Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/07/2024, 23:23 UTC

General

  • Target

    Bootstrapper.exe

  • Size

    797KB

  • MD5

    86bf094b70901e55a281e0a0683dd8b3

  • SHA1

    24afc916d186facaf7885363bf335e3e5b7d69b9

  • SHA256

    2a4255d739e42838d49159d7228952b512a2c8ccb6f4b0c8d35543912130dac6

  • SHA512

    2f33349c13f7778869f4e200380acd9c12e41a981a30005ad01aa8c29442d9bfdfb2a76a1b589be1efb2e4a314cbdf92f691a12b0fa487af4160e7d87ff25e56

  • SSDEEP

    12288:e/+ubxKHJg5bbEjlsqRoAQpjFVfG0c4XqCon9hUpVo34u:Q+ubYHYqRoAQpjFVG0HXqlF4u

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 17 IoCs
  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Blocklisted process makes network request 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 21 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 30 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
    "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3804
    • C:\Windows\SysWOW64\msiexec.exe
      "msiexec" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:2360
    • C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe
      "C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe" /install /quiet /norestart
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1564
      • C:\Windows\Temp\{D44D031C-09E1-402B-958B-105855CFE2CA}\.cr\vc_redist.x64.exe
        "C:\Windows\Temp\{D44D031C-09E1-402B-958B-105855CFE2CA}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548 /install /quiet /norestart
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1304
    • C:\ProgramData\Solara\Solara.exe
      "C:\ProgramData\Solara\Solara.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      PID:4904
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Windows\System32\MsiExec.exe
      C:\Windows\System32\MsiExec.exe -Embedding 57313F94AC53FEF9D5AE5D017D1F219B
      2⤵
      • Loads dropped DLL
      PID:3144
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 81A849AA04F16DAD61CBE94D88808F4F
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2068
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding BC4F639C2EF237BCA79DB09F55E7CBD1 E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5108
      • C:\Windows\SysWOW64\wevtutil.exe
        "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1428
        • C:\Windows\System32\wevtutil.exe
          "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:884

