Analysis
-
max time kernel
211s -
max time network
213s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
30-11-2024 06:42
Static task
static1
General
-
Target
Bootstrapper.exe
-
Size
800KB
-
MD5
02c70d9d6696950c198db93b7f6a835e
-
SHA1
30231a467a49cc37768eea0f55f4bea1cbfb48e2
-
SHA256
8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
-
SHA512
431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
-
SSDEEP
12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Solara.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Solara.exe -
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Solara.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Solara.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Solara.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Solara.exe -
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\Control Panel\International\Geo\Nation Bootstrapper.exe Key value queried \REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\Control Panel\International\Geo\Nation Bootstrapper.exe Key value queried \REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\Control Panel\International\Geo\Nation Bootstrapper.exe -
Executes dropped EXE 7 IoCs
pid Process 4832 Solara.exe 4272 node.exe 2728 Solara.exe 1680 node.exe 192 node.exe 4484 Solara.exe 1936 node.exe -
Loads dropped DLL 15 IoCs
pid Process 3560 MsiExec.exe 3560 MsiExec.exe 2252 MsiExec.exe 2252 MsiExec.exe 2252 MsiExec.exe 2252 MsiExec.exe 2252 MsiExec.exe 3308 MsiExec.exe 3308 MsiExec.exe 3308 MsiExec.exe 3560 MsiExec.exe 2728 Solara.exe 2728 Solara.exe 4484 Solara.exe 4484 Solara.exe -
resource yara_rule behavioral1/files/0x0007000000045e39-2820.dat themida behavioral1/memory/2728-2850-0x0000000180000000-0x0000000181168000-memory.dmp themida behavioral1/memory/2728-2851-0x0000000180000000-0x0000000181168000-memory.dmp themida behavioral1/memory/2728-2853-0x0000000180000000-0x0000000181168000-memory.dmp themida behavioral1/memory/2728-2852-0x0000000180000000-0x0000000181168000-memory.dmp themida behavioral1/memory/2728-2857-0x0000000180000000-0x0000000181168000-memory.dmp themida behavioral1/memory/4484-2859-0x0000000180000000-0x0000000181168000-memory.dmp themida behavioral1/memory/4484-2861-0x0000000180000000-0x0000000181168000-memory.dmp themida behavioral1/memory/4484-2862-0x0000000180000000-0x0000000181168000-memory.dmp themida behavioral1/memory/4484-2860-0x0000000180000000-0x0000000181168000-memory.dmp themida behavioral1/memory/4484-2867-0x0000000180000000-0x0000000181168000-memory.dmp themida behavioral1/memory/4484-2868-0x0000000180000000-0x0000000181168000-memory.dmp themida behavioral1/memory/4484-2869-0x0000000180000000-0x0000000181168000-memory.dmp themida behavioral1/memory/4484-2870-0x0000000180000000-0x0000000181168000-memory.dmp themida behavioral1/memory/4484-2871-0x0000000180000000-0x0000000181168000-memory.dmp themida behavioral1/memory/4484-2873-0x0000000180000000-0x0000000181168000-memory.dmp themida -
Blocklisted process makes network request 2 IoCs
flow pid Process 29 1800 msiexec.exe 31 1800 msiexec.exe -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Solara.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Solara.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\O: msiexec.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
flow ioc 50 pastebin.com 51 pastebin.com 71 pastebin.com 90 pastebin.com -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 2728 Solara.exe 4484 Solara.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\.github\workflows\release-please.yml msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\lib\commands\stop.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\bin\npm.cmd msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmdiff\LICENSE msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\https-proxy-agent\dist\index.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\browser.mjs msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\google\protobuf\descriptor.d.ts msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\valid.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\git\LICENSE msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\tar\index.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmpublish\lib\provenance.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\man\man1\npm-deprecate.1 msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\process\package.json msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\fastest-levenshtein\test.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\fastest-levenshtein\bench.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-bugs.md msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-install-ci-test.md msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\models\index.d.ts msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-star.html msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\yarn-lock.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\MSVSToolFile.py msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\inc.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\docs\output\configuring-npm\npm-shrinkwrap-json.html msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\retry\equation.gif msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\minimatch\dist\mjs\index.js.map msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\gauge\lib\error.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\gypd.py msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\fs-minipass\package.json msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\npm-install-checks\LICENSE msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\addon.gypi msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\get-workspace-nodes.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\run-script\package.json msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\lib\index.d.ts msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\safer-buffer\package.json msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\fs.realpath\old.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\docs\output\configuring-npm\package-json.html msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\lib\themes.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\agent-base\dist\src\promisify.js.map msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\npmlog\lib\log.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\text-table\example\dotalign.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\common.py msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\color-name\package.json msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\tlog\format.d.ts msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\name-from-folder\lib\index.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\debug\LICENSE msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmaccess\lib\index.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\lib\depth.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\run-script\lib\set-path.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-link.md msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\lib\commands\run-script.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\man\man1\npm-version.1 msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-config.html msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\fs-minipass\LICENSE msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\ca\index.d.ts msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\.github\workflows\tests.yml msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-flush\node_modules\minipass\index.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\updater.d.ts msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\compile_commands_json.py msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\event-target-shim\package.json msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\xcode_test.py msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\link-gently.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\http-proxy-agent\dist\agent.js msiexec.exe File created C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-json-stream\LICENSE msiexec.exe -
Drops file in Windows directory 21 IoCs
description ioc Process File opened for modification C:\Windows\Installer\MSIBFE8.tmp msiexec.exe File opened for modification C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon msiexec.exe File opened for modification C:\Windows\Installer\e57afc8.msi msiexec.exe File opened for modification C:\Windows\Installer\MSIB641.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSICB17.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIF48D.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIEC3D.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIED28.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIEEB0.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIB594.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC} msiexec.exe File opened for modification C:\Windows\Installer\MSIB661.tmp msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File opened for modification C:\Windows\Installer\MSIC40F.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIC45E.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSICAF7.tmp msiexec.exe File created C:\Windows\Installer\e57afc8.msi msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File created C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon msiexec.exe File created C:\Windows\Installer\e57afcc.msi msiexec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe -
Gathers network information 2 TTPs 3 IoCs
Uses commandline utility to view network configuration.
