8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Analysis

max time kernel
340s
max time network
343s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-12-2024 09:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

9^/10

defense_evasion discovery evasion phishing themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: search-insights@1
phishing

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Executes dropped EXE 6 IoCs

pid	Process
3048	Solara.exe
896	Bootstrapper.exe
1212	node.exe
1144	Solara.exe
4776	node.exe
4212	RobloxPlayerInstaller.exe

Loads dropped DLL 13 IoCs

pid	Process
436	MsiExec.exe
436	MsiExec.exe
1792	MsiExec.exe
1792	MsiExec.exe
1792	MsiExec.exe
1792	MsiExec.exe
1792	MsiExec.exe
1044	MsiExec.exe
1044	MsiExec.exe
1044	MsiExec.exe
436	MsiExec.exe
1144	Solara.exe
1144	Solara.exe

Themida packer 19 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/1144-3675-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-3674-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-3676-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-3677-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-3688-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-3823-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-3946-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-4024-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-4198-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-4251-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-4387-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-4437-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-4512-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-4537-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-4585-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-4607-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-4636-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-4683-0x0000000180000000-0x000000018110B000-memory.dmp	themida
behavioral1/memory/1144-4687-0x0000000180000000-0x000000018110B000-memory.dmp	themida

Unexpected DNS network traffic destination 58 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 3 IoCs

flow	pid	Process
20	3820	msiexec.exe
21	3820	msiexec.exe
22	3820	msiexec.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
165	pastebin.com
220	pastebin.com
70	pastebin.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
108	api.ipify.org
119	api.ipify.org

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1144	Solara.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\string-width\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\configuring-npm\npmrc.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\node-gyp.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\lib\put.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\events\tests\events-list.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\places\MobileChatPlace.rbxl	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\AvatarExperience\AvatarExperienceSkyboxDarkTheme.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\configuring-npm\install.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\using-npm\dependency-selectors.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\identity\index.d.ts	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VoiceChat\Unmuted100.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VoiceChat\RedSpeakerLight\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\chalk\source\util.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\release-notes.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\pax.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\AvatarExperience\Avatar2_PPEButton.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\processor.js	msiexec.exe
File created	C:\Program Files\nodejs\install_tools.bat	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_3x_4.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChat\9-slice\chat-bubble-self.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\make-fetch-happen\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\ninja_syntax.py	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\fonts\GothamSSm-Bold.otf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\TerrainTools\mtrl_glacier.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_12.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\lib\process.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\DeveloperFramework\AudioPlayer\audioPlay_BG.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaApp\icons\GameDetails\social\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\color-convert\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\events\tests\listeners.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\configuring-npm\folders.md	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\SelfView\SelfView_icon_camera_disabled.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\asn1\tag.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\SelfView\SelfView_icon_indicator_on.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_17.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\Controls\DesignSystem\Thumbstick2Vertical.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\common-ancestor-path\package.json	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\sky\clouds.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\DeveloperFramework\UIOff_dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Settings\Radial\EmptyTop.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VoiceChat\Misc\UnmuteAll.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\git\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\get-workspace-nodes.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\retry\Makefile	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\TerrainTools\icon_regions_resize.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VR\toggle2D.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\using-npm\logging.md	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\sounds\action_get_up.mp3	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioSharedUI\menu.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\bin-target.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\isexe\windows.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\RoactStudioWidgets\toggle_off_light.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\AvatarExperience\Profile_Picture_Group.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaApp\graphic\GameDetailsBackground\abkg_general.jpg	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\selectors\types.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\chalk\source\index.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\avatar\heads\headK.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_3x_2.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe

Drops file in Windows directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSID012.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\SystemTemp\~DF3C8532D753FF00C3.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\SystemTemp\~DFF98602F321C14806.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\e57caa3.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICFB4.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2957.tmp	msiexec.exe
File created	C:\Windows\Installer\e57caa7.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3520.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDC0B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE284.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFC0E012A3FAEC6226.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1C07.tmp	msiexec.exe
File created	C:\Windows\Installer\e57caa3.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID023.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE2C4.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEDD1.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEDF1.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1D8F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\SystemTemp\~DFE2DD0E6527991DB7.TMP	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Bootstrapper.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 6 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1212	msedgewebview2.exe
2160	msedgewebview2.exe
4928	msedgewebview2.exe
5548	msedgewebview2.exe
4216	msedgewebview2.exe
844	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
908	ipconfig.exe
4876	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133792464644831400"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe

Modifies registry class 42 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe\" %1"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1537126222-899333903-2037027349-1000\{8AEAA52B-6ACD-4E87-8992-6D33E11BEFCE}	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-281ccda49d704f6e"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerInstaller.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Bootstrapper.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1388	Bootstrapper.exe
1388	Bootstrapper.exe
4196	chrome.exe
4196	chrome.exe
3820	msiexec.exe
3820	msiexec.exe
3048	Solara.exe
3048	Solara.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
896	Bootstrapper.exe
896	Bootstrapper.exe
896	Bootstrapper.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
5028	msedgewebview2.exe
5028	msedgewebview2.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
5548	msedgewebview2.exe
5548	msedgewebview2.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe
1144	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
3108	msedgewebview2.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3172	WMIC.exe
Token: SeSecurityPrivilege	3172	WMIC.exe
Token: SeTakeOwnershipPrivilege	3172	WMIC.exe
Token: SeLoadDriverPrivilege	3172	WMIC.exe
Token: SeSystemProfilePrivilege	3172	WMIC.exe
Token: SeSystemtimePrivilege	3172	WMIC.exe
Token: SeProfSingleProcessPrivilege	3172	WMIC.exe
Token: SeIncBasePriorityPrivilege	3172	WMIC.exe
Token: SeCreatePagefilePrivilege	3172	WMIC.exe
Token: SeBackupPrivilege	3172	WMIC.exe
Token: SeRestorePrivilege	3172	WMIC.exe
Token: SeShutdownPrivilege	3172	WMIC.exe
Token: SeDebugPrivilege	3172	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3172	WMIC.exe
Token: SeRemoteShutdownPrivilege	3172	WMIC.exe
Token: SeUndockPrivilege	3172	WMIC.exe
Token: SeManageVolumePrivilege	3172	WMIC.exe
Token: 33	3172	WMIC.exe
Token: 34	3172	WMIC.exe
Token: 35	3172	WMIC.exe
Token: 36	3172	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3172	WMIC.exe
Token: SeSecurityPrivilege	3172	WMIC.exe
Token: SeTakeOwnershipPrivilege	3172	WMIC.exe
Token: SeLoadDriverPrivilege	3172	WMIC.exe
Token: SeSystemProfilePrivilege	3172	WMIC.exe
Token: SeSystemtimePrivilege	3172	WMIC.exe
Token: SeProfSingleProcessPrivilege	3172	WMIC.exe
Token: SeIncBasePriorityPrivilege	3172	WMIC.exe
Token: SeCreatePagefilePrivilege	3172	WMIC.exe
Token: SeBackupPrivilege	3172	WMIC.exe
Token: SeRestorePrivilege	3172	WMIC.exe
Token: SeShutdownPrivilege	3172	WMIC.exe
Token: SeDebugPrivilege	3172	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3172	WMIC.exe
Token: SeRemoteShutdownPrivilege	3172	WMIC.exe
Token: SeUndockPrivilege	3172	WMIC.exe
Token: SeManageVolumePrivilege	3172	WMIC.exe
Token: 33	3172	WMIC.exe
Token: 34	3172	WMIC.exe
Token: 35	3172	WMIC.exe
Token: 36	3172	WMIC.exe
Token: SeDebugPrivilege	1388	Bootstrapper.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	2220	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2220	msiexec.exe
Token: SeSecurityPrivilege	3820	msiexec.exe
Token: SeCreateTokenPrivilege	2220	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2220	msiexec.exe
Token: SeLockMemoryPrivilege	2220	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2220	msiexec.exe
Token: SeMachineAccountPrivilege	2220	msiexec.exe
Token: SeTcbPrivilege	2220	msiexec.exe
Token: SeSecurityPrivilege	2220	msiexec.exe
Token: SeTakeOwnershipPrivilege	2220	msiexec.exe
Token: SeLoadDriverPrivilege	2220	msiexec.exe
Token: SeSystemProfilePrivilege	2220	msiexec.exe
Token: SeSystemtimePrivilege	2220	msiexec.exe
Token: SeProfSingleProcessPrivilege	2220	msiexec.exe
Token: SeIncBasePriorityPrivilege	2220	msiexec.exe
Token: SeCreatePagefilePrivilege	2220	msiexec.exe
Token: SeCreatePermanentPrivilege	2220	msiexec.exe
Token: SeBackupPrivilege	2220	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1212	node.exe
4776	node.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 3876	1388	Bootstrapper.exe	78
PID 1388 wrote to memory of 3876	1388	Bootstrapper.exe	78
PID 3876 wrote to memory of 908	3876	cmd.exe	80
PID 3876 wrote to memory of 908	3876	cmd.exe	80
PID 1388 wrote to memory of 1996	1388	Bootstrapper.exe	81
PID 1388 wrote to memory of 1996	1388	Bootstrapper.exe	81
PID 1996 wrote to memory of 3172	1996	cmd.exe	83
PID 1996 wrote to memory of 3172	1996	cmd.exe	83
PID 4196 wrote to memory of 3632	4196	chrome.exe	88
PID 4196 wrote to memory of 3632	4196	chrome.exe	88
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 4344	4196	chrome.exe	89
PID 4196 wrote to memory of 324	4196	chrome.exe	90
PID 4196 wrote to memory of 324	4196	chrome.exe	90
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91
PID 4196 wrote to memory of 2076	4196	chrome.exe	91

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3876
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:908
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1996
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3172
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2220
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1d81cc40,0x7ffe1d81cc4c,0x7ffe1d81cc58
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1640,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4432,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4652,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3080,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3312,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3392 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4384 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5152,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3412,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4428,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:2
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5076,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3088,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5188,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5568,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4792,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5348,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5824,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6100,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3324,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3256,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=3504,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6324,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=3112,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6800,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6664,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6924 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7108,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7084 /prefetch:8
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6116,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4976,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6652,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6672 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5552,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6540,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=5916,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6936,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6696,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5368,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6464,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3116,i,10093728245790729746,7198470583650196899,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2544
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:4212

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:576

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3820
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding E7D0E1C5BADA0AA931A1B28B73691730
  2⤵
  - Loads dropped DLL
  PID:436
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 15A13D65427026CDD17618C3D164D590
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1792
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D9F53F8569022F85FC20DB33469E2F77 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1044
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1176
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:4680

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:652

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1344

C:\Users\Admin\Downloads\Bootstrapper.exe
"C:\Users\Admin\Downloads\Bootstrapper.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:896
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  PID:1196
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:4876
- C:\Program Files\nodejs\node.exe
  "node" -v
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1212
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  PID:1144
- - C:\Program Files\nodejs\node.exe
    "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 494eca2919f54bb3
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4776
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=1144.2708.10139316312057513653
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:3108
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x120,0x138,0x7ffe1aa63cb8,0x7ffe1aa63cc8,0x7ffe1aa63cd8
      4⤵
      PID:2548
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1964,12037216601910560350,6159785755851254555,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1984 /prefetch:2
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:1212
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,12037216601910560350,6159785755851254555,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2072 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5028
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,12037216601910560350,6159785755851254555,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2456 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:2160
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1964,12037216601910560350,6159785755851254555,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4928
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,12037216601910560350,6159785755851254555,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4740 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:5548
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1964,12037216601910560350,6159785755851254555,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4220 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4216
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1964,12037216601910560350,6159785755851254555,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4228 /prefetch:2
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57caa6.rbs