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    pastebin.com
    Solara.exe
    Remote address:
    8.8.8.8:53
    Request
    pastebin.com
    IN A
    Response
    pastebin.com
    IN A
    104.20.4.235
    pastebin.com
    IN A
    172.67.19.24
    pastebin.com
    IN A
    104.20.3.235
  • flag-us
    GET
    https://pastebin.com/raw/xr5Gb4Bn
    Bootstrapper.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/xr5Gb4Bn HTTP/1.1
    Host: pastebin.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 23:24:11 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 1490
    Last-Modified: Thu, 25 Jul 2024 22:59:21 GMT
    Server: cloudflare
    CF-RAY: 8a8fe6ea883e77a0-LHR
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    81.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.144.22.2.in-addr.arpa
    IN PTR
    Response
    81.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-81deploystaticakamaitechnologiescom
  • flag-us
    DNS
    clientsettings.roblox.com
    Solara.exe
    Remote address:
    8.8.8.8:53
    Request
    clientsettings.roblox.com
    IN A
    Response
    clientsettings.roblox.com
    IN CNAME
    titanium.roblox.com
    titanium.roblox.com
    IN CNAME
    edge-term4.roblox.com
    edge-term4.roblox.com
    IN CNAME
    edge-term4-lhr2.roblox.com
    edge-term4-lhr2.roblox.com
    IN A
    128.116.119.4
  • flag-us
    DNS
    clientsettings.roblox.com
    Solara.exe
    Remote address:
    8.8.8.8:53
    Request
    clientsettings.roblox.com
    IN A
  • flag-us
    DNS
    clientsettings.roblox.com
    Solara.exe
    Remote address:
    8.8.8.8:53
    Request
    clientsettings.roblox.com
    IN A
  • flag-us
    DNS
    235.4.20.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    235.4.20.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    74.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    74.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    203.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    203.197.79.204.in-addr.arpa
    IN PTR
    Response
    203.197.79.204.in-addr.arpa
    IN PTR
    a-0003a-msedgenet
  • flag-gb
    GET
    https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
    Bootstrapper.exe
    Remote address:
    128.116.119.4:443
    Request
    GET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
    Host: clientsettings.roblox.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    content-length: 119
    content-type: application/json; charset=utf-8
    date: Thu, 25 Jul 2024 23:24:13 GMT
    server: Kestrel
    cache-control: no-cache
    strict-transport-security: max-age=3600
    x-frame-options: SAMEORIGIN
    roblox-machine-id: 869419b2-f5bd-1b50-f4f6-03aebe67cfd1
    x-roblox-region: us-central
    alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=259200
    x-roblox-edge: lhr2
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
  • flag-us
    DNS
    www.nodejs.org
    Bootstrapper.exe
    Remote address:
    8.8.8.8:53
    Request
    www.nodejs.org
    IN A
    Response
    www.nodejs.org
    IN A
    104.20.22.46
    www.nodejs.org
    IN A
    104.20.23.46
  • flag-us
    GET
    https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
    Bootstrapper.exe
    Remote address:
    104.20.22.46:443
    Request
    GET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1
    Host: www.nodejs.org
    Connection: Keep-Alive
    Response
    HTTP/1.1 307 Temporary Redirect
    Date: Thu, 25 Jul 2024 23:24:14 GMT
    Content-Type: text/plain
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: public, max-age=0, must-revalidate
    location: https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-vercel-id: lhr1::rz9tx-1721949854372-841c44aa820a
    CF-Cache-Status: DYNAMIC
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8a8fe6fbe9de9559-LHR
  • flag-us
    DNS
    nodejs.org
    Bootstrapper.exe
    Remote address:
    8.8.8.8:53
    Request
    nodejs.org
    IN A
    Response
    nodejs.org
    IN A
    104.20.22.46
    nodejs.org
    IN A
    104.20.23.46
  • flag-us
    DNS
    4.119.116.128.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.119.116.128.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    46.22.20.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    46.22.20.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
    Bootstrapper.exe
    Remote address:
    104.20.22.46:443
    Request
    GET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1
    Host: nodejs.org
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 23:24:15 GMT
    Content-Type: application/octet-stream
    Content-Length: 31539200
    Connection: keep-alive
    last-modified: Wed, 12 Apr 2023 04:13:37 GMT
    etag: "64362ff1-1e14000"
    Cache-Control: public, max-age=3600, s-maxage=14400
    CF-Cache-Status: HIT
    Age: 999
    Accept-Ranges: bytes
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8a8fe706fc8253a4-LHR
  • flag-us
    DNS
    23.149.64.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.149.64.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.142.211.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.142.211.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    aka.ms
    Bootstrapper.exe
    Remote address:
    8.8.8.8:53
    Request
    aka.ms
    IN A
    Response
    aka.ms
    IN A
    2.18.238.120
  • flag-ie
    GET
    https://aka.ms/vs/16/release/vc_redist.x64.exe
    Bootstrapper.exe
    Remote address:
    2.18.238.120:443
    Request
    GET /vs/16/release/vc_redist.x64.exe HTTP/1.1
    Host: aka.ms
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Length: 0
    Server: Kestrel
    Location: https://download.visualstudio.microsoft.com/download/pr/9613cb5b-2786-49cd-8d90-73abd90aa50a/CEE28F29F904524B7F645BCEC3DFDFE38F8269B001144CD909F5D9232890D33B/VC_redist.x64.exe
    Request-Context: appId=cid-v1:9b037ab9-fa5a-4c09-81bd-41ffa859f01e
    X-Response-Cache-Status: True
    Expires: Thu, 25 Jul 2024 23:24:36 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Thu, 25 Jul 2024 23:24:36 GMT
    Connection: keep-alive
    Strict-Transport-Security: max-age=31536000 ; includeSubDomains
  • flag-us
    DNS
    download.visualstudio.microsoft.com
    Bootstrapper.exe
    Remote address:
    8.8.8.8:53
    Request
    download.visualstudio.microsoft.com
    IN A
    Response
    download.visualstudio.microsoft.com
    IN CNAME
    visualstudio.download.prss.trafficmanager.net
    visualstudio.download.prss.trafficmanager.net
    IN CNAME
    4316b.wpc.azureedge.net
    4316b.wpc.azureedge.net
    IN CNAME
    cs10.wpc.v0cdn.net
    cs10.wpc.v0cdn.net
    IN A
    68.232.34.200
  • flag-fr
    GET
    https://download.visualstudio.microsoft.com/download/pr/9613cb5b-2786-49cd-8d90-73abd90aa50a/CEE28F29F904524B7F645BCEC3DFDFE38F8269B001144CD909F5D9232890D33B/VC_redist.x64.exe
    Bootstrapper.exe
    Remote address:
    68.232.34.200:443
    Request
    GET /download/pr/9613cb5b-2786-49cd-8d90-73abd90aa50a/CEE28F29F904524B7F645BCEC3DFDFE38F8269B001144CD909F5D9232890D33B/VC_redist.x64.exe HTTP/1.1
    Host: download.visualstudio.microsoft.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Age: 61365
    ApiVersion: Distribute 1.1
    Cache-Control: public, max-age=259200
    Content-Disposition: attachment; filename=VC_redist.x64.exe; filename*=UTF-8''VC_redist.x64.exe
    Content-Type: application/octet-stream
    Date: Thu, 25 Jul 2024 23:24:36 GMT
    Etag: "0x4DF121C0033B7985CFDE766C8AE616C096B772384A6E69BBC4CDF3701F3BAA4B"
    Last-Modified: Thu, 02 Nov 2023 10:39:29 GMT
    Server: ECAcc (lhd/35E3)
    X-Cache: HIT
    X-Ms-ApiVersion: Distribute 1.2
    X-Ms-Region: prod-neu-z1
    Content-Length: 25245176
  • flag-us
    DNS
    120.238.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    120.238.18.2.in-addr.arpa
    IN PTR
    Response
    120.238.18.2.in-addr.arpa
    IN PTR
    a2-18-238-120deploystaticakamaitechnologiescom
  • flag-us
    DNS
    200.34.232.68.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.34.232.68.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
    Response
    18.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-18deploystaticakamaitechnologiescom
  • flag-us
    DNS
    github.com
    Bootstrapper.exe
    Remote address:
    8.8.8.8:53
    Request
    github.com
    IN A
    Response
    github.com
    IN A
    20.26.156.215
  • flag-gb
    GET