pid Process 2688 ipconfig.exe 4824 ipconfig.exe 1168 ipconfig.exe -
Modifies data under HKEY_USERS 3 IoCs
description ioc Process Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 msiexec.exe -
Modifies registry class 30 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3" msiexec.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" msiexec.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1864 Bootstrapper.exe 1864 Bootstrapper.exe 1800 msiexec.exe 1800 msiexec.exe 4832 Solara.exe 4832 Solara.exe 3912 Bootstrapper.exe 3912 Bootstrapper.exe 2728 Solara.exe 4040 Bootstrapper.exe 4040 Bootstrapper.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe 4484 Solara.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 1864 Bootstrapper.exe Token: SeShutdownPrivilege 5028 msiexec.exe Token: SeIncreaseQuotaPrivilege 5028 msiexec.exe Token: SeSecurityPrivilege 1800 msiexec.exe Token: SeCreateTokenPrivilege 5028 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 5028 msiexec.exe Token: SeLockMemoryPrivilege 5028 msiexec.exe Token: SeIncreaseQuotaPrivilege 5028 msiexec.exe Token: SeMachineAccountPrivilege 5028 msiexec.exe Token: SeTcbPrivilege 5028 msiexec.exe Token: SeSecurityPrivilege 5028 msiexec.exe Token: SeTakeOwnershipPrivilege 5028 msiexec.exe Token: SeLoadDriverPrivilege 5028 msiexec.exe Token: SeSystemProfilePrivilege 5028 msiexec.exe Token: SeSystemtimePrivilege 5028 msiexec.exe Token: SeProfSingleProcessPrivilege 5028 msiexec.exe Token: SeIncBasePriorityPrivilege 5028 msiexec.exe Token: SeCreatePagefilePrivilege 5028 msiexec.exe Token: SeCreatePermanentPrivilege 5028 msiexec.exe Token: SeBackupPrivilege 5028 msiexec.exe Token: SeRestorePrivilege 5028 msiexec.exe Token: SeShutdownPrivilege 5028 msiexec.exe Token: SeDebugPrivilege 5028 msiexec.exe Token: SeAuditPrivilege 5028 msiexec.exe Token: SeSystemEnvironmentPrivilege 5028 msiexec.exe Token: SeChangeNotifyPrivilege 5028 msiexec.exe Token: SeRemoteShutdownPrivilege 5028 msiexec.exe Token: SeUndockPrivilege 5028 msiexec.exe Token: SeSyncAgentPrivilege 5028 msiexec.exe Token: SeEnableDelegationPrivilege 5028 msiexec.exe Token: SeManageVolumePrivilege 5028 msiexec.exe Token: SeImpersonatePrivilege 5028 msiexec.exe Token: SeCreateGlobalPrivilege 5028 msiexec.exe Token: SeRestorePrivilege 1800 msiexec.exe Token: SeTakeOwnershipPrivilege 1800 msiexec.exe Token: SeRestorePrivilege 1800 msiexec.exe Token: SeTakeOwnershipPrivilege 1800 msiexec.exe Token: SeRestorePrivilege 1800 msiexec.exe Token: SeTakeOwnershipPrivilege 1800 msiexec.exe Token: SeRestorePrivilege 1800 msiexec.exe Token: SeTakeOwnershipPrivilege 1800 msiexec.exe Token: SeRestorePrivilege 1800 msiexec.exe Token: SeTakeOwnershipPrivilege 1800 msiexec.exe Token: SeRestorePrivilege 1800 msiexec.exe Token: SeTakeOwnershipPrivilege 1800 msiexec.exe Token: SeRestorePrivilege 1800 msiexec.exe Token: SeTakeOwnershipPrivilege 1800 msiexec.exe Token: SeRestorePrivilege 1800 msiexec.exe Token: SeTakeOwnershipPrivilege 1800 msiexec.exe Token: SeRestorePrivilege 1800 msiexec.exe Token: SeTakeOwnershipPrivilege 1800 msiexec.exe Token: SeRestorePrivilege 1800 msiexec.exe Token: SeTakeOwnershipPrivilege 1800 msiexec.exe Token: SeRestorePrivilege 1800 msiexec.exe Token: SeTakeOwnershipPrivilege 1800 msiexec.exe Token: SeSecurityPrivilege 4732 wevtutil.exe Token: SeBackupPrivilege 4732 wevtutil.exe Token: SeSecurityPrivilege 5044 wevtutil.exe Token: SeBackupPrivilege 5044 wevtutil.exe Token: SeRestorePrivilege 1800 msiexec.exe Token: SeTakeOwnershipPrivilege 1800 msiexec.exe Token: SeRestorePrivilege 1800 msiexec.exe Token: SeTakeOwnershipPrivilege 1800 msiexec.exe Token: SeRestorePrivilege 1800 msiexec.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 4484 Solara.exe 4484 Solara.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 4272 node.exe 1680 node.exe 192 node.exe 1936 node.exe 4484 Solara.exe -
Suspicious use of WriteProcessMemory 41 IoCs
description pid Process procid_target PID 1864 wrote to memory of 2164 1864 Bootstrapper.exe 81 PID 1864 wrote to memory of 2164 1864 Bootstrapper.exe 81 PID 2164 wrote to memory of 2688 2164 cmd.exe 83 PID 2164 wrote to memory of 2688 2164 cmd.exe 83 PID 1864 wrote to memory of 5028 1864 Bootstrapper.exe 91 PID 1864 wrote to memory of 5028 1864 Bootstrapper.exe 91 PID 1800 wrote to memory of 3560 1800 msiexec.exe 98 PID 1800 wrote to memory of 3560 1800 msiexec.exe 98 PID 1800 wrote to memory of 2252 1800 msiexec.exe 99 PID 1800 wrote to memory of 2252 1800 msiexec.exe 99 PID 1800 wrote to memory of 2252 1800 msiexec.exe 99 PID 1800 wrote to memory of 3308 1800 msiexec.exe 102 PID 1800 wrote to memory of 3308 1800 msiexec.exe 102 PID 1800 wrote to memory of 3308 1800 msiexec.exe 102 PID 3308 wrote to memory of 4732 3308 MsiExec.exe 103 PID 3308 wrote to memory of 4732 3308 MsiExec.exe 103 PID 3308 wrote to memory of 4732 3308 MsiExec.exe 103 PID 4732 wrote to memory of 5044 4732 wevtutil.exe 105 PID 4732 wrote to memory of 5044 4732 wevtutil.exe 105 PID 1864 wrote to memory of 4832 1864 Bootstrapper.exe 108 PID 1864 wrote to memory of 4832 1864 Bootstrapper.exe 108 PID 3912 wrote to memory of 4444 3912 Bootstrapper.exe 119 PID 3912 wrote to memory of 4444 3912 Bootstrapper.exe 119 PID 4444 wrote to memory of 4824 4444 cmd.exe 121 PID 4444 wrote to memory of 4824 4444 cmd.exe 121 PID 3912 wrote to memory of 4272 3912 Bootstrapper.exe 123 PID 3912 wrote to memory of 4272 3912 Bootstrapper.exe 123 PID 3912 wrote to memory of 2728 3912 Bootstrapper.exe 125 PID 3912 wrote to memory of 2728 3912 Bootstrapper.exe 125 PID 2728 wrote to memory of 1680 2728 Solara.exe 126 PID 2728 wrote to memory of 1680 2728 Solara.exe 126 PID 4040 wrote to memory of 2216 4040 Bootstrapper.exe 130 PID 4040 wrote to memory of 2216 4040 Bootstrapper.exe 130 PID 2216 wrote to memory of 1168 2216 cmd.exe 132 PID 2216 wrote to memory of 1168 2216 cmd.exe 132 PID 4040 wrote to memory of 192 4040 Bootstrapper.exe 133 PID 4040 wrote to memory of 192 4040 Bootstrapper.exe 133 PID 4040 wrote to memory of 4484 4040 Bootstrapper.exe 135 PID 4040 wrote to memory of 4484 4040 Bootstrapper.exe 135 PID 4484 wrote to memory of 1936 4484 Solara.exe 136 PID 4484 wrote to memory of 1936 4484 Solara.exe 136 -
cURL User-Agent 12 IoCs
Uses User-Agent string associated with cURL utility.
description flow ioc HTTP User-Agent header 94 curl/8.9.1-DEV HTTP User-Agent header 95 curl/8.9.1-DEV HTTP User-Agent header 96 curl/8.9.1-DEV HTTP User-Agent header 73 curl/8.9.1-DEV HTTP User-Agent header 76 curl/8.9.1-DEV HTTP User-Agent header 77 curl/8.9.1-DEV HTTP User-Agent header 81 curl/8.9.1-DEV HTTP User-Agent header 97 curl/8.9.1-DEV HTTP User-Agent header 79 curl/8.9.1-DEV HTTP User-Agent header 80 curl/8.9.1-DEV HTTP User-Agent header 92 curl/8.9.1-DEV HTTP User-Agent header 93 curl/8.9.1-DEV
Processes
-
C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1864 -
C:\Windows\SYSTEM32\cmd.exe"cmd" /c ipconfig /all2⤵
- Suspicious use of WriteProcessMemory
PID:2164 -
C:\Windows\system32\ipconfig.exeipconfig /all3⤵
- Gathers network information
PID:2688
-
-
-
C:\Windows\System32\msiexec.exe"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5028
-
-
C:\ProgramData\Solara\Solara.exe"C:\ProgramData\Solara\Solara.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4832
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1800 -
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 001449F523DFF1C7EB71473432AAFD8D2⤵
- Loads dropped DLL
PID:3560
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding C7C7B6CC2E8089DA58C4B057B8205F2F2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2252