Filesize
1.0MB

MD5
0f9ad3a0d6b06aedf1ffd02baf17ca5f

SHA1
8ef3c35ef192ff76f366d38f5294a6b7a3cbad43

SHA256
8fe9df01603dac083493dfa4eb613b9a63c1ee8257c64fd7f5e83ffe620c29e4

SHA512
b51888ba322ba23ae8e1a742d875224aa3f16046e1997ff4cdd4d12e12dabe321cd74a23b97c43ba326ae8c59c97067d09a94019df63774709e0bfe207eccf17

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
7.1MB

MD5
dc0a0de94ad86e22785e385a4fbbfe2f

SHA1
8dcd6f06fba142018f9e5083d79eac31ed2353d7

SHA256
a4e80eba29eec1e534950f605de2bba0a174e9eaf56c82fd6f4d221e93667f92

SHA512
39582cda82f479e5e25fc2021878d071261b71efbb68f827599d4020de61698273a2cde3d1dc323d14205615a509687ad1e04f1e25626c0826c6f297f5a75dce

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerInstaller.exe

Filesize
7.2MB

MD5
a1c0810b143c7d1197657b43f600ba6b

SHA1
b4aa66f5cdd4efc83d0478022d4454084d4bab1d

SHA256
30f233f41ec825806609fb60d87c8cb92a512b10f7e91cdbb4bf32cee18217ae

SHA512
8f45702da43526c04b957f571450a2b53f122b840fa6118a446972bc824c8ee7acd6e197177b54236ce7f428fb73a7cbe4ed18d643c625c9f156463d51ee038a

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
21d4ebd9e381cebcc70dbf22e5f5bc5d

SHA1
f02ea1c32835424e72964b0689babb652a3aa970

SHA256
cc23400e85859d895bb4a9134bf4aafa222bbc35b99ac507867ec69a6240f061

SHA512
8029de36e90bfa73c9cd5707f9718aedaeb71bf464e307bd3b1c53c83c15c6de466c503ae1e1db7f555f74a73e033b1e83088f1945e870b3b2e8e45f30c99cee

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State

Filesize
824B

MD5
54f213925dc0c35253c38c0664ed764e

SHA1
3b60a9082aa21e519a20c0a3c945b507b1740597

SHA256
9380e6fbf34600b53c92ddda558e30db06de14df5d7d2e46b1c845b63b14406c

SHA512
ca00b8f81aef60082896dd4d9ec3236df03cb8c39495f57b27d9b53df0269fdff8ad0412fa6a81eb86deb1f399e4afd114080a5082663bcba22c86754db690c1

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State~RFe5bb66c.TMP

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
512bfb19c2fe7b61a231a9ae3ef3f679

SHA1
f14df3e00a66904ea720c64856e6a116cf517c84

SHA256
1e4b26854aa8031e89e8ffe5311cbdadba0cce5a5497db3787735789ac9ea111

SHA512
024c6dd2736026a2e8698277fc5c15d5c372548d2683e2f5b58cb9b64ff1d94fd1cfbe997914a5f1e52809b63473443bcdaa1bec42f120f836bbf2c29c4bbefb

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
a05b7b587d8b1bcc9bd3ec4c3fdc00c5

SHA1
ded07a91be7aae52135a200ec671c2ff6be2e165

SHA256
1ffedf7359dfc2ba9189fb99f683a13ea0f7e329719ad464edb93c236c3bfa07

SHA512
07259d12d0878290d104b6a4483d65acd06704958c811e19823317dd72499a03dc9c397bdec919ad5c852f2894493d5a3a4f61cffc13c1ddb01c3c87cfa18dba

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
113ae70c7f4a71eb4a697d4cd904aae3

SHA1
42b03b09f429e9fe4fadcbccb6dcc41bf95a0cb6

SHA256
787efac21b499ca14364b99cd29220511e492bbcf82a73c38ae651a06f76a93c

SHA512
24e0ece482233df719123a4116f09b4cc828ee3dab0e44271b94d4c0001b927982d322553cbd45340ec0406f9991ba870a0ba7834a6f7185697a84c958412b6a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
67873935be7cd1e8d0eb9771169b0b72

SHA1
df1a66a6904a8fa0af91d1c96edd5e8cdb63d498

SHA256
70d0fecbb4d5e0c3ba7468432992bcf1e892a85d868649f40dd8b85a146a2b72

SHA512
daaab8a286b5332e30d85afd35d7b01686927fe578cbdc5ad14914efbf0d7e1f49c3efdd2f87c5654f3e93a7dff44607c13b80b433e195a6924c14e89d5963fe

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences~RFe5af56d.TMP

Filesize
3KB

MD5
ece0f36bdc2cab9fc8dcf09bdfcb26e0

SHA1
b3511cb75e2dd5a025b559bdc36299ce8c83c9d0

SHA256
42ca40e8f03c21cfc0bc2c2c1922a7b04e9fa6fb652e9bc99e4494dcc303e4fd

SHA512
df64f30da74aa0998a5ed1ad63172d0c69515ee274b8fab76aa464c6e6395ec274e0ea9951e408a43a15e5fba7fea43725a57b5a144bcef6fb82446a10674080

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Site Characteristics Database\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\df4f7f2c-6e75-4d33-a6c4-7ecaca766374.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
9KB

MD5
c058d16225089b8dc62f834a23c1042d

SHA1
408391d168c4a4a1e0b6f8198b307f09d9431e5c

SHA256
b11706d818ab933e5a1e0962a881b993d8398bb63012c7219b305de4725f8dde

SHA512
5a00e1964d0553284adea14efc3bc685681af404b1eee8d25e69815d186060867095b203c0f331dfd32a79213bff41b787d448c7ec174402fda6f4197ef85035