    https://github.com/cmd-softworks/solara/raw/main/Solara.Dir.zip
    Bootstrapper.exe
    Remote address:
    20.26.156.215:443
    Request
    GET /cmd-softworks/solara/raw/main/Solara.Dir.zip HTTP/1.1
    Host: github.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Server: GitHub.com
    Date: Thu, 25 Jul 2024 23:23:34 GMT
    Content-Type: text/html; charset=utf-8
    Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
    Access-Control-Allow-Origin:
    Location: https://raw.githubusercontent.com/cmd-softworks/solara/main/Solara.Dir.zip
    Cache-Control: no-cache
    Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
    X-Frame-Options: deny
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 0
    Referrer-Policy: no-referrer-when-downgrade
    Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
    Content-Length: 0
    X-GitHub-Request-Id: D143:137350:3152FA:372EE8:66A2DEC3
  • flag-us
    DNS
    raw.githubusercontent.com
    Bootstrapper.exe
    Remote address:
    8.8.8.8:53
    Request
    raw.githubusercontent.com
    IN A
    Response
    raw.githubusercontent.com
    IN A
    185.199.111.133
    raw.githubusercontent.com
    IN A
    185.199.108.133
    raw.githubusercontent.com
    IN A
    185.199.110.133
    raw.githubusercontent.com
    IN A
    185.199.109.133
  • flag-us
    GET
    https://raw.githubusercontent.com/cmd-softworks/solara/main/Solara.Dir.zip
    Bootstrapper.exe
    Remote address:
    185.199.111.133:443
    Request
    GET /cmd-softworks/solara/main/Solara.Dir.zip HTTP/1.1
    Host: raw.githubusercontent.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Connection: keep-alive
    Content-Length: 8506716
    Cache-Control: max-age=300
    Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
    Content-Type: application/zip
    ETag: "be99d84be2b059d90e23b7a45852a9c82e88ee432bdd8242bf163a65986af8c7"
    Strict-Transport-Security: max-age=31536000
    X-Content-Type-Options: nosniff
    X-Frame-Options: deny
    X-XSS-Protection: 1; mode=block
    X-GitHub-Request-Id: 8774:35C294:1B1449:21005B:66A2D755
    Accept-Ranges: bytes
    Date: Thu, 25 Jul 2024 23:24:51 GMT
    Via: 1.1 varnish
    X-Served-By: cache-lon4274-LON
    X-Cache: HIT
    X-Cache-Hits: 0
    X-Timer: S1721949891.332751,VS0,VE1
    Vary: Authorization,Accept-Encoding,Origin
    Access-Control-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    X-Fastly-Request-ID: dfc80b3dba9a465994dc1df9e95b72f247fc11a0
    Expires: Thu, 25 Jul 2024 23:29:51 GMT
    Source-Age: 21
  • flag-us
    DNS
    215.156.26.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    215.156.26.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    133.111.199.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.111.199.185.in-addr.arpa
    IN PTR
    Response
    133.111.199.185.in-addr.arpa
    IN PTR
    cdn-185-199-111-133githubcom
  • flag-us
    GET
    https://pastebin.com/raw/xr5Gb4Bn
    Solara.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/xr5Gb4Bn HTTP/1.1
    Host: pastebin.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 23:24:54 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 1533
    Last-Modified: Thu, 25 Jul 2024 22:59:21 GMT
    Server: cloudflare
    CF-RAY: 8a8fe7f7ae0b6347-LHR
  • flag-us
    GET
    https://pastebin.com/raw/xr5Gb4Bn
    Solara.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/xr5Gb4Bn HTTP/1.1
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 23:24:54 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 1533
    Last-Modified: Thu, 25 Jul 2024 22:59:21 GMT
    Server: cloudflare
    CF-RAY: 8a8fe7f94f6f6347-LHR
  • flag-gb
    GET
    https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
    Solara.exe
    Remote address:
    128.116.119.4:443
    Request
    GET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
    Host: clientsettings.roblox.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    content-length: 119
    content-type: application/json; charset=utf-8
    date: Thu, 25 Jul 2024 23:24:54 GMT
    server: Kestrel
    cache-control: no-cache
    strict-transport-security: max-age=3600
    x-frame-options: SAMEORIGIN
    roblox-machine-id: 869419b2-f5bd-1b50-f4f6-03aebe67cfd1
    x-roblox-region: us-central
    alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=259200
    x-roblox-edge: lhr2
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
  • flag-us
    GET
    https://pastebin.com/raw/xr5Gb4Bn
    Solara.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/xr5Gb4Bn HTTP/1.1
    Host: pastebin.com
    Accept: */*
    Response
    HTTP/1.1 200 OK
    Date: Thu, 25 Jul 2024 23:24:59 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: HIT
    Age: 1538
    Last-Modified: Thu, 25 Jul 2024 22:59:21 GMT
    Server: cloudflare
    CF-RAY: 8a8fe818c9fd7705-LHR
  • flag-us
    DNS
    c.pki.goog
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    172.217.169.3
  • flag-gb
    GET
    http://c.pki.goog/r/gsr1.crl
    Remote address:
    172.217.169.3:80
    Request
    GET /r/gsr1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 1739
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Thu, 25 Jul 2024 22:45:25 GMT
    Expires: Thu, 25 Jul 2024 23:35:25 GMT
    Cache-Control: public, max-age=3000
    Age: 2374
    Last-Modified: Mon, 08 Jul 2024 07:38:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-gb
    GET
    http://c.pki.goog/r/r4.crl
    Remote address:
    172.217.169.3:80
    Request
    GET /r/r4.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 436
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Thu, 25 Jul 2024 23:23:04 GMT
    Expires: Fri, 26 Jul 2024 00:13:04 GMT
    Cache-Control: public, max-age=3000
    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
    Age: 115
  • flag-us
    DNS
    3.169.217.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    3.169.217.172.in-addr.arpa
    IN PTR
    Response
    3.169.217.172.in-addr.arpa
    IN PTR
    lhr25s26-in-f31e100net
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388075_1B72WX0XS183A8WRW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239339388075_1B72WX0XS183A8WRW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 546931
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7B45C31D82954A0782E9E8DB476A29C3 Ref B: LON04EDGE1211 Ref C: 2024-07-25T23:25:50Z
    date: Thu, 25 Jul 2024 23:25:49 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388074_1MIWA2TTYRN56F380&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239339388074_1MIWA2TTYRN56F380&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 573690
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0D330CC4BA3D44419BD2E67361E6E7AE Ref B: LON04EDGE1211 Ref C: 2024-07-25T23:25:50Z
    date: Thu, 25 Jul 2024 23:25:49 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301167_10EF6H5QJP57ZPZOD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301167_10EF6H5QJP57ZPZOD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 464914
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0BF03BF45E8242FA90067955CDDA2F08 Ref B: LON04EDGE1211 Ref C: 2024-07-25T23:25:50Z
    date: Thu, 25 Jul 2024 23:25:49 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301678_17ZTGMBOXP9GMFDLK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301678_17ZTGMBOXP9GMFDLK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 1071336
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3400F2D3C6A14656BBF744D6BF86CC00 Ref B: LON04EDGE1211 Ref C: 2024-07-25T23:25:50Z
    date: Thu, 25 Jul 2024 23:25:50 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301269_1SV32GTE1U6J5ZYXG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301269_1SV32GTE1U6J5ZYXG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 1145630
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 65F4B4C22CB143B5808EEA3760CAE16C Ref B: LON04EDGE1211 Ref C: 2024-07-25T23:25:50Z
    date: Thu, 25 Jul 2024 23:25:50 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301576_1P4YPBOHIENGSX86I&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301576_1P4YPBOHIENGSX86I&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 427457
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A416E43D664C4B3DB946F655EBF73E67 Ref B: LON04EDGE1211 Ref C: 2024-07-25T23:25:51Z
    date: Thu, 25 Jul 2024 23:25:50 GMT
  • 104.20.4.235:443
    https://pastebin.com/raw/xr5Gb4Bn
    tls, http
    Bootstrapper.exe
    726 B
    4.3kB
    8
    8