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 390AB7006F29747504CEDFE73F48DFFA E Global\MSI00002⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3308 -
C:\Windows\SysWOW64\wevtutil.exe"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4732 -
C:\Windows\System32\wevtutil.exe"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow644⤵
- Suspicious use of AdjustPrivilegeToken
PID:5044
-
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1996
-
C:\Users\Admin\Desktop\dwadddaw\Bootstrapper.exe"C:\Users\Admin\Desktop\dwadddaw\Bootstrapper.exe"1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3912 -
C:\Windows\SYSTEM32\cmd.exe"cmd" /c ipconfig /all2⤵
- Suspicious use of WriteProcessMemory
PID:4444 -
C:\Windows\system32\ipconfig.exeipconfig /all3⤵
- Gathers network information
PID:4824
-
-
-
C:\Program Files\nodejs\node.exe"node" -v2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4272
-
-
C:\ProgramData\Solara\Solara.exe"C:\ProgramData\Solara\Solara.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2728 -
C:\Program Files\nodejs\node.exe"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 791baf7872ef49493⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680
-
-
-
C:\Users\Admin\Desktop\dwadddaw\Bootstrapper.exe"C:\Users\Admin\Desktop\dwadddaw\Bootstrapper.exe"1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4040 -
C:\Windows\SYSTEM32\cmd.exe"cmd" /c ipconfig /all2⤵
- Suspicious use of WriteProcessMemory
PID:2216 -
C:\Windows\system32\ipconfig.exeipconfig /all3⤵
- Gathers network information
PID:1168
-
-
-
C:\Program Files\nodejs\node.exe"node" -v2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:192
-
-
C:\ProgramData\Solara\Solara.exe"C:\ProgramData\Solara\Solara.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4484 -
C:\Program Files\nodejs\node.exe"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 368247a1e9164c5a3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936
-
-
Network
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestgetsolara.devIN AResponsegetsolara.devIN A104.21.93.27getsolara.devIN A172.67.203.125
-
Remote address:104.21.93.27:443RequestGET /asset/discord.json HTTP/1.1
Host: getsolara.dev
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: W/"7d966f73b6ce74a610dddaf0d0951ed8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qFLI3IJVo%2Bb4nslQwwByJM4T%2F1REIuTUOqey7wKUDsBbc%2F%2BI9Tg4JokC5L0dk5m9YCxRiGm2xtgRIc0D%2BZDyrlpzlzFq6kr1%2FVcBQ%2Fk2aY9nxVWxN7lgMahv7xcjAi9Y"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8dbec5a00417f-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=61244&min_rtt=53945&rtt_var=18808&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2973&recv_bytes=378&delivery_rate=75327&cwnd=215&unsent_bytes=0&cid=332ee882ad30c7b4&ts=146&x=0"
-
Remote address:104.21.93.27:443RequestGET /api/endpoint.json HTTP/1.1
Host: getsolara.dev
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: W/"94670152d340e6e41e0e564b886ac5d4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CiDJqo9eUFWFutmn%2BQFF8fuNd2hr%2BTTGp1VADiGuAJZ6vsSEqKjnc3DXsYUXOmHCAtJCbRxFFKGFRm7p7WObeyeYvxqdyiroX%2Bzel589ngIxKmt84g1JZKt%2FzW5LWD4H"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8dbf9ecee417f-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=59589&min_rtt=47934&rtt_var=17417&sent=7&recv=8&lost=0&retrans=0&sent_bytes=4204&recv_bytes=463&delivery_rate=75327&cwnd=217&unsent_bytes=0&cid=332ee882ad30c7b4&ts=2303&x=0"
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request67.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request27.93.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestclientsettings.roblox.comIN AResponseclientsettings.roblox.comIN CNAMEtitanium.roblox.comtitanium.roblox.comIN CNAMEedge-term4.roblox.comedge-term4.roblox.comIN CNAMEedge-term4-ams2.roblox.comedge-term4-ams2.roblox.comIN A128.116.21.4
-
Remote address:128.116.21.4:443RequestGET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
Host: clientsettings.roblox.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
content-type: application/json; charset=utf-8
date: Sat, 30 Nov 2024 06:42:45 GMT
server: Kestrel
cache-control: no-cache
strict-transport-security: max-age=3600
x-frame-options: SAMEORIGIN
roblox-machine-id: bc36554b-9b05-d3dc-9281-aec7e7041c24
x-roblox-region: us-central_rbx
x-roblox-edge: ams2
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
-
Remote address:8.8.8.8:53Request4.21.116.128.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestwww.nodejs.orgIN AResponsewww.nodejs.orgIN A104.20.22.46www.nodejs.orgIN A104.20.23.46
-
Remote address:104.20.22.46:443RequestGET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1
Host: www.nodejs.org
Connection: Keep-Alive
ResponseHTTP/1.1 307 Temporary Redirect
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=0, must-revalidate
location: https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-vercel-id: lhr1::c28rs-1732948968262-4b44d5adad6f
CF-Cache-Status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8ea8dc09b94494eb-LHR
-
Remote address:8.8.8.8:53Requestnodejs.orgIN AResponsenodejs.orgIN A104.20.23.46nodejs.orgIN A104.20.22.46
-
Remote address:104.20.23.46:443RequestGET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1
Host: nodejs.org
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: application/x-msi
Content-Length: 31539200
Connection: keep-alive
Cache-Control: public, max-age=3600, s-maxage=14400
ETag: "0e4e9aa41d24221b29b19ba96c1a64d0"
Last-Modified: Wed, 12 Apr 2023 04:13:37 GMT
accept-range: bytes
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8ea8dc0d4a43419b-LHR
-
Remote address:8.8.8.8:53Request46.22.20.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request46.22.20.104.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request46.23.20.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request97.17.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request23.149.64.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request8049c006.solaraweb-alj.pages.devIN AResponse8049c006.solaraweb-alj.pages.devIN A172.66.44.598049c006.solaraweb-alj.pages.devIN A172.66.47.197
-
Remote address:172.66.44.59:443RequestGET /download/static/files/Solara.Dir.zip HTTP/1.1
Host: 8049c006.solaraweb-alj.pages.dev
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: application/zip
Content-Length: 11038114
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: "fd8de623471c9004d6d0fb765b323c63"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-robots-tag: noindex
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jaObvt4IZjobFHYd7nl3oj3gAq91aIub3n%2FEfB393vJ%2FdlbYlPU76T7GgNbrAZDbf058kAVQFrONTRa6BtATnIydmDrSuf5RO7a7O8ise8a87FBlarVBqxJjQ2SbIbuOu4%2FKpU1FJ7G9MdB1whvlTaqcJw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8ea8dc98288f6400-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=47970&min_rtt=47000&rtt_var=11267&sent=6&recv=6&lost=0&retrans=0&sent_bytes=3022&recv_bytes=434&delivery_rate=82151&cwnd=253&unsent_bytes=0&cid=cdc8d8a7a6779115&ts=177&x=0"
-
Remote address:8.8.8.8:53Request171.39.242.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request59.44.66.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request59.44.66.172.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Requestpastebin.comIN AResponsepastebin.comIN A104.20.3.235pastebin.comIN A172.67.19.24pastebin.comIN A104.20.4.235
-
Remote address:104.20.3.235:443RequestGET /raw/pjseRvyK HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: HIT
Age: 1167
Last-Modified: Sat, 30 Nov 2024 06:23:46 GMT