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
8KB

MD5
8a120c778ca2675d85303b32d21aba31

SHA1
3be6a5c5cbddbfdeb077ec456c473d9fb026e3f8

SHA256
f9f845cc21804d2a2ea631a21ee107b078856310b74e412bddaddc2ac21e6923

SHA512
64c58b4f0fc4984251f1edde166c8d7af84d1e235c23330cbdd3de90b2bab24f28e88ea4d67040fbdb5f113834018d3a4a2a89e1a2f5c0340e5c991409023e17

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
8KB

MD5
f9386e284263aec05891fe8d127fdf6f

SHA1
f72398bcc4349ec7d8412ed9fcec4dc6921a671b

SHA256
eaeab3f0fd8e41c0a7893b6191614c72065fee51f3f4e9043936741c1ad0da6f

SHA512
ae9e999a150227a09d2a2f61ee909fdc8b060c02f3c1c5663e28f2300dc0db9778cc3fff0d83700be763cb047c6f74e27104d0a0d1832ba3a8f97690d2ebbe71

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
9KB

MD5
c555c25bfda8a43fa281e04f945d1aa7

SHA1
e1708c79446304ff5966d2e908a734a4bf79e785

SHA256
e0c9c1cf63250785e0289b6804c2a4424c2b275d5d713514e1fd06f10308eae6

SHA512
843b5d1c68aa45046c3182949bcce9cf65e512c965b7acc9dc650fb1c3dfc2b0d83cd9f48d1359e614643fd894e5cb799ac4a389747a17cadc624b712653348b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe5aefef.TMP

Filesize
8KB

MD5
ed5beef96e03a3e5b984b4f6bb2f5b05

SHA1
7e73896ccdfbfb26cde046b6c2c3bcbcc18a3a24

SHA256
d5be126acc33d76ef60f692c5783d7fbdf1dccb57c684df2d521ed4a23e0911e

SHA512
a63c170c20b94b6fc3fa45b9405709c4a3138317ca6f559d5cde41e41580468118871a2f2db3ad56382b07c0fbbcc516e5024011eca6fff774aaef65c774b596

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\SolaraTab\main.lua

Filesize
37B

MD5
066abfe20ec7d291490b4579263f2835

SHA1
481c6a2c1b9e9cf6720e3b137bce243baa2c8b01

SHA256
2912fcfef3899f650b85ac157fcf706a08b512b0c6dc9b7ab857dddf797492e5

SHA512
c0b42952c90d14b4ebd81b5a1f8424df13020f423563a01c7a9d57156f2388b2e395996d0f6e2079aafb3115ace27edc27d1a6fb61f8ebfead59ab07bc9d025f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e2c4ecafe153833e5aae09d5ba26ba5f

SHA1
bd5809d30033f9c947be7b9c4420cd9d88afcf4e

SHA256
7ac48a9b13176244203d8b2027f6d29bdc2947c22bcdf324b5b8a93bf844b687

SHA512
dafa1ca80d6c87605f511c7fe3058885b0a9be71b073a74788876b444f48d508ea522d15205fa929ab2e0709837d31a395f12b0a5e13e35506ba517b5c3bb935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
72KB

MD5
43cb209da0740090172519ed6c1fed84

SHA1
085bd5ef087f7cac77b2b0cfb3353b54abd54dc5

SHA256
3a7f8be6d463bd77dad51cc40b5407ad923dd1a1f678979eb9b95adac8d393da

SHA512
3f522c8b72e42942e7713ae0efa4970de6a2f4b8e990ad59b09b00a2bc4a97a331ca9d8a6ce5e0a840abb86b2162e288d424472dbaad61ea432a6ff772e8c66c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
800KB

MD5
02c70d9d6696950c198db93b7f6a835e

SHA1
30231a467a49cc37768eea0f55f4bea1cbfb48e2

SHA256
8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

SHA512
431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ee223a1599007a02946384b47b7db8c9

SHA1
ab2a1002b21a587d773ff94b8ca7d1798e5e169d

SHA256
2d13b85def484704271b18d19d89bdccd5ec37a614d5f1741c6c9c1b11aec566

SHA512
0fa0343272ff083af5b6eebc56d6ea8b13a7d1c3310862e07cc16b8d905a90d9590336a3d5b45f4238815ac123f49e221701fc1cbb299cc9f76226776460784f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
fc4e93b2ad2c42463688cf10b94195f0

SHA1
baec46bddca8358ecd02ae7c5978d9431f12a66a

SHA256
de27313e291b9cdcd985d8ff73bfb5259c718792a8bd7c26f63d71c2693f8cd8

SHA512
38cb8b054234f2a26b084f870fc64cbfd4e3224f0a36f624d57d79a92ab9e1dc2a80553e66c33aa88ca1c3f5d98922c20edbce37e4f634aeac23f5a179680c81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
3d790ff2d5ca6ea4a55af35b331d6aa4

SHA1
fb4189cb6c2b71a25bd8ea2e14e9b6e4576e6c22

SHA256
5e16be94f3812ab0f3c28d9bc57aa0e5c0051568cf43baf7835e6a9c269bd3f5

SHA512
3875fb5aa8456ece06bfd2aa44923271b7b84496943604d8da03cdb2d46e294f525e4ac21be5dbcd4a8bd383a35ba03f085472fc41f2417e8410a6ea44854917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d341e3c97911ddb4d8480b9f1eebb3fc

SHA1
db2c49d2d59cee2c1a93f98cd0ed959c93a6092e

SHA256
538e017afc507ddd702ed5dbbb7b0de9eb4267ac18929bc3a239f0213b6579a0

SHA512
38956830dea256172345bc39982d7d02eb4ad9b6000c147967dcdab574e32ddf27da0cf9008a3db3ed06f665d1044fef8510e4efeb56a1b42d455b7756c5a2e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9332ef194a02f62bd58f99fc30e222ee

