit

                                                    • C:\Program Files (x86)\Microsoft\Temp\EUA692.tmp\msedgeupdateres_bg.dll
                                                      Filesize

                                                      29KB

                                                      MD5

                                                      8375b1b756b2a74a12def575351e6bbd

                                                      SHA1

                                                      802ec096425dc1cab723d4cf2fd1a868315d3727

                                                      SHA256

                                                      a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

                                                      SHA512

                                                      aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

                                                      Download Submit

                                                    • C:\Program Files (x86)\Microsoft\Temp\EUA692.tmp\msedgeupdateres_bn.dll
                                                      Filesize

                                                      29KB

                                                      MD5

                                                      7dc58c4e27eaf84ae9984cff2cc16235

                                                      SHA1

                                                      3f53499ddc487658932a8c2bcf562ba32afd3bda

                                                      SHA256

                                                      e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

                                                      SHA512

                                                      bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

                                                      Download Submit

                                                    • C:\Program Files (x86)\Microsoft\Temp\EUA692.tmp\msedgeupdateres_es.dll
                                                      Filesize

                                                      28KB

                                                      MD5

                                                      9db7f66f9dc417ebba021bc45af5d34b

                                                      SHA1

                                                      6815318b05019f521d65f6046cf340ad88e40971

                                                      SHA256

                                                      e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

                                                      SHA512

                                                      943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

                                                      Download Submit

                                                    • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
                                                      Filesize

                                                      6.8MB

                                                      MD5

                                                      ee40308e2ffbc9001db2324ff6420492

                                                      SHA1

                                                      47cabfe872311f65534cbd4b87d707ccdef559d1

                                                      SHA256

                                                      38cd32dedb5c8c2af8ecd56827af5b4477a4b9ca3e518199d389a261baa999a5

                                                      SHA512

                                                      5f5fd0db005d49d63eaa81b288d2d6d40ce9c84cafd1c75d33723e47f23341d5ff254c2ed6274790242ad53f5360467d121cf1196ec7a073d4506166248041c3

                                                      Download Submit

                                                    • C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                      Filesize

                                                      1.5MB

                                                      MD5

                                                      610b1b60dc8729bad759c92f82ee2804

                                                      SHA1

                                                      9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

                                                      SHA256

                                                      921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

                                                      SHA512

                                                      0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

                                                      Download Submit

                                                    • C:\Program Files\nodejs\node_etw_provider.man
                                                      Filesize

                                                      10KB

                                                      MD5

                                                      1d51e18a7247f47245b0751f16119498

                                                      SHA1

                                                      78f5d95dd07c0fcee43c6d4feab12d802d194d95

                                                      SHA256

                                                      1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

                                                      SHA512

                                                      1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

                                                      Download Submit

                                                    • C:\Program Files\nodejs\node_etw_provider.man
                                                      Filesize

                                                      8KB

                                                      MD5

                                                      d3bc164e23e694c644e0b1ce3e3f9910

                                                      SHA1

                                                      1849f8b1326111b5d4d93febc2bafb3856e601bb

                                                      SHA256

                                                      1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

                                                      SHA512

                                                      91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

                                                      Download Submit

                                                    • C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md
                                                      Filesize

                                                      818B

                                                      MD5

                                                      2916d8b51a5cc0a350d64389bc07aef6

                                                      SHA1

                                                      c9d5ac416c1dd7945651bee712dbed4d158d09e1

                                                      SHA256

                                                      733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

                                                      SHA512

                                                      508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

                                                      Download Submit

                                                    • C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      5ad87d95c13094fa67f25442ff521efd

                                                      SHA1

                                                      01f1438a98e1b796e05a74131e6bb9d66c9e8542

                                                      SHA256

                                                      67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

                                                      SHA512

                                                      7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

                                                      Download Submit

                                                    • C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE
                                                      Filesize

                                                      754B

                                                      MD5

                                                      d2cf52aa43e18fdc87562d4c1303f46a

                                                      SHA1

                                                      58fb4a65fffb438630351e7cafd322579817e5e1

                                                      SHA256

                                                      45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

                                                      SHA512

                                                      54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

                                                      Download Submit

                                                    • C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md
                                                      Filesize

                                                      771B

                                                      MD5

                                                      e9dc66f98e5f7ff720bf603fff36ebc5

                                                      SHA1

                                                      f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

                                                      SHA256

                                                      b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

                                                      SHA512

                                                      8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

                                                      Download Submit

                                                    • C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE
                                                      Filesize

                                                      730B

                                                      MD5

                                                      072ac9ab0c4667f8f876becedfe10ee0

                                                      SHA1

                                                      0227492dcdc7fb8de1d14f9d3421c333230cf8fe

                                                      SHA256

                                                      2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

                                                      SHA512

                                                      f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

                                                      Download Submit

                                                    • C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      d116a360376e31950428ed26eae9ffd4