Server: cloudflare
CF-RAY: 8ea8dcaaec289547-LHR
-
Remote address:128.116.21.4:443RequestGET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
Host: clientsettings.roblox.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
content-type: application/json; charset=utf-8
date: Sat, 30 Nov 2024 06:43:14 GMT
server: Kestrel
cache-control: no-cache
strict-transport-security: max-age=3600
x-frame-options: SAMEORIGIN
roblox-machine-id: c9f5f144-3ac7-534b-6ffd-8b7dd5c43abd
x-roblox-region: us-central_rbx
x-roblox-edge: ams2
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
-
Remote address:8.8.8.8:53Request235.3.20.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request88.210.23.2.in-addr.arpaIN PTRResponse88.210.23.2.in-addr.arpaIN PTRa2-23-210-88deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request19.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request19.229.111.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Requestcheckappexec.microsoft.comIN AResponsecheckappexec.microsoft.comIN CNAMEprod-atm-wds-apprep.trafficmanager.netprod-atm-wds-apprep.trafficmanager.netIN CNAMEprod-agic-us-3.uksouth.cloudapp.azure.comprod-agic-us-3.uksouth.cloudapp.azure.comIN A172.165.61.93
-
Remote address:172.165.61.93:443RequestPOST /windows/shell/actions HTTP/2.0
host: checkappexec.microsoft.com
accept-encoding: gzip, deflate
user-agent: SmartScreen/2814751014982010
authorization: SmartScreenHash eyJhdXRoSWQiOiJhZGZmZjVhZC1lZjllLTQzYTYtYjFhMy0yYWQ0MjY3YWVlZDUiLCJoYXNoIjoiN2lmUC8wUm52MUE9Iiwia2V5IjoiMEYwUlRJWXNVZWU0S0ZVT0pzMDdCUT09In0=
content-length: 1162
content-type: application/json; charset=utf-8
cache-control: no-cache
ResponseHTTP/2.0 200
content-type: application/json; charset=utf-8
content-length: 183
server: Kestrel
cache-control: max-age=0, private
request-context: appId=cid-v1:7f05e9f0-1fe6-401c-8ae7-2478e40e2f1e
-
Remote address:8.8.8.8:53Request2.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request93.61.165.172.in-addr.arpaIN PTRResponse
-
Remote address:104.21.93.27:443RequestGET /asset/discord.json HTTP/1.1
Host: getsolara.dev
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: W/"7d966f73b6ce74a610dddaf0d0951ed8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SkhTHpQRQL75JZj6JYrCju9vFbUUzNmCSbgumHHhht6Brpfhf4UI5%2FYyW%2BJekDWgrMMydTiP3DtFWAqp41coh7OrQzFq0IADqjj7DiVq%2B6F7hdXcVkEe30hLjEdSu%2BR3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8df3e6c697198-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=49307&min_rtt=47730&rtt_var=13030&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2974&recv_bytes=378&delivery_rate=80435&cwnd=238&unsent_bytes=0&cid=64cedc66e10848cc&ts=142&x=0"
-
Remote address:104.21.93.27:443RequestGET /api/endpoint.json HTTP/1.1
Host: getsolara.dev
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: W/"94670152d340e6e41e0e564b886ac5d4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZI%2FQA1fc6xsHSM3dxl1yzmOoWc%2Fe25AMbnq%2B2UXsCOMkI3sKuS8Rt4Zq8QYGJNT8vFv6t%2FKG%2Fm64ABCgIxRTxzbp0hWw1faERNwKiOqUBBVRjRElBI%2BlblTnXYSUiRGO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8df4bbc787198-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=49441&min_rtt=47730&rtt_var=10041&sent=7&recv=8&lost=0&retrans=0&sent_bytes=4199&recv_bytes=463&delivery_rate=80435&cwnd=240&unsent_bytes=0&cid=64cedc66e10848cc&ts=2277&x=0"
-
Remote address:128.116.21.4:443RequestGET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
Host: clientsettings.roblox.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
content-type: application/json; charset=utf-8
date: Sat, 30 Nov 2024 06:45:01 GMT
server: Kestrel
cache-control: no-cache
strict-transport-security: max-age=3600
x-frame-options: SAMEORIGIN
roblox-machine-id: d5cfde8c-e67b-7b3d-5198-b0e6d3b18785
x-roblox-region: us-central_rbx
x-roblox-edge: ams2
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
-
Remote address:104.20.3.235:443RequestGET /raw/pjseRvyK HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: HIT
Age: 1279
Last-Modified: Sat, 30 Nov 2024 06:23:46 GMT
Server: cloudflare
CF-RAY: 8ea8df62b8567691-LHR
-
Remote address:128.116.21.4:443RequestGET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
Host: clientsettings.roblox.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
content-type: application/json; charset=utf-8
date: Sat, 30 Nov 2024 06:45:05 GMT
server: Kestrel
cache-control: no-cache
strict-transport-security: max-age=3600
x-frame-options: SAMEORIGIN
roblox-machine-id: db4946b9-517c-7537-12e3-010c4a5e7229
x-roblox-region: us-central_rbx
x-roblox-edge: ams2
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
-
Remote address:104.21.93.27:443RequestGET /asset/Cheers HTTP/1.1
Host: getsolara.dev
User-Agent: curl/8.9.1-DEV
Accept: */*
Accept-Encoding: deflate, gzip
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 364
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: "19fbed4a27bd3755bc536005047ef7c0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LEYunVnoLWF6I7TDN0kK%2B0PWGgOwssDqvYUW9WlhfPW6wnol4anSEa%2F%2Fl9Z0PaZmk08lmWh%2Bo1XEcC6v5ZoHLvWWcxE%2F5QdiRiD0DssPJANYRXYjrGfhYC8hp61%2FEkj3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8df6eda4bcd57-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=85584&min_rtt=57815&rtt_var=67303&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3284&recv_bytes=445&delivery_rate=46942&cwnd=253&unsent_bytes=0&cid=712139cc2a791812&ts=444&x=0"
-
Remote address:8.8.8.8:53Requestc.pki.googIN AResponsec.pki.googIN CNAMEpki-goog.l.google.compki-goog.l.google.comIN A142.250.200.3
-
Remote address:142.250.200.3:80RequestGET /r/gsr1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1739
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 30 Nov 2024 06:20:25 GMT
Expires: Sat, 30 Nov 2024 07:10:25 GMT
Cache-Control: public, max-age=3000
Age: 1481
Last-Modified: Mon, 07 Oct 2024 07:18:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
Remote address:142.250.200.3:80RequestGET /r/r4.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 436
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 30 Nov 2024 06:20:37 GMT
Expires: Sat, 30 Nov 2024 07:10:37 GMT
Cache-Control: public, max-age=3000
Age: 1469
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
Remote address:104.21.93.27:443RequestGET /asset/Cheers HTTP/1.1
Host: getsolara.dev
User-Agent: curl/8.9.1-DEV
Accept: */*
Accept-Encoding: deflate, gzip
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 364
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: "19fbed4a27bd3755bc536005047ef7c0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h2Vsdjj9QPXktaJVST3Y3cjtJjlVNAKYXQz%2Fe2XQKp6C9M7t%2FjlfUJoFZ17uzEqarOa7X6DD3J9W6zQ%2F4mSxgfa3a8gv0DtwMjwc7g2TVFPNYDebYuGYlMvPTcdLmqw4"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8df70999b77b1-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=55519&min_rtt=48235&rtt_var=18686&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3282&recv_bytes=445&delivery_rate=57671&cwnd=249&unsent_bytes=0&cid=7c58b10ad3980c77&ts=157&x=0"
-
Remote address:104.21.93.27:443RequestGET /asset/Palatable HTTP/1.1
Host: getsolara.dev
User-Agent: curl/8.9.1-DEV
Accept: */*
Accept-Encoding: deflate, gzip
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 1408
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: "38096245279947c08a45acff0093b7b7"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9AETQ7TIlYwfa0u4PsJi8G6NgzR8Hq9i%2BgFwAaoGme7GsBqz%2F2wgdstcVPj58BU11w0F0CXT9PLpH1wDgU55eFlzUfbSc2XDX8SMlwuaoa684NrVwjBMoPJ8CNJ7S9yc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8df787f2d9557-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=48271&min_rtt=47750&rtt_var=13951&sent=5&recv=6&lost=0&retrans=1&sent_bytes=3284&recv_bytes=448&delivery_rate=82202&cwnd=239&unsent_bytes=0&cid=bd2e40c9eb5bb765&ts=141&x=0"