    HTTP Request

    GET https://pastebin.com/raw/xr5Gb4Bn

    HTTP Response

    200
  • 128.116.119.4:443
    https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
    tls, http
    Bootstrapper.exe
    830 B
    6.5kB
    9
    9

    HTTP Request

    GET https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live

    HTTP Response

    200
  • 104.20.22.46:443
    https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
    tls, http
    Bootstrapper.exe
    799 B
    6.8kB
    9
    11

    HTTP Request

    GET https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi

    HTTP Response

    307
  • 104.20.22.46:443
    https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
    tls, http
    Bootstrapper.exe
    1.3MB
    34.9MB
    20192
    25011

    HTTP Request

    GET https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi

    HTTP Response

    200
  • 2.18.238.120:443
    https://aka.ms/vs/16/release/vc_redist.x64.exe
    tls, http
    Bootstrapper.exe
    812 B
    5.3kB
    9
    9

    HTTP Request

    GET https://aka.ms/vs/16/release/vc_redist.x64.exe

    HTTP Response

    301
  • 68.232.34.200:443
    https://download.visualstudio.microsoft.com/download/pr/9613cb5b-2786-49cd-8d90-73abd90aa50a/CEE28F29F904524B7F645BCEC3DFDFE38F8269B001144CD909F5D9232890D33B/VC_redist.x64.exe
    tls, http
    Bootstrapper.exe
    463.0kB
    26.0MB
    9885
    18651

    HTTP Request

    GET https://download.visualstudio.microsoft.com/download/pr/9613cb5b-2786-49cd-8d90-73abd90aa50a/CEE28F29F904524B7F645BCEC3DFDFE38F8269B001144CD909F5D9232890D33B/VC_redist.x64.exe