                                                      SHA1

                                                      192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

                                                      SHA256

                                                      c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

                                                      SHA512

                                                      5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

                                                      Download Submit

                                                    • C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE
                                                      Filesize

                                                      802B

                                                      MD5

                                                      d7c8fab641cd22d2cd30d2999cc77040

                                                      SHA1

                                                      d293601583b1454ad5415260e4378217d569538e

                                                      SHA256

                                                      04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

                                                      SHA512

                                                      278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

                                                      Download Submit

                                                    • C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js
                                                      Filesize

                                                      16KB

                                                      MD5

                                                      bc0c0eeede037aa152345ab1f9774e92

                                                      SHA1

                                                      56e0f71900f0ef8294e46757ec14c0c11ed31d4e

                                                      SHA256

                                                      7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

                                                      SHA512

                                                      5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

                                                      Download Submit

                                                    • C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE
                                                      Filesize

                                                      780B

                                                      MD5

                                                      b020de8f88eacc104c21d6e6cacc636d

                                                      SHA1

                                                      20b35e641e3a5ea25f012e13d69fab37e3d68d6b

                                                      SHA256

                                                      3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

                                                      SHA512

                                                      4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

                                                      Download Submit

                                                    • C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE
                                                      Filesize

                                                      763B

                                                      MD5

                                                      7428aa9f83c500c4a434f8848ee23851

                                                      SHA1

                                                      166b3e1c1b7d7cb7b070108876492529f546219f

                                                      SHA256

                                                      1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

                                                      SHA512

                                                      c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

                                                      Download Submit

                                                    • C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      f0bd53316e08991d94586331f9c11d97

                                                      SHA1

                                                      f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

                                                      SHA256

                                                      dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

                                                      SHA512

                                                      fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

                                                      Download Submit

                                                    • C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE
                                                      Filesize

                                                      771B

                                                      MD5

                                                      1d7c74bcd1904d125f6aff37749dc069

                                                      SHA1

                                                      21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

                                                      SHA256

                                                      24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

                                                      SHA512

                                                      b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

                                                      Download Submit

                                                    • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                                      Filesize

                                                      16KB

                                                      MD5

                                                      73a2034882218965f0a1fced9b97b15d

                                                      SHA1

                                                      32011d9e187c4dde94209cb674aba9c3c5f185b9

                                                      SHA256

                                                      2042d11140e013a850f44f0d5dec2e1508247994d80d87f2a9c21a4f23f3343d

                                                      SHA512

                                                      b662099adf5e39a047f28bcc2713b65bc48711e74975424c57c050f6c323df47de2e4273f2728135a025726e9670ae39777e22eee34f69e0140cf6f213348e0f

                                                      Download Submit

                                                    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url
                                                      Filesize

                                                      168B

                                                      MD5

                                                      db7dbbc86e432573e54dedbcc02cb4a1

                                                      SHA1

                                                      cff9cfb98cff2d86b35dc680b405e8036bbbda47

                                                      SHA256

                                                      7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

                                                      SHA512

                                                      8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

                                                      Download Submit

                                                    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url
                                                      Filesize

                                                      133B

                                                      MD5

                                                      35b86e177ab52108bd9fed7425a9e34a

                                                      SHA1

                                                      76a1f47a10e3ab829f676838147875d75022c70c

                                                      SHA256

                                                      afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

                                                      SHA512

                                                      3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

                                                      Download Submit

                                                    • C:\ProgramData\Solara\Newtonsoft.Json.dll
                                                      Filesize

                                                      695KB

                                                      MD5

                                                      195ffb7167db3219b217c4fd439eedd6

                                                      SHA1

                                                      1e76e6099570ede620b76ed47cf8d03a936d49f8

                                                      SHA256

                                                      e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

                                                      SHA512

                                                      56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

                                                      Download Submit

                                                    • C:\ProgramData\Solara\Solara.exe
                                                      Filesize

                                                      133KB

                                                      MD5

                                                      c6f770cbb24248537558c1f06f7ff855

                                                      SHA1

                                                      fdc2aaae292c32a58ea4d9974a31ece26628fdd7

                                                      SHA256

                                                      d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

                                                      SHA512

                                                      cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

                                                      Download Submit

                                                    • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat
                                                      Filesize

                                                      152B

                                                      MD5

                                                      b354d592d6058d325057286487292389

                                                      SHA1

                                                      d1ec151a279f07304aee8b23be579e16d060bd3b

                                                      SHA256

                                                      de3bfc6fda820a8cf6978214c36878b27b8da198cf27d8eec2103f0775cc2b0a

                                                      SHA512

                                                      97ace06d6b32cc6b949a898957db86093e1724e0a214e7d1d00690ebce3b89c009d875c3ac7d66645e18e513ffd62ddf7c730e608f27564b300720dec4e66ed2