-
Remote address:8.8.8.8:53Request3.200.250.142.in-addr.arpaIN PTRResponse3.200.250.142.in-addr.arpaIN PTRlhr48s29-in-f31e100net
-
Remote address:104.21.93.27:443RequestGET /asset/Palatable HTTP/1.1
Host: getsolara.dev
User-Agent: curl/8.9.1-DEV
Accept: */*
Accept-Encoding: deflate, gzip
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 1408
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: "38096245279947c08a45acff0093b7b7"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CJq0TvedveDK%2BGEzJ6jiPkc1o4fJDw2txmOb2hjE4%2B7GOQCgvQsazcC7rbTeGbbCCFhVZuLOYG6PyKZX5%2BCK9%2Fkw814SdyZvxcyeQuFW2bTPTwFsEtxoCfzI0vkoUB0i"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8df7a5c866f19-CDG
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=57372&min_rtt=55111&rtt_var=14875&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3283&recv_bytes=448&delivery_rate=58498&cwnd=254&unsent_bytes=0&cid=2255a9454df3a301&ts=166&x=0"
-
Remote address:104.21.93.27:443RequestGET /asset/DelectableFruits HTTP/1.1
Host: getsolara.dev
User-Agent: curl/8.9.1-DEV
Accept: */*
Accept-Encoding: deflate, gzip
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 132824
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: "c105d69eb296abc3b0078577647e1da1"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JWCumkn3h8wJ0nb0UJo0C0gWsvvCzcWBXVyl1S0ZguIoiEMQR%2Fw9jpL%2B0%2FJHk%2BGL3tWhe7kZYMvBA5DqbPpxkbB5TlVzA7NiySZMOKbbx%2B0ocoXg44HpW2gXcwy28VfJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8df7c2c741e7d-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=57894&min_rtt=57370&rtt_var=12824&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3283&recv_bytes=455&delivery_rate=69421&cwnd=253&unsent_bytes=0&cid=72cedcd0073cc65b&ts=150&x=0"
-
Remote address:104.21.93.27:443RequestGET /api/endpoint.json HTTP/1.1
Host: getsolara.dev
User-Agent: curl/8.9.1-DEV
Accept: */*
Accept-Encoding: deflate, gzip
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: W/"94670152d340e6e41e0e564b886ac5d4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WmzqiBr5pEayxkrnBBeOwR5pNr3Jwd7Tw4%2FKW1QP3euRlpjD77KCy4UWdqPsBPYTGT3bQXsEdhYoCkCTawpWazSIBoA4gT660V68pQAcH15RDxY3v1wECRqbAgDORGMf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8df7dfe849485-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=47633&min_rtt=47244&rtt_var=14017&sent=6&recv=7&lost=0&retrans=1&sent_bytes=3540&recv_bytes=450&delivery_rate=81955&cwnd=254&unsent_bytes=0&cid=f4c1b28bdca9cb94&ts=455&x=0"
-
Remote address:104.21.93.27:443RequestGET /asset/discord.json HTTP/1.1
Host: getsolara.dev
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: W/"7d966f73b6ce74a610dddaf0d0951ed8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hkYbhcTK9KXbRAvuY6%2Bpkuk%2BE7xTkCQuD03g5drR8HP7GRX5HyD9lC%2BU6hzCJIX3IKDNP2TsgzBO9FfeiRA9qgwoGazFoA79LRpKNxKk0R%2FHfQgeFWXT7RuRkprjnVeu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8df8a98c2e911-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=55039&min_rtt=47107&rtt_var=24211&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2973&recv_bytes=378&delivery_rate=84261&cwnd=253&unsent_bytes=0&cid=52178b72771bd1d3&ts=178&x=0"
-
Remote address:104.21.93.27:443RequestGET /api/endpoint.json HTTP/1.1
Host: getsolara.dev
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: W/"94670152d340e6e41e0e564b886ac5d4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BoU0%2BIjAw%2BW7KNsjwTi3o0CQ66tTX8CmpWH%2F82vA6UbHAF0r12iukgA8CguFLu%2B9XWELhIBgDT18jPnDrE8Wxujkp5aCDFGQgMM6kq7eaoICRuRZrWIdSTgAM5a%2F41et"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8df8b19dbe911-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=54064&min_rtt=47107&rtt_var=20108&sent=7&recv=8&lost=0&retrans=0&sent_bytes=4198&recv_bytes=463&delivery_rate=84261&cwnd=255&unsent_bytes=0&cid=52178b72771bd1d3&ts=246&x=0"
-
Remote address:128.116.21.4:443RequestGET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
Host: clientsettings.roblox.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
content-type: application/json; charset=utf-8
date: Sat, 30 Nov 2024 06:45:11 GMT
server: Kestrel
cache-control: no-cache
strict-transport-security: max-age=3600
x-frame-options: SAMEORIGIN
roblox-machine-id: 19b2b21c-55de-f7cd-ba65-1b7496602dba
x-roblox-region: us-central_rbx
x-roblox-edge: ams2
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
-
Remote address:104.20.3.235:443RequestGET /raw/pjseRvyK HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: HIT
Age: 1288
Last-Modified: Sat, 30 Nov 2024 06:23:46 GMT
Server: cloudflare
CF-RAY: 8ea8df9fadb663e3-LHR
-
Remote address:128.116.21.4:443RequestGET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
Host: clientsettings.roblox.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
content-type: application/json; charset=utf-8
date: Sat, 30 Nov 2024 06:45:14 GMT
server: Kestrel
cache-control: no-cache
strict-transport-security: max-age=3600
x-frame-options: SAMEORIGIN
roblox-machine-id: 80752a3a-9c0b-3568-5b54-c41b8057693f
x-roblox-region: us-central_rbx
x-roblox-edge: ams2
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
-
Remote address:104.21.93.27:443RequestGET /asset/Cheers HTTP/1.1
Host: getsolara.dev
User-Agent: curl/8.9.1-DEV
Accept: */*
Accept-Encoding: deflate, gzip
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 364
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: "19fbed4a27bd3755bc536005047ef7c0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Gx9AX4%2BftJg5xWgxIhdhHlPxi%2BPqF1%2BNwKpNV0JBXhhPzitxUAZ%2FWSvqz2n50nmtjxkv8cGj%2FfyKahYm0YPuDKV1V8GoatqEWF4i0bDAkYHsMNZvIdzdNDzNlBhDj6Q"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8dfa75d75385e-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=53303&min_rtt=47568&rtt_var=14018&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3283&recv_bytes=445&delivery_rate=78127&cwnd=241&unsent_bytes=0&cid=1b51c269a027a862&ts=139&x=0"
-
Remote address:104.21.93.27:443RequestGET /asset/Cheers HTTP/1.1
Host: getsolara.dev
User-Agent: curl/8.9.1-DEV
Accept: */*
Accept-Encoding: deflate, gzip
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 364
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: "19fbed4a27bd3755bc536005047ef7c0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lSO3CZrBAK0wcLABy%2BYDPN12qIrOm91ci5Qr3WFXTFwJrRiShFJ0PJkCUwdCAtyODBCRdtkgghbQBlJPnYhmHkunl0WmVPqYJgy3EPpWp6C6ZwLVTJPD%2FY9U4MnjU6nP"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8dfa90c6c6437-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=50203&min_rtt=48477&rtt_var=11252&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3283&recv_bytes=445&delivery_rate=81260&cwnd=240&unsent_bytes=0&cid=8d7122d3082f47e7&ts=132&x=0"
-
Remote address:104.21.93.27:443RequestGET /asset/Palatable HTTP/1.1
Host: getsolara.dev
User-Agent: curl/8.9.1-DEV
Accept: */*
Accept-Encoding: deflate, gzip
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 1408
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: "38096245279947c08a45acff0093b7b7"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vuSTpIc2aOEYKD8VexRkanUumiW04rODC%2FCSsO8ruwfvOi2f%2FLL7FS1w3sm7dDJFpbyEMwmE8PxTYHkTPouk1ygOxmAWZCMPvY%2FA7SWEzFmJk%2BdEJd0fTmBXZeqxdjTY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8dfaacda199e1-CDG