SHA1
4cffea4e17eacf773be6ab5ab321214cc582dcdf

SHA256
17f0fd921dbc6b0f870c455f3dd9d6bfea27025b5f8fca657bcadc8d19643bc5

SHA512
0109fc6b0989ffd795a88dff5932a86e854bf558a5e6c355365d10eb3db71c0beab56e24a86245eda98c850158be8a835a6d16d29badf547e034b55b7681db70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
849B

MD5
1598e9e54d048a42c1e9ee6a123292a0

SHA1
3c844d8c7c2a78718bf43f0add6fb0d83a5169d3

SHA256
3fa813f47886890700632544eba096c11bfba3f3d9adf027252a591db8702235

SHA512
8ce10b5ea34de5a65f41a815e60c1d423a1643cc6ece9f9d38039feac467edc77ef83e6962112bfdbc038cf416ca6c602746ac8ff3cae37693aa17f773e5518c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cef5962968eaf40968155425e7254022

SHA1
adddea1cf215133cfc2670075950fb87ca1dc2d0

SHA256
eb44aff93cd06e4576082822a57a705afa2539d708bf46bcc6a7200db396727e

SHA512
374df792512d700b6df7f1362891cdbecc57b9f8114b94e7eadcc11d10060ca38382c44fb1b2bd9be5f89e9f0a83b15b23fa7b192c6598a424f179dc7755850a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
54342b060d9bfd0db555ba1b7a271afc

SHA1
43fcb7342fd3145217f886734bc53d52fe2ae7a1

SHA256
48b60c5d457161f9dbd4d16471cc8473b85f7cb2322185f64f6106590473b9d5

SHA512
4599321a91168a9e8b1cf82ec5ac838c93d73a7b89338d36d19e1a0b7ee0ed709b0543ce5be96edeca0eb23663436155b7eb882e8d24fcd7e9ce67702cc3e7c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3957f72c2cbae24994b5294dc7098d99

SHA1
31ecf5ec1a33f81c37ba22e0fc010f5c421967dc

SHA256
21fccf8dd79e0383495e1d230958999ff3e0379e6122e33c947710fe62bbd565

SHA512
739b97c1f19963210d2dbc9663f8af7b9197a517251c9e223f215f5c17d5e76c01a731170f27ab91ded079d284b09a17a3cbf43f27b40cac742206f85bb3d5c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6e1676667b57e753d7743826bad32f07

SHA1
6dab7aae95c206ef01a5353398efe2cd76ebb73e

SHA256
45c70a0aa46e31c9458b3b47eab6fbc367a4c4cb6986595b62a91a14e7e4290d

SHA512
16757b72ead49988b0cd36584554889fbb91fccb6edc6c3b96c6a2e872437480f918fa14529cb8bf519d1b50fb7209ddf6074907d5b52a3f3e2c5292875ab162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3e9ea294e71f60de8998fa734d356c3a

SHA1
e2e79486b291739d3bdc6e19b6bad5e749a80287

SHA256
c2b8c1cf18c5838dca7de397083173dc62001d4ed227a7346fa46c125c10bc56

SHA512
7d0a21c1ea29ebd7c606ef6040b5c62428f9a1dd3d4af688b248ab0005dd38d765a8c7ae249184152eeb875df0fa4540bef179997807e156855a5ca720c57730

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
2827c7a9be90bb617284b9a5b4234d80

SHA1
7a2ae1771d08472488efbc1d461a5cd8b7cf2de1

SHA256
55edf5bcd500cc7e75465259004a001814922a6b563390c7492bc388c77b69e0

SHA512
0e6300039ee01b78cab1eb4f4b404d53faae29b80882baab672561030e4642c59424f24f320000145f59f18988c72500a3a4f75e7a32c5a548644df8a25e57c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d97ffd44-ed27-4088-9553-d8a2eae4086c.tmp

Filesize
12KB

MD5
886a8591493314826b7870d7243a2918

SHA1
113e2219b968ec48a704524c6b3e4eee68114d04

SHA256
2d922d63dba3fb93b2c8fd62adf1fdda5c0f19ba060896c6991ca083216a493c

SHA512
48379e5a2708f5e0a235032b5f133f362a6764d0948581142b6fcb76b954cb09bb5fac5414a80b018ae85159b09bb2671f1e455babba0885dfa56291b6182726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
12565acc5688b05e3f2cb5afa3bbe581

SHA1
f92da3c19ebbc6709ef2148c5c96326a35f2ddfa

SHA256
9cbe38b6cbcc1904e14b412fc0a6810e43ab101ba492bca819432a2bef708403

SHA512
d322249d741bec94bd9c5cda8bf2e4ead94bba9e8d95fd1a165e7bd44f746c5250335e9508c32d0e83cead0fece7397eb591203e031493a6b943741d0e583bd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ed0d6b78c96e1f7510f45de43e602318

SHA1
3674d3717336522474cbd9b9710ccba996c521db

SHA256
c6fdfc5d488bf59a051b9b50f5f0dc29f6193aca4c6d58c513de60dac9855403

SHA512
3127467eacd0205269d6faec039dab6c486c1015c721903ed59ee363af72e0c7580eb3d47c34363ce83bf17341871fa9635be697ab0bffb4d249b0b298c3b8f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b1e5bed615026237f9afd74fd3c42ce

SHA1
c1498bd1bc136436f6ec1d6a325ab6833ce2d3bb

SHA256
296faa44cc8a5328946e8c7e88dfef3dee9ebb9fc3de2d8ab643f1029417adc6

SHA512
ab2ff7d935104193fcce70142208999044261bb7160065163a47de6ea356e3f2a8bcf2bbf7e816556eac38df355979c935048021e93a11f64a022898f27bcfd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
92bb111894a6056e835e6c4017eb0a85