    HTTP Response

    200
  • 20.26.156.215:443
    https://github.com/cmd-softworks/solara/raw/main/Solara.Dir.zip
    tls, http
    Bootstrapper.exe
    800 B
    7.4kB
    9
    8

    HTTP Request

    GET https://github.com/cmd-softworks/solara/raw/main/Solara.Dir.zip

    HTTP Response

    302
  • 185.199.111.133:443
    https://raw.githubusercontent.com/cmd-softworks/solara/main/Solara.Dir.zip
    tls, http
    Bootstrapper.exe
    150.5kB
    8.8MB
    3215
    6289

    HTTP Request

    GET https://raw.githubusercontent.com/cmd-softworks/solara/main/Solara.Dir.zip

    HTTP Response

    200
  • 104.20.4.235:443
    https://pastebin.com/raw/xr5Gb4Bn
    tls, http
    Solara.exe
    937 B
    5.4kB
    11
    11

    HTTP Request

    GET https://pastebin.com/raw/xr5Gb4Bn

    HTTP Response

    200

    HTTP Request

    GET https://pastebin.com/raw/xr5Gb4Bn

    HTTP Response

    200
  • 128.116.119.4:443
    https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
    tls, http
    Solara.exe
    922 B
    6.6kB
    11
    11

    HTTP Request

    GET https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live

    HTTP Response

    200
  • 104.20.4.235:443
    https://pastebin.com/raw/xr5Gb4Bn
    tls, http
    Solara.exe
    902 B
    4.6kB
    11
    9

    HTTP Request

    GET https://pastebin.com/raw/xr5Gb4Bn

    HTTP Response

    200
  • 172.217.169.3:80
    http://c.pki.goog/r/r4.crl
    http
    602 B
    3.9kB
    8
    6

    HTTP Request

    GET http://c.pki.goog/r/gsr1.crl

    HTTP Response

    200

    HTTP Request

    GET http://c.pki.goog/r/r4.crl

    HTTP Response

    200
  • 127.0.0.1:54014
    Solara.exe
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.1kB
    593 B
    10
    8
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
    6.9kB
    15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
    6.9kB
    15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.1kB
    593 B
    10
    8
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301576_1P4YPBOHIENGSX86I&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    148.3kB
    4.4MB
    3177
    3173

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388075_1B72WX0XS183A8WRW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388074_1MIWA2TTYRN56F380&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301167_10EF6H5QJP57ZPZOD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301678_17ZTGMBOXP9GMFDLK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301269_1SV32GTE1U6J5ZYXG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301576_1P4YPBOHIENGSX86I&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
    90 B
    1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    pastebin.com
    dns
    Solara.exe
    58 B
    106 B
    1
    1

    DNS Request

    pastebin.com

    DNS Response

    104.20.4.235
    172.67.19.24
    104.20.3.235

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    81.144.22.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    81.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    clientsettings.roblox.com
    dns
    Solara.exe
    213 B
    165 B
    3
    1

    DNS Request

    clientsettings.roblox.com

    DNS Request

    clientsettings.roblox.com

    DNS Request

    clientsettings.roblox.com

    DNS Response

    128.116.119.4

  • 8.8.8.8:53
    235.4.20.104.in-addr.arpa
    dns
    71 B
    133 B
    1
    1

    DNS Request

    235.4.20.104.in-addr.arpa

  • 8.8.8.8:53
    74.32.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    74.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    203.197.79.204.in-addr.arpa
    dns
    73 B
    106 B
    1
    1

    DNS Request

    203.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    www.nodejs.org
    dns
    Bootstrapper.exe
    60 B
    92 B
    1
    1

    DNS Request

    www.nodejs.org

    DNS Response

    104.20.22.46
    104.20.23.46

  • 8.8.8.8:53
    nodejs.org
    dns
    Bootstrapper.exe
    56 B
    88 B
    1
    1

    DNS Request

    nodejs.org

    DNS Response

    104.20.22.46
    104.20.23.46

  • 8.8.8.8:53
    4.119.116.128.in-addr.arpa
    dns
    72 B
    126 B
    1
    1

    DNS Request

    4.119.116.128.in-addr.arpa

  • 8.8.8.8:53
    46.22.20.104.in-addr.arpa
    dns
    71 B
    133 B
    1
    1

    DNS Request

    46.22.20.104.in-addr.arpa

  • 8.8.8.8:53
    23.149.64.172.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    23.149.64.172.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
    159 B
    1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    183.142.211.20.in-addr.arpa
    dns
    73 B
    159 B
    1
    1

    DNS Request

    183.142.211.20.in-addr.arpa

  • 8.8.8.8:53
    aka.ms
    dns
    Bootstrapper.exe
    52 B
    68 B
    1
    1

    DNS Request

    aka.ms

    DNS Response

    2.18.238.120

  • 8.8.8.8:53
    download.visualstudio.microsoft.com
    dns
    Bootstrapper.exe
    81 B
    219 B
    1
    1

    DNS Request

    download.visualstudio.microsoft.com

    DNS Response

    68.232.34.200

  • 8.8.8.8:53
    120.238.18.2.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    120.238.18.2.in-addr.arpa