                                                      Download Submit

                                                    • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat
                                                      Filesize

                                                      152B

                                                      MD5

                                                      7a055e437ef8bac03dff2ce15eff109e

                                                      SHA1

                                                      6ec4703d20da9db4d63f9c6d54437aed554b3b48

                                                      SHA256

                                                      63710837a7b8722545bf93a1b9ad51a8de6fa74a60e358651db1fd86ff0fea8b

                                                      SHA512

                                                      d3ac0dc58fb82a036ae1e4220f58a5e958d0a97f3675b5683fd2842893158b3a6cd5796d6977eb88daaf251228217daf64fe8f5f6ad57cb7512ee9237ae7c91f

                                                      Download Submit

                                                    • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001
                                                      Filesize

                                                      41B

                                                      MD5

                                                      5af87dfd673ba2115e2fcf5cfdb727ab

                                                      SHA1

                                                      d5b5bbf396dc291274584ef71f444f420b6056f1

                                                      SHA256

                                                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                      SHA512

                                                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                      Download Submit

                                                    • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State
                                                      Filesize

                                                      824B

                                                      MD5

                                                      894ff8d7c80ef2907ca17d96864b9765

                                                      SHA1

                                                      896bd6201e06908d41f42854dcf041fb9b97999c

                                                      SHA256

                                                      6723e81bde630f60a3773cfe27fc750ad3cdd5da006029b97a09f2497b55a4eb

                                                      SHA512

                                                      745d38e6cf67ec873913294f822ea98d0f3287baeabbf02d46f513508f2cce92e5afc58f4eeba3e1e29aad25f401835131d95e3b77e58d9ccceb95148d9f7a4d

                                                      Download Submit

                                                    • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State~RFe5c4de9.TMP
                                                      Filesize

                                                      59B

                                                      MD5

                                                      2800881c775077e1c4b6e06bf4676de4

                                                      SHA1

                                                      2873631068c8b3b9495638c865915be822442c8b

                                                      SHA256

                                                      226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                      SHA512

                                                      e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                      Download Submit

                                                    • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      5d74f24dda86685949312b412b5366ac

                                                      SHA1

                                                      997d7981cccafa142ed2f6d4aad174385e9061da

                                                      SHA256

                                                      26feb2b4c4d928d8c9df92bb8dcc68ccfc8e9ca92d6e072658a6d38cb76cc45b

                                                      SHA512

                                                      60b2e9887f561b98f3286cc61ac601f38e887d7ce22a53dfda0c4d111ffcf250361e591d49a46af6c259acda31640aa7aee3c3866c7d82d7c63c525c88d4116a

                                                      Download Submit

                                                    • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      aee807a9ef4778451b846c6b7512eb8e

                                                      SHA1

                                                      e0cedc47fceb24162b89e3dcdb6e56e20e7c44ee

                                                      SHA256

                                                      cd1175fb50c507c5555217c47875bce135f6c63b89c057746cd64df31762fc45

                                                      SHA512

                                                      5b3b2a7cff19920e91dbd21e7661c7c3820d11cddf3b99447091327786d1a7d5549d0fc3bfb408b3a3de92964d8b54a6b652d8895e2efab8ec379f115436241d

                                                      Download Submit

                                                    • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences~RFe5ba2e4.TMP
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      0c3bc1344fd477b0e1ef1b7a9d8ebd38

                                                      SHA1

                                                      c63d5ddd806f2aab8103342a85d2c4944234f33d

                                                      SHA256

                                                      492128a76fb923337d4a27c26e7ee25ebb1d9e3ab380482dcb7c956d6cae5b92

                                                      SHA512

                                                      9c4a437b29ee04a5e72e9ca64202a2ecfb4c06f58a8e0d1f91ebfeae3642655c297a4de38baf0a14ea4f29e225e404b9e7f7b73003fdf91ff6ca5624e16d35ed

                                                      Download Submit

                                                    • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT
                                                      Filesize

                                                      16B

                                                      MD5

                                                      46295cac801e5d4857d09837238a6394

                                                      SHA1

                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                      SHA256

                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                      SHA512

                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                      Download Submit

                                                    • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT
                                                      Filesize

                                                      16B

                                                      MD5

                                                      206702161f94c5cd39fadd03f4014d98

                                                      SHA1

                                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                      SHA256

                                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                      SHA512

                                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                      Download Submit

                                                    • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State
                                                      Filesize