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=60514&min_rtt=55760&rtt_var=15783&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3283&recv_bytes=448&delivery_rate=68730&cwnd=253&unsent_bytes=0&cid=1b779a153a0e6a14&ts=157&x=0"
-
Remote address:104.21.93.27:443RequestGET /asset/Palatable HTTP/1.1
Host: getsolara.dev
User-Agent: curl/8.9.1-DEV
Accept: */*
Accept-Encoding: deflate, gzip
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 1408
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: "38096245279947c08a45acff0093b7b7"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uc8jnPnJ1v%2F%2BwydtT%2Bmjsbv5hHFrl7AFaRHpMv3ELwpOW5XRL6DFXasWW6Yem5LxdmOirTcP%2BrL6bQUtVExQAzjZb2DdVg9qs4W60wvHCAFALQhfuWThu4BxcSNV5hzo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8dfac79ce94aa-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=51890&min_rtt=47500&rtt_var=17279&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3283&recv_bytes=448&delivery_rate=71583&cwnd=247&unsent_bytes=0&cid=daaa65db4d7f60b8&ts=164&x=0"
-
Remote address:104.21.93.27:443RequestGET /asset/DelectableFruits HTTP/1.1
Host: getsolara.dev
User-Agent: curl/8.9.1-DEV
Accept: */*
Accept-Encoding: deflate, gzip
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 132824
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: "c105d69eb296abc3b0078577647e1da1"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YxSANyK9xFNl2%2BMNpysxBYY1n3DscgNQLRyhgfMkwbgoyy8Vux4ZHW4%2BB%2BDJDw2hi7iC6FIhMXKHQEhkTiVecVGe1vXuUwt0K%2FghPWcmxIAoxY6uatJcjRzLIE7uRLO2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8dfae5cc1e90a-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=51521&min_rtt=48837&rtt_var=14807&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3283&recv_bytes=455&delivery_rate=75185&cwnd=253&unsent_bytes=0&cid=218235946b882f5b&ts=142&x=0"
-
Remote address:104.21.93.27:443RequestGET /api/endpoint.json HTTP/1.1
Host: getsolara.dev
User-Agent: curl/8.9.1-DEV
Accept: */*
Accept-Encoding: deflate, gzip
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: W/"94670152d340e6e41e0e564b886ac5d4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4VhYzLFAD1fuOBUX%2FinhH%2FruOdegySyCejKTwU7uV2dXtq42d0UWU7c%2BYq1OVB7zRwozQkhhc3hVNxCMgcSRlMJsBy3ooyLj7ueLECQ0BySUKPtxVM5E0wVPejYoor89"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8ea8dfae5e9ebe9a-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=55369&min_rtt=48280&rtt_var=21724&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3283&recv_bytes=450&delivery_rate=63207&cwnd=250&unsent_bytes=0&cid=05a5ec42cdcab83f&ts=175&x=0"
-
951 B 6.3kB 11 11
HTTP Request
GET https://getsolara.dev/asset/discord.jsonHTTP Response
200HTTP Request
GET https://getsolara.dev/api/endpoint.jsonHTTP Response
200 -
-
128.116.21.4:443https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/livetls, httpBootstrapper.exe830 B 6.5kB 9 9
HTTP Request
GET https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/liveHTTP Response
200 -
104.20.22.46:443https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msitls, httpBootstrapper.exe799 B 6.8kB 9 11
HTTP Request
GET https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msiHTTP Response
307 -
1.4MB 36.2MB 21401 25925
HTTP Request
GET https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msiHTTP Response
200 -
172.66.44.59:443https://8049c006.solaraweb-alj.pages.dev/download/static/files/Solara.Dir.ziptls, httpBootstrapper.exe299.6kB 11.4MB 5305 8175
HTTP Request
GET https://8049c006.solaraweb-alj.pages.dev/download/static/files/Solara.Dir.zipHTTP Response
200 -
726 B 4.3kB 8 8
HTTP Request
GET https://pastebin.com/raw/pjseRvyKHTTP Response
200 -
128.116.21.4:443https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/livetls, httpSolara.exe830 B 6.5kB 9 9
HTTP Request
GET https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/liveHTTP Response
200 -
2.9kB 9.5kB 21 16
HTTP Request
POST https://checkappexec.microsoft.com/windows/shell/actionsHTTP Response
200 -
951 B 6.4kB 11 12
HTTP Request
GET https://getsolara.dev/asset/discord.jsonHTTP Response
200HTTP Request
GET https://getsolara.dev/api/endpoint.jsonHTTP Response
200 -
-
128.116.21.4:443https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/livetls, httpBootstrapper.exe830 B 6.5kB 9 9
HTTP Request
GET https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/liveHTTP Response
200 -
726 B 4.3kB 8 8
HTTP Request
GET https://pastebin.com/raw/pjseRvyKHTTP Response
200 -
128.116.21.4:443https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/livetls, httpSolara.exe830 B 6.5kB 9 9
HTTP Request
GET https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/liveHTTP Response
200 -
1.1kB 5.3kB 13 13
HTTP Request
GET https://getsolara.dev/asset/CheersHTTP Response
200 -
602 B 3.9kB 8 6
HTTP Request
GET http://c.pki.goog/r/gsr1.crlHTTP Response
200HTTP Request
GET http://c.pki.goog/r/r4.crlHTTP Response
200 -
989 B 5.2kB 11 11
HTTP Request
GET https://getsolara.dev/asset/CheersHTTP Response
200 -
1.0kB 6.2kB 12 10
HTTP Request
GET https://getsolara.dev/asset/PalatableHTTP Response
200 -
921 B 6.2kB 10 10
HTTP Request
GET https://getsolara.dev/asset/PalatableHTTP Response
200 -
3.3kB 143.5kB 62 114
HTTP Request
GET https://getsolara.dev/asset/DelectableFruitsHTTP Response
200 -
1.2kB 5.5kB 12 11
HTTP Request
GET https://getsolara.dev/api/endpoint.jsonHTTP Response
200 -
-
-
-
-
-
-
951 B 6.4kB 11 12
HTTP Request
GET https://getsolara.dev/asset/discord.jsonHTTP Response
200HTTP Request
GET https://getsolara.dev/api/endpoint.jsonHTTP Response
200 -
128.116.21.4:443https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/livetls, httpBootstrapper.exe830 B 6.5kB 9 9
HTTP Request
GET https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/liveHTTP Response
200 -
726 B 4.3kB 8 8
HTTP Request
GET https://pastebin.com/raw/pjseRvyKHTTP Response
200 -
128.116.21.4:443https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/livetls, httpSolara.exe830 B 6.5kB 9 9
HTTP Request
GET https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/liveHTTP Response
200 -
964 B 5.2kB 11 10
HTTP Request
GET https://getsolara.dev/asset/CheersHTTP Response
200 -
918 B 5.2kB 10 10
HTTP Request
GET https://getsolara.dev/asset/CheersHTTP Response
200 -
967 B 6.2kB 11 10
HTTP Request
GET https://getsolara.dev/asset/PalatableHTTP Response
200 -
921 B 6.2kB 10 10
HTTP Request
GET https://getsolara.dev/asset/PalatableHTTP Response
200 -
4.2kB 143.4kB 75 111
HTTP Request
GET https://getsolara.dev/asset/DelectableFruitsHTTP Response
200 -
969 B 5.2kB 11 11
HTTP Request
GET https://getsolara.dev/api/endpoint.jsonHTTP Response
200 -
-
-
-
-
-
-
71 B 157 B 1 1
DNS Request
13.86.106.20.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
59 B 91 B 1 1
DNS Request
getsolara.dev
DNS Response
104.21.93.27172.67.203.125
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
67.31.126.40.in-addr.arpa
-
71 B 133 B 1 1
DNS Request
27.93.21.104.in-addr.arpa
-
71 B 165 B 1 1
DNS Request
clientsettings.roblox.com
DNS Response
128.116.21.4
-
71 B 125 B 1 1
DNS Request
4.21.116.128.in-addr.arpa
-
60 B 92 B 1 1
DNS Request
www.nodejs.org
DNS Response
104.20.22.46104.20.23.46
-
56 B 88 B 1 1
DNS Request
nodejs.org
DNS Response
104.20.23.46104.20.22.46
-
142 B 133 B 2 1
DNS Request
46.22.20.104.in-addr.arpa
DNS Request
46.22.20.104.in-addr.arpa
-
71 B 133 B 1 1
DNS Request
46.23.20.104.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
97.17.167.52.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
23.149.64.172.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
78 B 110 B 1 1
DNS Request
8049c006.solaraweb-alj.pages.dev
DNS Response
172.66.44.59172.66.47.197
-