  • 8.8.8.8:53
    200.34.232.68.in-addr.arpa
    dns
    72 B
    143 B
    1
    1

    DNS Request

    200.34.232.68.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    18.134.221.88.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    18.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    github.com
    dns
    Bootstrapper.exe
    56 B
    72 B
    1
    1

    DNS Request

    github.com

    DNS Response

    20.26.156.215

  • 8.8.8.8:53
    raw.githubusercontent.com
    dns
    Bootstrapper.exe
    71 B
    135 B
    1
    1

    DNS Request

    raw.githubusercontent.com

    DNS Response

    185.199.111.133
    185.199.108.133
    185.199.110.133
    185.199.109.133

  • 8.8.8.8:53
    215.156.26.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    215.156.26.20.in-addr.arpa

  • 8.8.8.8:53
    133.111.199.185.in-addr.arpa
    dns
    74 B
    118 B
    1
    1

    DNS Request

    133.111.199.185.in-addr.arpa

  • 8.8.8.8:53
    c.pki.goog
    dns
    56 B
    107 B
    1
    1

    DNS Request

    c.pki.goog

    DNS Response

    172.217.169.3

  • 8.8.8.8:53
    3.169.217.172.in-addr.arpa
    dns
    72 B
    110 B
    1
    1

    DNS Request

    3.169.217.172.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    48.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    170 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\e57c825.rbs

    Filesize

    1.0MB

    MD5

    11a356edcdec1b6f67b4d86c195be674

    SHA1

    b2835bdb5175396e7fb921616f32bf8970b2db12

    SHA256

    662cbce46b5366182190fbef3a682b74c1a40844f56bea6d751b19d6aa25bf2a

    SHA512

    5647a9e487df808d80322bc33156996d8550586696c8b93dc2fb03b395f626f08e5d44ec1048024d8333beb5f212f027b9a81c9ca0cd7074de1adcdcd71e9715