                                                      8KB

                                                      MD5

                                                      46dcf52c0344d7f26cd7d8da72168ad7

                                                      SHA1

                                                      08dd9d7a1fd96b805002bbf9e4073034f206b3ab

                                                      SHA256

                                                      38e68f0babc597ce9f8ebc1c6b491fc29412ddb1c4b18a1ec0e670c40a557fab

                                                      SHA512

                                                      7980e6ef5af833efb85774e7d0ee203e544a37afe573238bf183209c0d197e690943b83eed297936df83214157cf0876b351ed939cfdea300e3926a443e9c3a7

                                                      Download Submit

                                                    • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State
                                                      Filesize

                                                      8KB

                                                      MD5

                                                      ea79d61ab57ae1b393fdbfd1716a4c84

                                                      SHA1

                                                      532aae020214b92abfb9dd774744b28ef754405d

                                                      SHA256

                                                      e389b34120bcd6f43bc5077ccf6946c5a1d623a4bf972327d7eac1234d306717

                                                      SHA512

                                                      cda5036b653e856a8b568b180f938adac917713a9c1deae47b89a30e7015427cdb0c43d034804cbc1b0df9b70a9ea2e5f2d6e01bbefd4416640bef2955cfe2a3

                                                      Download Submit

                                                    • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe5b848e.TMP
                                                      Filesize

                                                      8KB

                                                      MD5

                                                      3ab22d2557e61dfd8cb973e91afda484

                                                      SHA1

                                                      26589fc14f564143811d0b0ce921ef5e03c293a6

                                                      SHA256

                                                      9f826bea4a627d5e8bac92be437ea098401358c06b58ac588d2d1d5bc995d46e

                                                      SHA512

                                                      daf13f4d31ffb7db0c75827f36c7c1148748e417fd99c643b34adca794d0aeb16e53b94a284ca7f322829658c56cbd57a149760e77e45a639ad963b0b639e142

                                                      Download Submit

                                                    • C:\ProgramData\Solara\Wpf.Ui.dll
                                                      Filesize

                                                      5.2MB

                                                      MD5

                                                      aead90ab96e2853f59be27c4ec1e4853

                                                      SHA1

                                                      43cdedde26488d3209e17efff9a51e1f944eb35f

                                                      SHA256

                                                      46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

                                                      SHA512

                                                      f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6f43b05c-1e14-40d2-98d7-0cd9b992e8df.tmp
                                                      Filesize

                                                      9KB

                                                      MD5

                                                      4d632baa6a25d5cca8b8ad7bd5ce5fff

                                                      SHA1

                                                      1d89e16b38c9ec0bbff4849b3426b7ddf9b98215

                                                      SHA256

                                                      f0b394688c5d54ad58fca25f3954e0095a0a58b53242b893bdfdf5d4d3576d8a

                                                      SHA512

                                                      0e009318bdc83862927a287c8d8c4b6d8ea2f254585d9fdb9782af5ae590eed169a0f41506b4a1411bda7fceaad2eea57e215322a345f6e2682c4d18b21878b6

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                      Filesize

                                                      649B

                                                      MD5

                                                      fc4cbcbaee6a24b8c49db4f383ef9d30

                                                      SHA1

                                                      0810126b0334394403fa823df1c4b125cd4227ea

                                                      SHA256

                                                      f28df8b8f08f183823961e9fa9811034cf510e4399c2eb4a73f83be13b804ffc

                                                      SHA512

                                                      9450bde0a2729e71bef1064f213da7d12e80a170b09846b3946118c3f807559b7e461926a8de8eb70effa5c895698544d225ddadbfd34a5b040f61353c4713e5

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
                                                      Filesize

                                                      215KB

                                                      MD5

                                                      2be38925751dc3580e84c3af3a87f98d

                                                      SHA1

                                                      8a390d24e6588bef5da1d3db713784c11ca58921

                                                      SHA256

                                                      1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

                                                      SHA512

                                                      1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                      Filesize

                                                      216B

                                                      MD5

                                                      3f268c8c014c87c9d4ab1d2376f55005

                                                      SHA1

                                                      99cfc3f45e87bc292e5e8741529fbe1d1e28487d

                                                      SHA256

                                                      05e5cc40424826e580624cc8df7ecdc68893a3521973f12197af096779856fdd

                                                      SHA512

                                                      43985eda45c851f4f2987bdd981c77ff3505a427f41624cb9226879fea7d69d61fb807c9a4dcdef01bad745d279f41ab0ed3eb3f02c5b21d014ebd1c86b0ee3e

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                      Filesize

                                                      2KB

                                                      MD5

                                                      8ccfc7e23e2968f99da04407e3c7f887

                                                      SHA1

                                                      ef697bb231a87e54a8b6d43686ef92b1525e881a

                                                      SHA256

                                                      beaf656c77d091b9e5d682cef443638947d903946d1e4b51f5de0f653ae9130c

                                                      SHA512

                                                      f759e4d58e9d3f4540cb2a73eaead3705d494ff57bba4bdf4682bd2a8eee44716b34b2a63503ce53c269cbe9b07dc87a92300f591a33a39289d4ebdea6fc6560