SHA1
687fdfb0c58229bf7e46f9d3841cb8d4ce430634

SHA256
375233c3439b12306254596fe388d262a65eefed01de9ff08633299b064875b4

SHA512
00e4dffa525b48be2837ad750579634f8e63800875218a87ce32d15e9898c8e3703943783321597d23d35e3cae14db5224a5a018a13a06dbbc81f16b1344141a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2230abcddbd75ffe68c59d88af26bf11

SHA1
6aa1e5b987b42dd64ab8d53b015b7f73b8a5bbef

SHA256
62bf32de5ba701ad889dcb8b040f9a2dc5a892fe8fd948b44115c792133fa29a

SHA512
fea1fa82e1cc7349c3ae00109188321225cad58eef37834c42809fcdb33d93bb5bb680acc8a5d6424cf1b612c742efe1ba380f107a9ba653f1b9b946397f35ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d64bfda65700622c5114ff73d790a433

SHA1
e7a95b0226b364f11179a25537867f8d2c256539

SHA256
988195dd9d89633b2c989dcf2240de048249cfc3ec02289eb4faf63026d5148f

SHA512
e1e3772fea9913768aa5ed22c15aba54ded1e92051009e3b314228f7340779b2dcea8637d2b845e4796ff4091faac269ce2dacd9c002df6ef743775918e5b2c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6856ed0003ac38b0350145f4a20fc04d

SHA1
f5bd16477334011018e69a4968765a36d75b7318

SHA256
96a7f8cb2eca7ec1e9b9b0c9bc80ffa33d560671177eae1bce3862d33fe99ebe

SHA512
8af8f3edc3fa57836594281f1f3c07d5df2db07c698ecad290c582f6b7a928031dc26553828d0acdd84a541b826d0f15be8d9cc9cf08dcfa1a676b6e9c8a834d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fd42987fce853b12d89976ac9c300004

SHA1
9e611718b91ee97ebc49bb684ff588fa033a5682

SHA256
0a71a3d69122c5d54a049e732726e10bce33ef22b5dd5c68dc7bb1ecb261ea27

SHA512
3f3a2d6791d3a607f36096abd1667b229ef2b4872ef1ad8620ac27c73d6123a3def7138ba7b4a30e9172783c8032cd3932bd105be566a373b6992f812195de48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
64c97a9eaff5cdc12a5b70b98edf7cc8

SHA1
e5e0e158eaed169dfebd537df4d4943477f50b2e

SHA256
ef47d16ae7f483be2a0cfc0567f8454cc0a544791b5f00f564e1db6f75aba905

SHA512
107c685c382c58c5d088cdbcd6e8b53e6120354ab40d58d3478471306a31ae8ada36bfdbdc4046f33341b16c86f5a39679c3df29cc9970e9365196bd5fdc1d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
38f3647a3d16bcbf84671da286c48bdd

SHA1
b10349232b2b753e3814694f49999a21adfdffe1

SHA256
6bd597086f249babfcf1554491165af5da8f8f5bca2de79aac56533d1152338a

SHA512
a362062d4cb5587654a012025260dc05bd1c66d8e2a536ee5004a1ba9cef0b868bfcc236a6ab985ad8f36c15a77f12f064fe48e3b543169512cc8ac1168cada0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
425b322c9d6df9737975fe27a6628cbc

SHA1
e5d309ea90018c464b926868653a5e1bdf4356cb

SHA256
c4f732e815f073f0e3cd9257b5fccc7f494090ad1db6b98fe967f5b048cfbe98

SHA512
a4e23a5c027760aa6b5e7037d3546981d66879e03d03c704f82a14c184af49b83320f78269e731a2094b9c568ce293964b2f98a1edfa383883314b25ee9439b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1359b744b88598bbf5aaa97b757f9590

SHA1
5699de604ce5e993dba619214ab0f3d593f29556

SHA256
ee42717e00ebe7551e8f4f696caa63e2fa716c98cacaf6c4e87368356626832c

SHA512
c102e38cf62b1e8b9ece2fca8f73442738a515dd7a5895aeca4816648a1a4848cde86913dca396469a0ed4cdade29b391f469786a05dcd1b7d94486a0835fe83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a75deef8d90477901b2668089ec7f5f2

SHA1
bd0e4d8ef5d9d53491c4b35439246f5834a4c879

SHA256
a4079d99b699c500fe70eae769ae1150d9ddebb3cf6081363c1d35f9e8bab386

SHA512
35f0af88396c09ec55380699857007330008e1e953a98e56b075feed54ac246e1e87570a3bc9d1c6dd2fe39a9c02fc249377970c65090ad30482df4c4c0fc8dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ebe35f51fc16a3a83613051b9ad54f7e

SHA1
0b04184a081144a964a90532fb2d514841f453ea

SHA256
29dce2024dac42448e817aa45d4fa50e42e2ec53fd56a142698e7b7c936fe823

SHA512
53bc3366f7fe73249a556e0f7b65891ed29f75d7d79372bd4690034a43bb057f463ac18499a760453a4fb0da212df9d0a2622a332d8f9c59e27c3e47fde8d615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cea3ec601cde01e2ca4c2de3eaec9600

SHA1
2a5fe1018c63c659a952f730adb0c028fe79cefd

SHA256
81eeb4915d5190b87b7907dc491bf0fbfecc9327e45c26c48c19a017e3e95116

SHA512
8c02dcf963795793c1cc4414e36bcfb364d673b73903883d4e2f2e76e5dd5dccf4d43a7e448eaf78aefc24ba880aeb1b20fc969a8262c416c37e911867fe77f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e87f6c6167b9c45da612225a0908332e

SHA1
75354ac583c1cfaa3253b387902d2449a531c7a4

SHA256
618f3a82c6dda1d23a7ddb1fb008d90cd53f661c78a968b53521c25790da2f56

SHA512
0bde3c0ca97ef26f83b97ad9e7a2d7a70ac0681fe350e4b28e6893cccaace2e62542bfb990afbf0491e44d936ec495fce911f1db98d25b1fe32d544f79d9ef91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
896df5d358a0db497365137b0b1d189d