  • C:\Program Files\nodejs\node_etw_provider.man

    Filesize

    10KB

    MD5

    1d51e18a7247f47245b0751f16119498

    SHA1

    78f5d95dd07c0fcee43c6d4feab12d802d194d95

    SHA256

    1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

    SHA512

    1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

  • C:\Program Files\nodejs\node_etw_provider.man

    Filesize

    8KB

    MD5

    d3bc164e23e694c644e0b1ce3e3f9910

    SHA1

    1849f8b1326111b5d4d93febc2bafb3856e601bb

    SHA256

    1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

    SHA512

    91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

  • C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

    Filesize

    818B

    MD5

    2916d8b51a5cc0a350d64389bc07aef6

    SHA1

    c9d5ac416c1dd7945651bee712dbed4d158d09e1

    SHA256

    733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

    SHA512

    508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

  • C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

    Filesize

    1KB

    MD5

    5ad87d95c13094fa67f25442ff521efd

    SHA1

    01f1438a98e1b796e05a74131e6bb9d66c9e8542

    SHA256

    67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

    SHA512

    7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

  • C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

    Filesize

    754B

    MD5

    d2cf52aa43e18fdc87562d4c1303f46a

    SHA1

    58fb4a65fffb438630351e7cafd322579817e5e1

    SHA256

    45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

    SHA512

    54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

  • C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

    Filesize

    771B

    MD5

    e9dc66f98e5f7ff720bf603fff36ebc5

    SHA1

    f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

    SHA256

    b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

    SHA512

    8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

  • C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

    Filesize

    730B

    MD5

    072ac9ab0c4667f8f876becedfe10ee0

    SHA1

    0227492dcdc7fb8de1d14f9d3421c333230cf8fe

    SHA256

    2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

    SHA512

    f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

  • C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

    Filesize

    1KB

    MD5

    d116a360376e31950428ed26eae9ffd4

    SHA1

    192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

    SHA256

    c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

    SHA512

    5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

  • C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

    Filesize

    802B

    MD5

    d7c8fab641cd22d2cd30d2999cc77040

    SHA1

    d293601583b1454ad5415260e4378217d569538e

    SHA256

    04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

    SHA512

    278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

  • C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

    Filesize

    16KB

    MD5

    bc0c0eeede037aa152345ab1f9774e92

    SHA1

    56e0f71900f0ef8294e46757ec14c0c11ed31d4e

    SHA256

    7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

    SHA512

    5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

  • C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

    Filesize

    780B

    MD5

    b020de8f88eacc104c21d6e6cacc636d

    SHA1

    20b35e641e3a5ea25f012e13d69fab37e3d68d6b

    SHA256

    3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

    SHA512

    4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

  • C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

    Filesize

    763B

    MD5

    7428aa9f83c500c4a434f8848ee23851

    SHA1

    166b3e1c1b7d7cb7b070108876492529f546219f

    SHA256

    1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

    SHA512

    c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

  • C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

    Filesize

    4KB

    MD5

    f0bd53316e08991d94586331f9c11d97

    SHA1

    f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

    SHA256

    dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

    SHA512

    fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

  • C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

    Filesize

    771B

    MD5

    1d7c74bcd1904d125f6aff37749dc069

    SHA1

    21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

    SHA256

    24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

    SHA512

    b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

    Filesize

    168B

    MD5

    db7dbbc86e432573e54dedbcc02cb4a1

    SHA1

    cff9cfb98cff2d86b35dc680b405e8036bbbda47

    SHA256

    7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

    SHA512

    8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

  • C:\ProgramData\Solara\Microsoft.Web.WebView2.Core.dll

    Filesize

    488KB

    MD5

    851fee9a41856b588847cf8272645f58

    SHA1

    ee185a1ff257c86eb19d30a191bf0695d5ac72a1

    SHA256

    5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

    SHA512

    cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

  • C:\ProgramData\Solara\Microsoft.Web.WebView2.Wpf.dll

    Filesize

    43KB

    MD5

    34ec990ed346ec6a4f14841b12280c20

    SHA1

    6587164274a1ae7f47bdb9d71d066b83241576f0

    SHA256

    1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

    SHA512

    b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

  • C:\ProgramData\Solara\Newtonsoft.Json.dll

    Filesize

    695KB

    MD5

    195ffb7167db3219b217c4fd439eedd6

    SHA1

    1e76e6099570ede620b76ed47cf8d03a936d49f8

    SHA256

    e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

    SHA512

    56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

  • C:\ProgramData\Solara\Solara.dll

    Filesize

    4.4MB

    MD5

    d2095e81b64ae68f6315e2a84bcf7e77

    SHA1

    c822a738341d9c7a551bb38f5dd9d288975ab45a

    SHA256

    9664bb7b9e94eec10aed5c7b8b198efee20056da51537066d1f4894fd72c7f38

    SHA512

    df43ea1eed8a18224591d34e7ca519c181f1d7999dad53a1b5cc9b2467c1a7e5466ef41f9df51ada51a94aa4cea196ce670c124e5112c2261056207fc7545e15

  • C:\ProgramData\Solara\Solara.exe

    Filesize

    92KB

    MD5

    a03d8871ac626b0e49e2879ae7190d85

    SHA1

    f377ac96377711a66e6518020a71106c036cb8cf

    SHA256

    901d866f9c3bd5bbb6e3482a9488bcc60e7748727515569d4305bea87ab8940a

    SHA512

    04f060fbffc2d097706033e2915f5097aa77b58eaad23d0b3df547f6a78d2ca8717651caed29e2cc2d2e2bd52a09ea43905b7f405d1d4c723ef44e88c3e21ce8

  • C:\ProgramData\Solara\WebView2Loader.dll

    Filesize

    133KB

    MD5

    a0bd0d1a66e7c7f1d97aedecdafb933f

    SHA1

    dd109ac34beb8289030e4ec0a026297b793f64a3

    SHA256

    79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

    SHA512

    2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

  • C:\ProgramData\Solara\Wpf.Ui.dll

    Filesize

    5.2MB

    MD5

    aead90ab96e2853f59be27c4ec1e4853

    SHA1

    43cdedde26488d3209e17efff9a51e1f944eb35f

    SHA256

    46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

    SHA512

    f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

  • C:\ProgramData\Solara\bin\path.txt

    Filesize

    34B

    MD5

    0e2184f1c7464b6617329fb18f107b4f

    SHA1

    6f22f98471e33c9db10d6f6f1728e98852e25b8f

    SHA256

    dbf5f44e1b84a298dbbcad3c31a617d2f6cfa08eb5d16e05a5c28726c574d4eb

    SHA512

    8e745c0215d52e15702551f29efb882a5eba97b5f279ccc29293b1a9b1b8661bf71b548569f9a99fa35c35a15d1b6b288d3c381c1292418c36dc89e2fa0b3a37

  • C:\ProgramData\Solara\libcurl.dll

    Filesize

    522KB

    MD5

    e31f5136d91bad0fcbce053aac798a30

    SHA1

    ee785d2546aec4803bcae08cdebfd5d168c42337

    SHA256

    ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

    SHA512

    a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

  • C:\ProgramData\Solara\vcruntime140.dll

    Filesize

    99KB

    MD5

    7a2b8cfcd543f6e4ebca43162b67d610

    SHA1

    c1c45a326249bf0ccd2be2fbd412f1a62fb67024

    SHA256

    7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

    SHA512

    e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

  • C:\ProgramData\Solara\zlib1.dll

    Filesize

    113KB

    MD5

    75365924730b0b2c1a6ee9028ef07685

    SHA1

    a10687c37deb2ce5422140b541a64ac15534250f

    SHA256

    945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

    SHA512

    c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

  • C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

    Filesize

    30.1MB

    MD5

    0e4e9aa41d24221b29b19ba96c1a64d0

    SHA1

    231ade3d5a586c0eb4441c8dbfe9007dc26b2872

    SHA256

    5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

    SHA512

    e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

  • C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe

    Filesize

    24.1MB

    MD5

    e091e9e5ede4161b45b880ccd6e140b0

    SHA1

    1a18b960482c2a242df0e891de9e3a125e439122

    SHA256

    cee28f29f904524b7f645bcec3dfdfe38f8269b001144cd909f5d9232890d33b

    SHA512

    fa8627055bbeb641f634b56059e7b5173e7c64faaa663e050c20d01d708a64877e71cd0b974282c70cb448e877313b1cf0519cf6128c733129b045f2b961a09b