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
                                                      Filesize

                                                      264KB

                                                      MD5

                                                      28d6d7607b96d866a71337a1deffe7e2

                                                      SHA1

                                                      d695d496600f51a953478cc7dc69f80153300273

                                                      SHA256

                                                      115c8d20508982b0d8c82d677388fb5b95df58d059b395943a51fb65f7e7fd16

                                                      SHA512

                                                      002b75c6a189ce60170cc02a87df4614b408784de7005d0b3fb1dc1f46169e0c2028138c7f5919539c6f046377d2e4b50e8da2fac6034507e4ecb1fdde32a473

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      72ed389b9e17c7b24585b10da94c095c

                                                      SHA1

                                                      abd9a33fbdba3c0fbf2da06f2c54cae3a78e1fb9

                                                      SHA256

                                                      57c13b487430737db1a6fd82c1077e9a98ee46f4576f18ef452058a6cbaa968f

                                                      SHA512

                                                      326688bc2d8812f76c9437b7ba752ea4d1a286db7cf4c8863533550db63a303ecf98cee5b6895c3b64dd68f0ae090338360830312139c8b7ece63ac1970c005f

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                      Filesize

                                                      2B

                                                      MD5

                                                      d751713988987e9331980363e24189ce

                                                      SHA1

                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                      SHA256

                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                      SHA512

                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      3c7233e2a6eecc56e9117029ef81f3f0

                                                      SHA1

                                                      b04a9565320831635fd111e586eb0931c144d72c

                                                      SHA256

                                                      eed0fe5d4a9220490fe94a628df9b4197e9e2b5c3e66cc643cbaae9ebdb56824

                                                      SHA512

                                                      534ff67dffdccfe1f7fadcdc60e58888a0121d8a9e4ccaa6b8f040eef6e494b85109bf164d52a9c584adbcd4a893cbc7acda4646f673d1a8b98de0659ac9dd95

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      4b75ddff44b22e5f787de59e26cfec23

                                                      SHA1

                                                      fb3b3ad88ed8d6b111de48858afc362c0a0cfb61

                                                      SHA256

                                                      1b6b9ab138b280556035fc2988df2dc544b8f04e2bb4c9fcbb8904863a4b43a0

                                                      SHA512

                                                      327d08e6dce7b2aa63d5c888f38696a7c922270844982d0ba66901d41aaaa534837698402d76cfbe0ebc6b9d3d6faa78ed0282200c0eac1853e9496d3b18aacd

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                      Filesize

                                                      356B

                                                      MD5

                                                      41682561e32500e4526369279813a27b

                                                      SHA1

                                                      44ef378d2fdf46db28ea703bd6325daad2b7b92c

                                                      SHA256

                                                      bccb185158db65074b30f2dc380096df1ea442927909bf30546bfc8d29b1d4ba

                                                      SHA512

                                                      19855a14b32205684a3fc9ce8e2eb8a5eff1474a53587704a0c2231f154e896bf38ea8da4db62f7294b5a158349207ec235ba2c53f75eca9bd95c913c37a43ab

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                      Filesize

                                                      9KB

                                                      MD5

                                                      3ca14430d9c426e27568bb4a801b3f0e

                                                      SHA1

                                                      33cc8eb47b1c56aa13cdfb6492162d83a7b252d2

                                                      SHA256

                                                      8241255cc4dca1bf0d5a94e146a525f622e270b392b3708d80c31708670489d6

                                                      SHA512

                                                      33d41b24d19bc1c184c71826d59523284f63bb9ddc050f5eb39493ec378f5ff7a392e82c6095fe31bc09c3ef77fb475cfa3c5e913775df76a4971fe90d35c177

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                      Filesize

                                                      9KB

                                                      MD5

                                                      5ad757da9fc54b96a10a7754b356059a

                                                      SHA1

                                                      0d3967eeebc85b41cdf3bd39e1ec5a77dc823264

                                                      SHA256

                                                      c85002c65f50ce2c8b716ed7b13f4a13b8075cdc1eca8f24c940e5c2999da074

                                                      SHA512

                                                      907732a76ced913a22f23dbf0b18691a61561eb2f20cbe1142b6476804737a2aec96e0fa80bebc07e0fb717e88de5c5c8eaf9cb9706dfc4ceb5b51f53014f2fc

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                      Filesize