SHA1
ebccd7f18ed8939e5916c1330e52d0cf69374640

SHA256
d20f46938818904cc0dedd1fab4e0c99a22a4e627cc4cf3424b87b340c821849

SHA512
ebd21f4ea4496995e07748cb3393a9b76eeb7a3bbf7cc2b7c8feec25e1714efe8426d804083fe13d6fc2ef9191053bf85ad5e76c148849232e4a607ac9688eab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
feb57ecf5c95b6a607b321cf03465cb9

SHA1
bba6bb08a4b660fe1a88bb889cbbb6ce7134ab03

SHA256
a6ff4978f1d68295ecd1099063e53aaecb033999649d9ee1513399df99d5a105

SHA512
06b71b8114bf75ea1b7c55819dbdfccc723f8544abcd627c00bf321bc42f66f9698e4a78c0e9aaa2e87459bf2893e310c0954b20cbbcdb3d104a837b1fe1cd2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b3877fcb58ef54c682efcd42f7bc4204

SHA1
bf10c3f0c4f2a50517d6afe14ad118fd59e8b1e0

SHA256
5d5104fd0c952f713ffa0f46c9c4f0afcf47a3644cc383ab666649899c086647

SHA512
a613ff4a1aed88d2f9c326eadb9c92b3900bf9898718334ceda8a42b787177c581bb947db76bf57ef46fc2a21648b3eaa0ba052178bb7a98e6aad5d9293cbaaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c5c28d9e48c1671ca8e47409d69defed

SHA1
395259916b7854e84143014fcf71795a7560d94f

SHA256
a321e2f44fa094191bbb1550f2b29d9d54ed85fde11cea57ddf7a80db705f750

SHA512
6e9a6111151e1b5f18f3f60c7f3f031bedffe1a0106e08db8752f8771e1ff2b8427359ef497af08d5cfca369cdc718d36d3ee5eb5acd28f89bf97db69ccbbdb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ccd0658c57ebc0b0e61f077d4dbed20a

SHA1
735bdf624a6f199c61e5f0e6f70c587f37843371

SHA256
856716af5c3f69fa3c779995f65a3ea72f8ba0e39bc409bb979688eecf5c1f62

SHA512
46ae03bcc586ebfe1ddd426eb1d2c6e43b61326179f4ef63f95d5823570ac7098873cef03af78e9e4c3dbfb372f5c9a17ff8201186d3f7927020269ed8a950cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2ec66481bb41c18d3adeaf39c04067b1

SHA1
817cea0a2882a67912889359fac9b733a6a7405c

SHA256
76bf8994af3134c5f7b7862476e84d5cc7acb17996f05053ac1580ba3cfd0a00

SHA512
b3a62774468083210d0d2f47a1320f11095c29dcdb758bee5543966e9ad3bbc056c11790f1fca3ae502687c3e1898ad18f08fc8225539eebe5950188402dd1e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
72B

MD5
0bb1a14bfa77bc24b259fd61324ebe8b

SHA1
27f08cb4076b8672fb5b4f144c4da2b7f1328193

SHA256
b2c211564fb07686c83e04a33061a44c08991876be5a3d2336efa75dc2b37a61

SHA512
02b0d7104242c3a93ecb3b63353c714a9047ac3bf2b88ee06b19383162ff59f7a2974ce8a2c2306102a35c2da1b5714787fa06341e26e2b2483fd41c6412311d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
140B

MD5
f65202ed6a136461cda01627f33a5d17

SHA1
766a336a668b0155852dee434b0741a1cd8d150b

SHA256
645ff548485158f89ffa71c119ef3b4d7b6789c30bc486e68ee83f42c2581efe

SHA512
ee537ec73e5f0983a863431dbe30781d8380500cbdfacb52564309a61283eeb185a2520b060823921a8ff6f63283b3807c2e4bfa14f2141d84bc3056240994d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5adf17.TMP

Filesize
140B

MD5
d70daabc0a9c684722bd712a0c05e9f6

SHA1
6ec2372264d4acf454502661a6500a8b1b356d81

SHA256
c07b3ee253a68da135fef4347a542aa085b60d52c46c9a323a558805f15fea7e

SHA512
089ac395744a6d0651299b0ff8db13b004926072424e0a35516f1892ed04455dbc176ad850dc51ee3247d9a464301de46b499047d629fbce679f285a35f061c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a34e7479-2663-4e01-9f91-bcb4b087c6b3.tmp

Filesize
10KB

MD5
80e6648c9b6a2f5f6e3c6cdff65a1744

SHA1
3b1af9e0759b5b8da3e7ae2369d9c50067c9f5d8

SHA256
2f0b7bfc16ca926369d968439b4404c16f2cdafeecd321e79ff0e67ec42ee546

SHA512
01aed6667279addf2d74bc34789c2d4da3d154d84bb4267dfff70a3f3b01bee42b9e9a60ef6d5872bb075e75ac8babc08a097e6cdee50b30a581b1237bbf0618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
5e27c1af30a12fd2ff20ceb261048ffe

SHA1
3026e284daff872defbd72309c9f6bdfa5ab0ab3

SHA256
287f790daa2c0790eaeaf1af5fc28d8929ffb8e11d079c12e41c723534dbdd85

SHA512
c015bb0149172374759d279b57345c5569ba55454df39ede4cbafa63094c58740468bb0da15cddbdc90e722d704f860881584cf43722b4e73321f97d568ee504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
4b53a1833d5bab6fc1e2fc23374276dc

SHA1
503fed908ed3ed612d2fccfe9829a9f64d3c89cc

SHA256
a6271e6429e8ddaa74e09562e21be3b484745dba64000540be3ba493e598a54f

SHA512
2bf8bebb9745a549f616cb5f32be5a731bb93180401de57ab2203fae8c13024c01cda4b7df3c8ec705318d51294a465d3aedd477be46645354e5d0cc371b3c2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
129a3f6d90e0d4c455303d25bb4c48d4