  • C:\Windows\Installer\MSICCB6.tmp

    Filesize

    122KB

    MD5

    9fe9b0ecaea0324ad99036a91db03ebb

    SHA1

    144068c64ec06fc08eadfcca0a014a44b95bb908

    SHA256

    e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

    SHA512

    906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

  • C:\Windows\Installer\MSICD54.tmp

    Filesize

    211KB

    MD5

    a3ae5d86ecf38db9427359ea37a5f646

    SHA1

    eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

    SHA256

    c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

    SHA512

    96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

  • C:\Windows\Installer\MSID352.tmp

    Filesize

    297KB

    MD5

    7a86ce1a899262dd3c1df656bff3fb2c

    SHA1

    33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

    SHA256

    b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

    SHA512

    421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

  • C:\Windows\Temp\{132BB304-4C3B-4A43-BCD9-855CE4CA8A14}\.ba\logo.png

    Filesize

    1KB

    MD5

    d6bd210f227442b3362493d046cea233

    SHA1

    ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

    SHA256

    335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

    SHA512

    464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

  • C:\Windows\Temp\{132BB304-4C3B-4A43-BCD9-855CE4CA8A14}\.ba\wixstdba.dll

    Filesize

    191KB

    MD5

    eab9caf4277829abdf6223ec1efa0edd

    SHA1

    74862ecf349a9bedd32699f2a7a4e00b4727543d

    SHA256

    a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

    SHA512

    45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

  • C:\Windows\Temp\{D44D031C-09E1-402B-958B-105855CFE2CA}\.cr\vc_redist.x64.exe

    Filesize

    634KB

    MD5

    cb264f7d256b42a54b2129b7a02c1ce3

    SHA1

    d71459e24185f70b0c8647758663b1116a898412

    SHA256

    d6aaee30c9b7edeac6939f78f4a55683c6358d9cc03dac487880d01f18700e83

    SHA512

    4f623f5d21bc216f3dd040e6d0c663a8ea37efe5d0ce5f4aeb1ef5c1f7c873e19d1abc979d3e40d4dc70e2e4f0fc9a1b114b17d9eb852ea9a41d0f84356cd7cb

  • memory/3804-2892-0x00000000748A0000-0x0000000075050000-memory.dmp

    Filesize

    7.7MB

  • memory/3804-2-0x0000000005990000-0x0000000005F34000-memory.dmp

    Filesize

    5.6MB

  • memory/3804-1971-0x00000000748AE000-0x00000000748AF000-memory.dmp

    Filesize

    4KB

  • memory/3804-2476-0x0000000006AD0000-0x0000000006ADA000-memory.dmp

    Filesize

    40KB

  • memory/3804-2478-0x0000000006B00000-0x0000000006B12000-memory.dmp

    Filesize

    72KB

  • memory/3804-5-0x0000000006460000-0x00000000067B4000-memory.dmp

    Filesize

    3.3MB

  • memory/3804-2370-0x00000000748A0000-0x0000000075050000-memory.dmp

    Filesize

    7.7MB

  • memory/3804-0-0x00000000748AE000-0x00000000748AF000-memory.dmp

    Filesize

    4KB

  • memory/3804-1-0x00000000009E0000-0x0000000000AAE000-memory.dmp

    Filesize

    824KB

  • memory/3804-4-0x0000000006430000-0x0000000006452000-memory.dmp

    Filesize

    136KB

  • memory/3804-3-0x00000000748A0000-0x0000000075050000-memory.dmp

    Filesize

    7.7MB

  • memory/4904-2897-0x0000018755B60000-0x0000018755C12000-memory.dmp

    Filesize

    712KB

  • memory/4904-2902-0x00000187566E0000-0x000001875675E000-memory.dmp

    Filesize

    504KB

  • memory/4904-2900-0x0000018755A60000-0x0000018755A6E000-memory.dmp

    Filesize

    56KB

  • memory/4904-2898-0x0000018755A70000-0x0000018755A92000-memory.dmp

    Filesize

    136KB

  • memory/4904-2891-0x000001873B370000-0x000001873B38C000-memory.dmp

    Filesize

    112KB

  • memory/4904-2895-0x0000018755AA0000-0x0000018755B5A000-memory.dmp

    Filesize

    744KB

  • memory/4904-2913-0x0000000180000000-0x0000000180B5F000-memory.dmp

    Filesize

    11.4MB

  • memory/4904-2894-0x0000018755E20000-0x000001875635C000-memory.dmp

    Filesize

    5.2MB

  • memory/4904-2916-0x00000187566B0000-0x00000187566B8000-memory.dmp

    Filesize

    32KB

  • memory/4904-2918-0x00000187566D0000-0x00000187566DE000-memory.dmp

    Filesize

    56KB

  • memory/4904-2917-0x000001875AC40000-0x000001875AC78000-memory.dmp

    Filesize

    224KB

  • memory/4904-2920-0x0000000180000000-0x0000000180B5F000-memory.dmp

    Filesize

    11.4MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.