                                                      10KB

                                                      MD5

                                                      705a51a87332f31743c00a523258ae38

                                                      SHA1

                                                      e80f975ba4f2844f59074b765ca57557aa5749ae

                                                      SHA256

                                                      9ce81f5d84d8cbf13a871dd3bb12b862e150d14728aec409a1a5a442c12bf31c

                                                      SHA512

                                                      ffd2c683a5c95b3fdb9868792f7783826b764b8c1877fe15f01ffcffb624b162f9a799c2f49f2cf6b5645c0447666eefc4ea52a054429409223f19946933fdb3

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                      Filesize

                                                      10KB

                                                      MD5

                                                      0224fb1331c024f253aa762c4e46b142

                                                      SHA1

                                                      da67407e8fa8a5437b9292f14161fa20cc044aed

                                                      SHA256

                                                      66f83ad09df34c44af3711a4a91d5b72e36bc73bdce525cfbcd844eb610482f1

                                                      SHA512

                                                      218692830500ee2b3ac290485804abf7282546ab6228f0deb5924da49817be7844d1ee047c8ff3e5a8ef66e3e3fccd064f0bc7f888a0d2c83da30a5ee72d446a

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                      Filesize

                                                      15KB

                                                      MD5

                                                      dc5db1e23bcd315f626604d8ac189f37

                                                      SHA1

                                                      7fb527ec97d35f06f77a1859e61e5023e747b8d9

                                                      SHA256

                                                      35143d011eb8ce8ecea63d8b732bf2785c21096900a72e89b615bbba00340bc6

                                                      SHA512

                                                      b9b41d980143f62e9c9ae0841c50caba34ff957e73ab6099d07198644d90ea8a43f898870b423695e13e8ffda561714c512cb5303eeeca05234739389356a2ce

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                      Filesize

                                                      234KB

                                                      MD5

                                                      dab04ae75a2bee28428f1afbff37de00

                                                      SHA1

                                                      29b1b5180373f887bd51a3a7d7cb5bbb253e4205

                                                      SHA256

                                                      20838bdea08979a22717dfb490bd6589c948de8078b292826d8f7d916684fc5a

                                                      SHA512

                                                      110e40eb86560d47881a9c41c56588593a86ad2a970cd714104bcc9630ec6fb133e5877acf37e760db04b47393b4ec80d6ef95c3e5b6f55bc1468c615ca8dd64

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                      Filesize

                                                      234KB

                                                      MD5

                                                      aee30e249148139377bccd57598dbef3

                                                      SHA1

                                                      c16bfac8015ec6fd6e47474c2693a6f39c898d57

                                                      SHA256

                                                      6955c98c478461d3f7018939cf821cfc9404c6055987a3cf66d10b0920f6eb57

                                                      SHA512

                                                      3725cd72ac2ecac00544d92569a830d86ca47c2b34c700cc4d928e5a3e124ef75eb468400cdd5392abc2958447d6aa4a7cef661c0356732785990adc562dde57

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                      Filesize

                                                      234KB

                                                      MD5

                                                      ce3a699c0c8b61e5b9b9bdf6aa4adade

                                                      SHA1

                                                      0f9d5e6e6849bd04874d554d515e7352f75571b0

                                                      SHA256

                                                      475740cbb6c1d36b2afe6baed25387ca0008793774dae2e51e1b41d104d2509b

                                                      SHA512

                                                      4741f6110bd1cfadd81a08704ea52cc8b2a7edb22380e5aba38baa848c4f08427a78de104c355ed0206fd0bdc9dc2b4aa57793aad317ab2068a4d0879472aa7f

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\0e4df74cce0423376e6a782e4b3deb64
                                                      Filesize

                                                      7.0MB

                                                      MD5

                                                      0e4df74cce0423376e6a782e4b3deb64

                                                      SHA1

                                                      8db193e73416f1da44ad98f344d3ff207ace44ac

                                                      SHA256

                                                      8b9263763da2c73054426eb6a8de5c4e7f42ecd11e9c95a426b0c66aedd727ab

                                                      SHA512

                                                      ca3136acde16e33c80a0f50c5f73a2eda795ebf9a90f7bcd4803b5cf2c51135b2ec2ae40d06015ab6fe4b2b18bfc0a95712bc98dcf5f2cc85192bb715a021642

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi
                                                      Filesize

                                                      30.1MB

                                                      MD5

                                                      0e4e9aa41d24221b29b19ba96c1a64d0

                                                      SHA1

                                                      231ade3d5a586c0eb4441c8dbfe9007dc26b2872

                                                      SHA256

                                                      5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

                                                      SHA512

                                                      e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

                                                      Download Submit

                                                    • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                      Filesize

                                                      6.9MB

                                                      MD5

                                                      1c4187f0b612a9a473010dcc37c37a82

                                                      SHA1

                                                      34d46733452812d481adeedad5eaea2cf4342540

                                                      SHA256

                                                      c8d55b0f4f25caf135dabc7f21b9548263022107e9740dfe692b402469cd47bd

                                                      SHA512

                                                      075678e24a867d5630da324e934837d81a3fa1d848a15feeb2a7be268d38b81ca4210cd44a22e9869173edebecd1947968327ddce16a85b71c03e6307e365def