SHA1
e6ff376a20d17a5b44729596a4a0f0a054add2ce

SHA256
04c7b1fc1dac349ef59ebd6ec3f819a3186972835ef3c1b608a9df7060f9f072

SHA512
cf75bfaca47b803a392fa2a76a19b735ac85bef5b2f285552047a0329608d5a00acfdb4baf549d1463ae9040e6ebd6db3011cf31b430cff84944954828ad25b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
0098d3a9c8a6e89488cba06ab72a05cd

SHA1
27abff3b7632f70daa522a66970e432760442649

SHA256
ce987ad9204c229227b159516aa91eb7994c3106067406637a556d856e3df214

SHA512
2c8526418282a76ec918f550466cad69ff5ec36a29b957b48a1dc11183ee215fe8a699f7ce5edc144b2fc38a397668086aed18a016a1c930d98d84dbfb2844c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
95880e59973a141e17df36cbfcc45fe6

SHA1
b74d93c12d7a939fa9c5456113bee12e1381ac51

SHA256
4b9c75176435d10954ce591c744125afff78ba72c73634256df804a7ede3c391

SHA512
aedba03b1f985a89df50bae6d14f66909e9ab7f57eaf0a274102360adced406898aaf395aea5238ae55b2cfb3ef2dab4c16333ce0699f699c08f184c5e3fe4a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
19bb466bf0ce4a3888a8bad3d81b751f

SHA1
2887930610d14f98b3920d33fb5a53bf84f3ba77

SHA256
653e17dc291382b84c3095f77c0f468fbf59f4087995951a48a68c54d15091e8

SHA512
27b61e856e11f52fb79d382c69300066f6039cb523cbaa242918eb64c6a2ba1ad2c426066e76bcb11290ebfb1bf30f99b348aee8237ee2e116b731c9f8acb6d2

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\0589302f91aa343fbe0005be96fccbe2

Filesize
7.4MB

MD5
0589302f91aa343fbe0005be96fccbe2

SHA1
e522005b2f17a5e1686ec12c78c59f9ea97bf3a2

SHA256
24a86d06e182f61060442200d2e197a3bf1ae0757ccb60ba65137b66e63fe236

SHA512
63e5f206365b59426f9bd66bbed78ad0e74018f5d9485f69793fa1fbb78beb8baf3f182814c4938a123a6ea993b91f39a3d070e676bf146e622e99a4e2874279

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4196_487344512\1b7cb940-a5a0-4140-9955-12627c24b9e3.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4196_487344512\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\Bootstrapper.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\Installer\MSICFB4.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSID023.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSIE284.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
memory/1144-4251-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-4512-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-4024-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-4687-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-3676-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-3677-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-4198-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-3675-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-3688-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-4683-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-3689-0x000002ACE4B70000-0x000002ACE4B80000-memory.dmp

Filesize
64KB

Download
memory/1144-4387-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-3946-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-3694-0x000002ACE9EF0000-0x000002ACE9EFE000-memory.dmp

Filesize
56KB

Download
memory/1144-4437-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-4636-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-3690-0x000002ACE5040000-0x000002ACE50D0000-memory.dmp

Filesize
576KB

Download
memory/1144-4607-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-4585-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-3693-0x000002ACE9F20000-0x000002ACE9F58000-memory.dmp

Filesize
224KB

Download
memory/1144-3691-0x000002ACE9D30000-0x000002ACE9D38000-memory.dmp

Filesize
32KB

Download
memory/1144-3674-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-3823-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1144-4537-0x0000000180000000-0x000000018110B000-memory.dmp

Filesize
17.0MB

Download
memory/1212-3714-0x00007FFE425D0000-0x00007FFE425D1000-memory.dmp

Filesize
4KB

Download
memory/1212-3842-0x000001C812B40000-0x000001C812B69000-memory.dmp

Filesize
164KB

Download
memory/1388-2-0x00007FFE22B90000-0x00007FFE23652000-memory.dmp

Filesize
10.8MB

Download
memory/1388-1-0x0000017608180000-0x000001760824E000-memory.dmp

Filesize
824KB

Download
memory/1388-0-0x00007FFE22B93000-0x00007FFE22B95000-memory.dmp

Filesize
8KB

Download
memory/1388-2964-0x000001760A1A0000-0x000001760A1AA000-memory.dmp

Filesize
40KB

Download
memory/1388-3483-0x00007FFE22B90000-0x00007FFE23652000-memory.dmp

Filesize
10.8MB

Download
memory/1388-54-0x00007FFE22B90000-0x00007FFE23652000-memory.dmp

Filesize
10.8MB

Download
memory/1388-6-0x00007FFE22B93000-0x00007FFE22B95000-memory.dmp

Filesize
8KB

Download
memory/1388-3036-0x0000017622C40000-0x0000017622C52000-memory.dmp

Filesize
72KB

Download
memory/1388-4-0x000001760A170000-0x000001760A192000-memory.dmp

Filesize
136KB

Download
memory/2160-3843-0x0000021330490000-0x00000213304B9000-memory.dmp

Filesize
164KB

Download
memory/3048-3468-0x000001B1C1FF0000-0x000001B1C252C000-memory.dmp

Filesize
5.2MB

Download
memory/3048-3473-0x000001B1C1D20000-0x000001B1C1DD2000-memory.dmp

Filesize
712KB

Download
memory/3048-3471-0x000001B1C1C60000-0x000001B1C1D1A000-memory.dmp

Filesize
744KB

Download
memory/3048-3462-0x000001B1A73B0000-0x000001B1A73D4000-memory.dmp

Filesize
144KB

Download
memory/4216-4600-0x000001C0541B0000-0x000001C0541D9000-memory.dmp

Filesize
164KB

Download