72 B 158 B 1 1
DNS Request
171.39.242.20.in-addr.arpa
-
142 B 133 B 2 1
DNS Request
59.44.66.172.in-addr.arpa
DNS Request
59.44.66.172.in-addr.arpa
-
58 B 106 B 1 1
DNS Request
pastebin.com
DNS Response
104.20.3.235172.67.19.24104.20.4.235
-
71 B 133 B 1 1
DNS Request
235.3.20.104.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
88.210.23.2.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
19.229.111.52.in-addr.arpa
DNS Request
19.229.111.52.in-addr.arpa
-
72 B 192 B 1 1
DNS Request
checkappexec.microsoft.com
DNS Response
172.165.61.93
-
71 B 157 B 1 1
DNS Request
2.159.190.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
93.61.165.172.in-addr.arpa
-
56 B 107 B 1 1
DNS Request
c.pki.goog
DNS Response
142.250.200.3
-
72 B 110 B 1 1
DNS Request
3.200.250.142.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.0MB
MD5e6f1d0b1192a868499ff4204254eb848
SHA1c85ce255fe9d253b9189777afc62ef837b212dcd
SHA2563e0086c04540695ccc2f28618a6765c3f5c167a8470a8af920fd8dc953326f17
SHA5126856e4d129bd97df695cec67401b8aefe2986c03e2648f979d3d14e5fc25ad9f50287e45497e9628cab061a3ba7957c38db38d5b65b59d03529fbb473e90e541
-
Filesize
10KB
MD51d51e18a7247f47245b0751f16119498
SHA178f5d95dd07c0fcee43c6d4feab12d802d194d95
SHA2561975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f
SHA5121eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76
-
Filesize
8KB
MD5d3bc164e23e694c644e0b1ce3e3f9910
SHA11849f8b1326111b5d4d93febc2bafb3856e601bb
SHA2561185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4
SHA51291ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854
-
Filesize
818B
MD52916d8b51a5cc0a350d64389bc07aef6
SHA1c9d5ac416c1dd7945651bee712dbed4d158d09e1
SHA256733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04
SHA512508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74
-
Filesize
1KB
MD55ad87d95c13094fa67f25442ff521efd
SHA101f1438a98e1b796e05a74131e6bb9d66c9e8542
SHA25667292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec
SHA5127187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3
-
Filesize
754B
MD5d2cf52aa43e18fdc87562d4c1303f46a
SHA158fb4a65fffb438630351e7cafd322579817e5e1
SHA25645e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0
SHA51254e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16
-
Filesize
771B
MD5e9dc66f98e5f7ff720bf603fff36ebc5
SHA1f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b
SHA256b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79
SHA5128027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b
-
Filesize
730B
MD5072ac9ab0c4667f8f876becedfe10ee0
SHA10227492dcdc7fb8de1d14f9d3421c333230cf8fe
SHA2562ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013
SHA512f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013
-
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json
Filesize1KB
MD5d116a360376e31950428ed26eae9ffd4
SHA1192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b
SHA256c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5
SHA5125221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a
-
Filesize
802B
MD5d7c8fab641cd22d2cd30d2999cc77040
SHA1d293601583b1454ad5415260e4378217d569538e
SHA25604400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be
SHA512278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764
-
Filesize
16KB
MD5bc0c0eeede037aa152345ab1f9774e92
SHA156e0f71900f0ef8294e46757ec14c0c11ed31d4e
SHA2567a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5
SHA5125f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3
-
Filesize
780B
MD5b020de8f88eacc104c21d6e6cacc636d
SHA120b35e641e3a5ea25f012e13d69fab37e3d68d6b
SHA2563f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706
SHA5124220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38
-
Filesize
763B
MD57428aa9f83c500c4a434f8848ee23851
SHA1166b3e1c1b7d7cb7b070108876492529f546219f
SHA2561fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7
SHA512c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce
-
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts
Filesize4KB
MD5f0bd53316e08991d94586331f9c11d97
SHA1f5a7a6dc0da46c3e077764cfb3e928c4a75d383e
SHA256dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef
SHA512fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839
-
Filesize
771B
MD51d7c74bcd1904d125f6aff37749dc069
SHA121e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab
SHA25624b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9
SHA512b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778
-
Filesize
168B
MD5db7dbbc86e432573e54dedbcc02cb4a1
SHA1cff9cfb98cff2d86b35dc680b405e8036bbbda47
SHA2567cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9
SHA5128f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec
-
Filesize
6KB
MD50e709bfb5675ff0531c925b909b58008
SHA125a8634dd21c082d74a7dead157568b6a8fc9825
SHA256ed94fd8980c043bad99599102291e3285323b99ce0eb5d424c00e3dea1a34e67
SHA51235968412e6ed11ef5cd890520946167bcef2dc6166489759af8bb699f08256355708b1ab949cce034d6cc22ed79b242600c623121f2c572b396f0e96372740cd
-
Filesize
2KB
MD5b9e991c0e57c4d5adde68a2f4f063bc7
SHA10cb6b9eb7b310c37e5950bbcaf672943657c94b5
SHA2569c6c900e7e85fb599c62d9b9e4dfd2ea2f61d119dce5ed69ac3a8da828819241
SHA5123bbd31eed55c32435b01fe7356d39749e95f8f49222115ada841e751ad36227e6f427efdc4e8bad36d8ccd37c2e92c01fa67c24c23f52023df8c1e1be1a3b4f6
-
Filesize
1KB
MD5826bd4315438573ba1a6d88ae2a2aa65
SHA13e27986a947e7d10488739c9afb75f96b646c4c5
SHA2560fd31ad69fdcf1e2a94530f9db9c93e96709b690393a14711643123f678ee956
SHA5122e98ba8e57cb0950e45d20365d16e86ad94a60cfd4cf103b7d55dae02de677985d37c0f771e16ae0a628cb3b59adce8a9e1742cffc298f18cb7d935d72536e6d
-
Filesize
1KB
MD571a7656944ffe50cc27ebe02491ae49b
SHA18ebf0f80660d982fc68f00f82855696157e74b10
SHA2566c3d2c892db282317913ce7c340dd2edccd326bcafd18b644b8738144967d6ee
SHA5125b0010b41304e212a22d2c89eff65ce410b000c71c4ab8c7fdba8f549ba0629fe27f37c142058b041fb889bc73e00959ad58f673866ee7d29724687da3c3f320
-
Filesize
4KB
MD574bdccf347345d27fe8a4ac3add99c60
SHA1a2b8a915c86fc750f56a7137860f19ec1182ee21
SHA256d8d1c1d6c387ab67c3f28d78fd0b20b9becd69442db9d3efe110ca464b509c8a
SHA512c2d47efee2a4442be6375d623f46b4c7ee9552c132b9229eb284bdd98629edd02664167805b0af9b3faaa9b1906e9ed0c5e383396d4995cef7051f9a450e1b99
-
Filesize
263B
MD5dd13897ea2eed92695bb7e4e744a9148
SHA1182314d32e789e4f9c29e3150ae392f1630f171c
SHA2569a34fedeb2d269c46ed94e6f13039eb0d16d866dd460ec66fa3acd78122fa9fe
SHA5120b53bc984178336ac516601e72d477d2beeef6936800da17d3a79c153e0036f7428517ebd75d296729f65856c7e07749029f5aa192b2ac071efc4d3e39750a32
-
Filesize
5KB
MD525807a97fbb1fcc42a013abc7d7768c4
SHA1f24d52cbc9144b011def218234ff7b50e7ddcb19
SHA256a3e83594a4ce88997e2e4fc66bc942b17b9d736290ad62560c7f09d6d0989ad0
SHA5128d316b63700126d7c8965a886e9b35a332d3f7e68d28f2264d235c0afad28066f877f25821e1983ddde5f2d5052716cc73338779b41b6f4d1b90ad33dc3e9f24
-
Filesize
10KB
MD5002a1f3e813cc05d9e3cc011f6601628
SHA11690c27457637ec234d6b7658f1b96e547a0eb99
SHA2564d587a5662e20a7bb9bfe6555afe5987e1b80303a819b447394f37a93297ee91
SHA512ea1ad9bcf09a73a10dd1fd8a66daac12f87725e16ad27e7beff6d9fda937579976cd5d7ed6439c4122b16178c3ffdf410d6c7a54918f94bc98fa7950adf3bd54
-
Filesize
1KB
MD57f0a9d228c79f0ee4b89fc6117f1c687
SHA13c10082c1464a6f589aa10cda88285e780ebf857
SHA2565a3659bcc2e47b25ebf9f23f38eb9452a58920bfe4b59410bfa6fe84639a3b99
SHA5127bdd7259bcb8d79aa41777f03d3a3f8a29b60c2d25104072edba9febeb813e12ef78d31573637702decddbaa97d8fec263bc413bd27dd660ded17d644458cbc2
-
Filesize
859B
MD53ed21090e07ef5dd57729a77c4291cb9
SHA17ffe61f87f94a558fabc177cad5c9b90b16481cf
SHA256a4eece6ff6b38bf7ac107323f381cc60500097a9cbdd473f5d5b45e68822cb89