                                                      Download Submit

                                                    • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier
                                                      Filesize

                                                      26B

                                                      MD5

                                                      fbccf14d504b7b2dbcb5a5bda75bd93b

                                                      SHA1

                                                      d59fc84cdd5217c6cf74785703655f78da6b582b

                                                      SHA256

                                                      eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                      SHA512

                                                      aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                      Download Submit

                                                    • C:\Windows\Installer\MSI7EAC.tmp
                                                      Filesize

                                                      122KB

                                                      MD5

                                                      9fe9b0ecaea0324ad99036a91db03ebb

                                                      SHA1

                                                      144068c64ec06fc08eadfcca0a014a44b95bb908

                                                      SHA256

                                                      e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

                                                      SHA512

                                                      906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

                                                      Download Submit

                                                    • C:\Windows\Installer\MSI7EEC.tmp
                                                      Filesize

                                                      211KB

                                                      MD5

                                                      a3ae5d86ecf38db9427359ea37a5f646

                                                      SHA1

                                                      eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                      SHA256

                                                      c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                      SHA512

                                                      96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                      Download Submit

                                                    • C:\Windows\Installer\MSI8A87.tmp
                                                      Filesize

                                                      297KB

                                                      MD5

                                                      7a86ce1a899262dd3c1df656bff3fb2c

                                                      SHA1

                                                      33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

                                                      SHA256

                                                      b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

                                                      SHA512

                                                      421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

                                                      Download Submit

                                                    • C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
                                                      Filesize

                                                      280B

                                                      MD5

                                                      1677c07b7ff455a96575fe8d5156ff70

                                                      SHA1

                                                      74db9f49453d1691e88a8a6f21e944d4bfa2e7e6

                                                      SHA256

                                                      7511f4a7a1b0c887e32666e232baf82e03c6d1a09c3dd671d016e2ede77f963d

                                                      SHA512

                                                      b5075963aebc9bf1e9306935034979d844c30ccbb29a1fbc83d117286cda2887690b9a8a8ec96dc1c1815eaefa8e4ec3847e193e28d397f2e49d77106bc4a957

                                                      Download Submit

                                                    • memory/1796-3608-0x0000000072FF0000-0x0000000073200000-memory.dmp

                                                      Filesize

                                                      2.1MB

                                                      Download

                                                    • memory/1796-3484-0x0000000000EC0000-0x0000000000EF5000-memory.dmp

                                                      Filesize

                                                      212KB

                                                      Download

                                                    • memory/1796-3485-0x0000000072FF0000-0x0000000073200000-memory.dmp

                                                      Filesize

                                                      2.1MB

                                                      Download

                                                    • memory/2500-3674-0x0000018B7C790000-0x0000018B7C8DF000-memory.dmp

                                                      Filesize

                                                      1.3MB

                                                      Download

                                                    • memory/2500-3609-0x0000018B7C790000-0x0000018B7C8DF000-memory.dmp

                                                      Filesize

                                                      1.3MB

                                                      Download

                                                    • memory/2500-3494-0x0000000180000000-0x0000000181168000-memory.dmp

                                                      Filesize

                                                      17.4MB

                                                      Download

                                                    • memory/2500-3495-0x0000000180000000-0x0000000181168000-memory.dmp

                                                      Filesize

                                                      17.4MB

                                                      Download

                                                    • memory/2500-3497-0x0000018B7C940000-0x0000018B7C950000-memory.dmp

                                                      Filesize

                                                      64KB

                                                      Download

                                                    • memory/2500-3498-0x0000018B7CC00000-0x0000018B7CC90000-memory.dmp

                                                      Filesize

                                                      576KB

                                                      Download

                                                    • memory/2500-3499-0x0000018B7D020000-0x0000018B7D028000-memory.dmp

                                                      Filesize

                                                      32KB

                                                      Download

                                                    • memory/2500-3501-0x0000018B7EC30000-0x0000018B7EC68000-memory.dmp

                                                      Filesize

                                                      224KB

                                                      Download

                                                    • memory/2500-3502-0x0000018B7D030000-0x0000018B7D03E000-memory.dmp

                                                      Filesize

                                                      56KB

                                                      Download

                                                    • memory/2500-3492-0x0000000180000000-0x0000000181168000-memory.dmp

                                                      Filesize

                                                      17.4MB

                                                      Download

                                                    • memory/2500-3705-0x0000000180000000-0x0000000181168000-memory.dmp

                                                      Filesize

                                                      17.4MB

                                                      Download

                                                    • memory/2500-3778-0x0000000180000000-0x0000000181168000-memory.dmp

                                                      Filesize

                                                      17.4MB

                                                      Download

                                                    • memory/2500-3675-0x0000000180000000-0x0000000181168000-memory.dmp

                                                      Filesize

                                                      17.4MB

                                                      Download

                                                    • memory/2500-3720-0x0000000180000000-0x0000000181168000-memory.dmp

                                                      Filesize

                                                      17.4MB

                                                      Download

                                                    • memory/2500-3658-0x0000000180000000-0x0000000181168000-memory.dmp

                                                      Filesize

                                                      17.4MB

                                                      Download

                                                    • memory/2500-3699-0x0000000180000000-0x0000000181168000-memory.dmp

                                                      Filesize

                                                      17.4MB

                                                      Download

                                                    • memory/2500-3610-0x0000000180000000-0x0000000181168000-memory.dmp

                                                      Filesize

                                                      17.4MB

                                                      Download

                                                    • memory/2500-3737-0x0000000180000000-0x0000000181168000-memory.dmp

                                                      Filesize

                                                      17.4MB

                                                      Download

                                                    • memory/2500-3657-0x0000018B7C790000-0x0000018B7C8DF000-memory.dmp

                                                      Filesize

                                                      1.3MB

                                                      Download

                                                    • memory/2500-3493-0x0000000180000000-0x0000000181168000-memory.dmp

                                                      Filesize

                                                      17.4MB

                                                      Download

                                                    • memory/2584-3741-0x00000169865C0000-0x00000169865F1000-memory.dmp

                                                      Filesize

                                                      196KB

                                                      Download

                                                    • memory/3560-3647-0x0000015615720000-0x0000015615751000-memory.dmp

                                                      Filesize

                                                      196KB

                                                      Download

                                                    • memory/3560-3521-0x00007FFF27000000-0x00007FFF27001000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3592-2905-0x000001BB794F0000-0x000001BB79A2C000-memory.dmp

                                                      Filesize

                                                      5.2MB

                                                      Download

                                                    • memory/3592-2908-0x000001BB78FB0000-0x000001BB7906A000-memory.dmp

                                                      Filesize

                                                      744KB

                                                      Download

                                                    • memory/3592-2903-0x000001BB76750000-0x000001BB76774000-memory.dmp

                                                      Filesize

                                                      144KB

                                                      Download

                                                    • memory/3592-2910-0x000001BB79070000-0x000001BB79122000-memory.dmp

                                                      Filesize

                                                      712KB

                                                      Download

                                                    • memory/3592-2913-0x000001BB793B0000-0x000001BB794B2000-memory.dmp

                                                      Filesize

                                                      1.0MB

                                                      Download

                                                    • memory/3592-2914-0x000001BB78CC0000-0x000001BB78CD4000-memory.dmp

                                                      Filesize

                                                      80KB

                                                      Download

                                                    • memory/4100-3648-0x0000021AB3540000-0x0000021AB3571000-memory.dmp

                                                      Filesize

                                                      196KB

                                                      Download

                                                    • memory/4100-7-0x0000018B34710000-0x0000018B34732000-memory.dmp

                                                      Filesize

                                                      136KB

                                                      Download

                                                    • memory/4100-71-0x00007FFF06E00000-0x00007FFF078C2000-memory.dmp

                                                      Filesize

                                                      10.8MB

                                                      Download

                                                    • memory/4100-2907-0x00007FFF06E00000-0x00007FFF078C2000-memory.dmp

                                                      Filesize

                                                      10.8MB

                                                      Download

                                                    • memory/4100-2478-0x0000018B34790000-0x0000018B347A2000-memory.dmp

                                                      Filesize

                                                      72KB

                                                      Download

                                                    • memory/4100-5-0x0000018B32520000-0x0000018B32560000-memory.dmp

                                                      Filesize

                                                      256KB

                                                      Download

                                                    • memory/4100-3-0x00007FFF06E00000-0x00007FFF078C2000-memory.dmp

                                                      Filesize

                                                      10.8MB

                                                      Download

                                                    • memory/4100-2-0x00007FFF06E03000-0x00007FFF06E05000-memory.dmp

                                                      Filesize

                                                      8KB

                                                      Download

                                                    • memory/4100-2476-0x0000018B326E0000-0x0000018B326EA000-memory.dmp

                                                      Filesize

                                                      40KB

                                                      Download

                                                    • memory/4100-0-0x00007FFF06E03000-0x00007FFF06E05000-memory.dmp

                                                      Filesize

                                                      8KB

                                                      Download

                                                    • memory/4100-1-0x0000018B17F60000-0x0000018B1802E000-memory.dmp

                                                      Filesize

                                                      824KB

                                                      Download