SHA51254de61c6ab428104f9a559ecd3df7868ab7f1b5c8b85a3f658c8dab13d435bd0766c6b48178a1d5bd083b0829f6461158e303538c7d08761b201b17f7c9940b3
-
Filesize
1KB
MD5b90cf71779f72e14be703a4e494e968c
SHA1842f42d9ee581d91ac82a7fa018f61bb3f8ef63a
SHA2561d0a4e941c1504dcd9bc6cfbb77f7b44d93e56a29cba6f2ccebd78d501a51c16
SHA5128db5d9a938f397c11c75c77c0cbe6eb609c5d4f81a590f221163fe3291cd0cb2a6286ba8935c8f8cfdabecec9f7e49a5bfa836dc777e936271fbe0daea7414e6
-
Filesize
1KB
MD5453a9bb10c91e0ec44f305b14e30ce82
SHA173c01b81f34a9978b158df2744ef8c45251d6193
SHA25630b1a43843675f42033fd6c77c19b20ad4344844f0bd5526c586081e93a48fe8
SHA512d81ee5f2394493a5f93918ecae6581f82ee529fbbd257e0dc10ea68f09c39d0d19e3a6b0e9560eb1250d88a9b1f591d6469f28404410b16b580cbe179e37da0f
-
Filesize
1KB
MD50c95e46d0f08bd96b93cfbea66888afc
SHA1dfbb19c79eb0ca7ff2625fb1975a35cf47be378a
SHA25642a7f91883d0c5ce9292dda4e017e1f8664d34b09276d89fb6f3859c29d1ca9b
SHA512fbeb545274e55f0dface8407a563878083e8d2edc16320a31802e7b4c1dbf6d37f20b772c7436cb1810adb524ef86b3378b6b76a35e0967b6cae58340c58d4ad
-
Filesize
434B
MD5e9c758769fec9883d5ce3d30b8ee1047
SHA1f9d3fd64a0196e77965489ce9b81fe4ce3a9ecb1
SHA256bd320a3e9d23249f5f7d3ce72f2fa426e28a6b2704bd2b281d0c92806a1f5223
SHA512e54bbb849368a53c620b65d0e4a847869dea8fbb767f3559315d9e031c11f23df4ac9d746b7883caf3f693c748e1b9c90f8789519891ed179399341cd49dcae2
-
Filesize
224B
MD5866e37a4d9fb8799d5415d32ac413465
SHA13f41478fdab31acabab8fa1d26126483a141ffb6
SHA2564d2f5afc192178c5b0dc418d2da5826d52a8b6998771b011aede7fdba9118140
SHA512766d2e202dd5e520ac227e28e3c359cca183605c52b4e4c95c69825c929356cea772723a9af491a3662d3c26f7209e89cc3a7af76f75165c104492dc6728accc
-
Filesize
14KB
MD515cf9c2f48c7ba6583c59d28908e3e27
SHA119c7718f6a3d0f9dcd4ca692c19718ec29aae092
SHA2565901b32f609ba349351bf7406dbdc0c4c57b77ce6f7215ea67ccca5ac2a28e88
SHA512c063277a59b83dffc085116769475ec5cce1c47c167b9bd2246e8bda04f0ebc2773b5f06e3b44fc5ed057e043f6d33e77741f34d15e22542134e3865574a29be
-
Filesize
2KB
MD5d467bc485eddf6d38278bc6b1dc16389
SHA1e233882de62eb095b3cae0b2956e8776e6af3d6a
SHA2562f25585c03c3050779c8f5f00597f8653f4fb8a97448ef8ef8cb21e65ba4d15d
SHA5122add66b4f2e8ce463449ca8f2eac19363844b6ab159a41b42163028c57f07a4245ebefe759a6f90e8685b5bd239c969fe99366eff89378cb8b92b8a703dacd61
-
Filesize
2KB
MD53b5b76b70b0a549dce72c5a02756d2a8
SHA107786baebb5c52882e28a8bd281c9a36d63dd116
SHA256bdd67333ab62b0bfeb10ecbbb23936db57b743a3eec580a354591fdf63334859
SHA512bb266dfa725421fb26d26fda0f45a5fa5cd832667b05f27ceaf4e7fc1e032aeea8700493cfdd2941c3c38cd166eee1000d2b9ae3ddef375714e25a2027a943a3
-
Filesize
6KB
MD5d50e9637775204f194d629000189f69c
SHA150d1a1725cb273b0a8e30433dabc43d65f55169b
SHA25696900b458b12085ea16f228151439d9a7bae6b5d45248e355ad617f4dc213540
SHA512563a8375e3ab7936162a9d209800f8b41c416c1500fe24de817871c3e5489e8faf5a4dcb7fb239f697a8736432356e60ecf1578d0aafc0de80d6e0ae90c34aad
-
Filesize
1KB
MD53d09ac571e0b6eaf8fdb9806118b6d30
SHA1eb758bb6a7d3e4f32f0fa2f941265678539e74f1
SHA256243d853d4386c4132508ae9a99e5176b25be7f5cb6967bc1bab241f20e937e72
SHA5120207cf364e3eac974cae61ec68fe3975fd1f1eb6150f51293ce67f62dbb0f27a3d9c193101ef282dcd099fc653ca73cd3c875c18e5e266964038e3334697b5b4
-
Filesize
1KB
MD5b4d3859e603602c87a45682862055af0
SHA1e95cb1c14d70be457eba2ce61b2f4e90a13b21b1
SHA25688564234b9eeb2f0fe2cc5d03f617a97eb4802f126bdd21aa223c3c87c02531c
SHA512b17bb8c8b652f27d8037ed60f28b0d19a68e77bcc45d1e2be7dd304c942f6e85570e9720011f983fb8783d670eb66c0c3174d5fd90690b2aa79c2b402adcd00a
-
Filesize
931B
MD5570e06d8ce0167e07a32ba70fdd56795
SHA139dc652dfa419d46d6fed0835444c603c57077f8
SHA25645ebe570483c48b6460767fc4a0bb69e4dee4bf4becc645b0e0627172a30a580
SHA5129c8ddf41b3207016935affce00108d87f176a9e473a01f03f1110456397c88ee2fbaf34f9e497e6cbff2b65c4f4c7f254a5129b4c1eaa2b85fbebffb8fe43777
-
Filesize
2KB
MD5ae157c9a8e70902576c2d8a06dbcde32
SHA10d10ee921436fa5ff5988445cc67676219dfffbe
SHA2564bd92209cb9dacf3e3773e725acb7aaec43ea9e78540324e4d0f73e5ce9adef7
SHA5124c2f31f1f2a297ab6c55a21d58a5c26cad22c1ed1913e7a48605111d217257ae2d9f26ea889e8610e011ba9b9c487c91ecdb4cea3437534faf905e8fb89ba248
-
Filesize
704B
MD5cbd55880a650b56c3d5acddbbdbee9bc
SHA14d354da7ece1c7d5689b8104f3b6f3dcbac7790e
SHA25630fbfaa3840b2f63978ad4bcd7ed8dc24d277b818e4755fe93eda8cb1bc8b74c
SHA512e329a6f6a38dd33bd60334a8dec4a91aa6e7dab28f0893240374ae6a303c12646399d821403e3b80eb51317d1808e6abf30bd91b0bd99951f96815a22ba105c7
-
Filesize
4KB
MD5b1c3d24b92f25989b8aefc7f6aaa91ba
SHA13f69307bd04cc4dfe71cd13616509f443b48f923
SHA2568e16bae14ec63bac9cdbb50572a7b53061fee914712f5e803ff03c44e8845276
SHA5124225c714bec718d7cc59cd2c91a07a77e41cce3ab52502bf9b5b9ccd7d0ce88c040e0a765e5b2c3576ac8f101dc00fff94f8c7ac7586111a545b228831a11ed0
-
Filesize
1KB
MD5436846dd0f4348ac2ee93c9c5eb291e4
SHA1777e9cd400b42dee1199eacfb325876caeaff3cc
SHA256c812eca4b0dee2317cb446124cb27ae8e5b993c8fdd0144886b629ef6ef53fc1
SHA512d261e261bc9d2e5a39a50c6b072e6da995764769abdc4f9f3cf219cc2296c0e45ee194c3f4f431a248fd1d46d90745ad0b576d2fcb24e59d9208804b9c1532d7
-
Filesize
53B
MD5b9f2ca8a50d6d71642dd920c76a851e5
SHA18ca43e514f808364d0eb51e7a595e309a77fdfce
SHA256f44555af79dfa01a68ae8325382293fc68cd6c61d1d4eb9b8f7a42c651c51cde
SHA51281b6352bbabd0bffbc50bfcd0cd67dc3c2a7d63bda0bf12421410c0ec8047af549a4928b5c5c3e89ead99aa9240bddb461c618c49287c15d9d4d3a899e8f596a
-
Filesize
695KB
MD5195ffb7167db3219b217c4fd439eedd6
SHA11e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA51256eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
-
Filesize
133KB
MD5c6f770cbb24248537558c1f06f7ff855
SHA1fdc2aaae292c32a58ea4d9974a31ece26628fdd7
SHA256d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b
SHA512cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a
-
Filesize
6.8MB
MD5c3d8a566119d8fee7fb2d0db4dea86e4
SHA1c8094d474337ccf4dda2b1888a8235f73c20eaf3
SHA256ca8df8f0b5d9981ed0e284f809472e8013252e59bed1a0f08c98a4b0726920ee
SHA5120cd41d5d7c90e4f780dd92b03ac0938dbbf082c5658ee660c31986cd8e9d9c68f386b9989373cdd25c34a21943c266495c4f4c85b44487bb97d0edebb96555f7
-
Filesize
5.2MB
MD5aead90ab96e2853f59be27c4ec1e4853
SHA143cdedde26488d3209e17efff9a51e1f944eb35f
SHA25646cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d
-
Filesize
5B
MD5a550e39a1b99146581652915aa853a6b
SHA13509c9a74b8fbdce7069149a65b86c70d1fb37c0
SHA256f637e389c425692bb6ea379c4bdebef58ae2aea6aef7d28488816613e7bf9374
SHA5124a62903c599ca8cc0ed9f48c9dfbf1cadc4953e2c87a9c5fdd71bfd8f689809c9223bf51f0190e177eb477cd7322c64812c8b4061065346d22a95b79d1c52104
-
Filesize
1KB
MD57227f2974903a25d032dca018f1860dc
SHA13480b1382e44c150bb50edac56e8661fe57a97bf
SHA25627113670aaa6b62a004b9f3c7562c3f9bb55e6df47d166e32af39118a27b0ff1
SHA512952cc7522a27d0cbe05162d60c5df874f25897cdfbadf77f60aa522ab5e582f991268e5b0ec6034b16486d17c85b12791667fc887e8f450e0f767c9ae84642e3
-
Filesize
30.1MB
MD50e4e9aa41d24221b29b19ba96c1a64d0
SHA1231ade3d5a586c0eb4441c8dbfe9007dc26b2872
SHA2565bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d
SHA512e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913
-
Filesize
122KB
MD59fe9b0ecaea0324ad99036a91db03ebb
SHA1144068c64ec06fc08eadfcca0a014a44b95bb908
SHA256e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9
SHA512906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176
-
Filesize
211KB
MD5a3ae5d86ecf38db9427359ea37a5f646
SHA1eb4cb5ff520717038adadcc5e1ef8f7c24b27a90
SHA256c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74
SHA51296ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0
-
Filesize
297KB
MD57a86ce1a899262dd3c1df656bff3fb2c
SHA133dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541
SHA256b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c
SHA512421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec