Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/file/lwg6n17e2ihznl3/Xapse.zip/file was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateUserProcessOtherParentProcess
Discord RAT
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Themida packer
Checks BIOS information in registry
Loads dropped DLL
Indicator Removal: Clear Windows Event Logs
Executes dropped EXE
Checks whether UAC is enabled
Enumerates connected drives
Blocklisted process makes network request
Legitimate hosting services abused for malware hosting/C2
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Scheduled Task/Job: Scheduled Task
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
cURL User-Agent
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-12 20:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-12 20:13
Reported
2024-09-12 20:15
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Discord RAT
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 5704 created 612 | N/A | C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe | C:\Windows\system32\winlogon.exe |
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\ProgramData\Solara\Solara.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\ProgramData\Solara\Solara.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\ProgramData\Solara\Solara.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\ProgramData\Solara\Solara.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\ProgramData\Solara\Solara.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\ProgramData\Solara\Solara.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\nodejs\node.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\Program Files\nodejs\node.exe | N/A |
| N/A | N/A | C:\Program Files\nodejs\node.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\Program Files\nodejs\node.exe | N/A |
| N/A | N/A | C:\Program Files\nodejs\node.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\Program Files\nodejs\node.exe | N/A |
| N/A | N/A | C:\Program Files\nodejs\node.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\Program Files\nodejs\node.exe | N/A |
| N/A | N/A | C:\Program Files\nodejs\node.exe | N/A |
| N/A | N/A | C:\Program Files\nodejs\node.exe | N/A |
| N/A | N/A | C:\Program Files\nodejs\node.exe | N/A |
| N/A | N/A | C:\Program Files\nodejs\node.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\Program Files\nodejs\node.exe | N/A |
Indicator Removal: Clear Windows Event Logs
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\Winevt\Logs\Microsoft-Windows-Security-Mitigations%4KernelMode.evtx | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\System32\Winevt\Logs\Microsoft-Windows-Security-Mitigations%4UserMode.evtx | C:\Windows\System32\svchost.exe | N/A |
Loads dropped DLL
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\ProgramData\Solara\Solara.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5704 set thread context of 5156 | N/A | C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe | C:\Windows\System32\dllhost.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\just-diff-apply\index.mjs | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\unpack.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\lib\entry-index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\identity\oauth.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\selectors\root.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\glob\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\tlog\verify\set.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\normalize-package-data\lib\fixer.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\diff\json.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\store\public-good-instance-root.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\npm-profile\LICENSE.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\normalize-windows-path.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@isaacs\string-locale-compare\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\google\protobuf\descriptor.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\lib\utils\tar.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\man\man5\npm-shrinkwrap-json.5 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@tootallnate\once\dist\index.js.map | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\npm-registry-fetch\lib\errors.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\merkle\digest.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\corepack\dist\yarn.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\safe-buffer\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@isaacs\string-locale-compare\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\ms\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\sigstore-utils.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\lib\commands\access.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmexec\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmdiff\lib\format-diff.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\sortAscending.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\fs-minipass\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-fund.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\lib\get.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\minipass-fetch\lib\headers.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-adduser.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\update.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\pretty_gyp.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\supports-color\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\make-fetch-happen\lib\options.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\ca\verify\chain.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\tuf\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\npm-audit-report\lib\reporters\quiet.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\npm-install-checks\lib\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\tlog\types\__generated__\hashedrekord.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\sigstore_verification.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\lib\commands\query.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\promise-spawn\lib\escape.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\README.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\util\tar-create-options.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\internal\streams\lazy_transform.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\rcompare.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-flush\node_modules\minipass\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\dbcs-data.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\text-table\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\which\README.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\npm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\bin.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\README.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\write-file-atomic\lib\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\pnpx.cmd | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-explore.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\sigstore_bundle.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\lib\commands\whoami.js | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI7050.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI93BB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e586220.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6667.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6677.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6B1D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7030.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8BF7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8E0C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e586224.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI65D9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6B3D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8C85.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e586220.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI69B5.tmp | C:\Windows\system32\msiexec.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\wevtutil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\SCHTASKS.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\wevtutil.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
cURL User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
Processes
C:\Windows\system32\winlogon.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
C:\Windows\system32\taskhostw.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\Windows\sysmon.exe
C:\Windows\sysmon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\system32\SppExtComObj.exe
C:\Windows\system32\SppExtComObj.exe -Embedding
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/lwg6n17e2ihznl3/Xapse.zip/file
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83a3746f8,0x7ff83a374708,0x7ff83a374718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe
"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3C97.tmp\3C98.tmp\3C99.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe
bootstraper.exe
C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe
botstrapper.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 8F864B2FBCFCD143BEDFDDBEC254AAF4
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding AA5F007F8E79041E2D6D065ED828E129
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding DB1D595D9B45CB8210F4ACA1F31BFAF9 E Global\MSI0000
C:\Windows\SysWOW64\wevtutil.exe
"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
C:\Windows\System32\wevtutil.exe
"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe
"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\F48C.tmp\F48D.tmp\F48E.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe
bootstraper.exe
C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe
botstrapper.exe
C:\Program Files\nodejs\node.exe
"node" -v
C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
C:\Program Files\nodejs\node.exe
"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" dc854d076d2a4d27
C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe
"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\35EB.tmp\35EC.tmp\35ED.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe
bootstraper.exe
C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe
botstrapper.exe
C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe
"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\424F.tmp\4250.tmp\4251.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe
bootstraper.exe
C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe
botstrapper.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x380 0x424
C:\Program Files\nodejs\node.exe
"node" -v
C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe
"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe
"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4C61.tmp\4C62.tmp\4C63.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4C62.tmp\4C62.tmp\4C63.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe
bootstraper.exe
C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe
bootstraper.exe
C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe
botstrapper.exe
C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe
botstrapper.exe
C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe
"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4D1C.tmp\4D1D.tmp\4D1E.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe
"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe
bootstraper.exe
C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe
botstrapper.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4DB9.tmp\4DBA.tmp\4DBB.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe
"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4EA3.tmp\4EA4.tmp\4EA5.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"
C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe
bootstraper.exe
C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe
botstrapper.exe
C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe
bootstraper.exe
C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe
botstrapper.exe
C:\Program Files\nodejs\node.exe
"node" -v
C:\Program Files\nodejs\node.exe
"node" -v
C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
C:\Program Files\nodejs\node.exe
"node" -v
C:\Program Files\nodejs\node.exe
"node" -v
C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
C:\Program Files\nodejs\node.exe
"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 245b7bcaf2514ad1
C:\Program Files\nodejs\node.exe
"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 27b2a73b76854098
C:\Program Files\nodejs\node.exe
"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" ee2ef6c299d044f7
C:\Program Files\nodejs\node.exe
"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 30b31766735e44b1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4756 /prefetch:2
C:\Program Files\nodejs\node.exe
"node" -v
C:\Windows\SYSTEM32\SCHTASKS.exe
"SCHTASKS.exe" /create /tn "$77botstrapper.exe" /tr "'C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe'" /sc onlogon /rl HIGHEST
C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
C:\Program Files\nodejs\node.exe
"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 84b98eaed9a84831
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\dllhost.exe
C:\Windows\System32\dllhost.exe /Processid:{e7a98292-4214-4735-8d1f-6c3abca6a139}
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.17.151.117:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.151.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| GB | 142.250.187.238:443 | translate.google.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| GB | 18.154.84.60:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | 232.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.41.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.170.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.84.154.18.in-addr.arpa | udp |
| US | 104.16.53.110:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| GB | 142.250.187.202:443 | translate.googleapis.com | tcp |
| US | 172.67.73.78:443 | www.mediafiredls.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 35.165.143.96:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 8.8.8.8:53 | 6.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.187.37.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 78.73.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.143.165.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 216.58.201.99:443 | www.google.co.uk | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| IE | 52.30.93.119:443 | ad.crwdcntrl.net | tcp |
| GB | 18.245.143.58:443 | tags.crwdcntrl.net | tcp |
| IE | 54.76.106.86:443 | ad.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| GB | 143.204.68.124:80 | crt.rootg2.amazontrust.com | tcp |
| GB | 143.204.68.124:80 | crt.rootg2.amazontrust.com | tcp |
| GB | 143.204.68.124:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.93.30.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.106.76.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.68.204.143.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.202:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| GB | 18.245.252.28:443 | cdn.prod.uidapi.com | tcp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| NL | 79.127.227.46:443 | c3.a-mo.net | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| IE | 52.51.179.14:443 | ap.lijit.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| GB | 108.138.217.48:443 | hb.yellowblue.io | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| FR | 163.5.194.37:443 | prebid.a-mo.net | tcp |
| IE | 54.217.114.196:443 | ads.yieldmo.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.252.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | e0ea2bb96a80c1bf73bd7a695d0fc95a.safeframe.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | e0ea2bb96a80c1bf73bd7a695d0fc95a.safeframe.googlesyndication.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | download1590.mediafire.com | udp |
| US | 8.8.8.8:53 | 48.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.179.51.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.114.217.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 199.91.152.90:443 | download1590.mediafire.com | tcp |
| US | 199.91.152.90:443 | download1590.mediafire.com | tcp |
| US | 199.91.152.90:443 | download1590.mediafire.com | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 172.217.169.65:443 | cdn.ampproject.org | tcp |
| GB | 172.217.169.65:443 | cdn.ampproject.org | tcp |
| GB | 172.217.169.65:443 | cdn.ampproject.org | tcp |
| GB | 172.217.169.65:443 | cdn.ampproject.org | tcp |
| GB | 172.217.169.65:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | udp |
| US | 104.16.53.110:80 | otnolatrnup.com | tcp |
| US | 104.16.53.110:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | 90.152.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| FR | 185.235.86.228:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.158:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| GB | 18.165.227.8:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 172.67.141.135:443 | www.chancial.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 3.123.255.2:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | check.analytics.rlcdn.com | udp |
| US | 8.8.8.8:53 | 158.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.227.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.141.67.172.in-addr.arpa | udp |
| GB | 18.164.68.67:443 | check.analytics.rlcdn.com | tcp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 23.214.143.61:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 142.250.187.238:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | 2.255.123.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.68.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.143.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| PL | 57.144.110.128:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 128.110.144.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| PL | 57.144.110.1:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 1.110.144.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 8.8.8.8:53 | getsolara.dev | udp |
| US | 162.159.136.234:443 | gateway.discord.gg | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| N/A | 127.0.0.1:6463 | tcp | |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 234.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.203.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geolocation-db.com | udp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | clientsettings.roblox.com | udp |
| NL | 128.116.21.4:443 | clientsettings.roblox.com | tcp |
| US | 8.8.8.8:53 | 253.102.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.4.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.nodejs.org | udp |
| US | 104.20.22.46:443 | www.nodejs.org | tcp |
| US | 8.8.8.8:53 | 46.22.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nodejs.org | udp |
| US | 104.20.23.46:443 | nodejs.org | tcp |
| US | 8.8.8.8:53 | 46.23.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.136.234:443 | gateway.discord.gg | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| NL | 128.116.21.4:443 | clientsettings.roblox.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| NL | 128.116.21.4:443 | clientsettings.roblox.com | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| N/A | 127.0.0.1:57263 | tcp | |
| N/A | 127.0.0.1:57269 | tcp | |
| N/A | 127.0.0.1:57272 | tcp | |
| N/A | 127.0.0.1:57275 | tcp | |
| N/A | 127.0.0.1:57278 | tcp | |
| N/A | 127.0.0.1:57280 | tcp | |
| N/A | 127.0.0.1:57284 | tcp | |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 216.58.201.99:443 | www.google.co.uk | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.234:443 | gateway.discord.gg | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| NL | 128.116.21.4:443 | clientsettings.roblox.com | tcp |
| US | 162.159.136.234:443 | gateway.discord.gg | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.234:443 | gateway.discord.gg | tcp |
| US | 162.159.136.234:443 | gateway.discord.gg | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 162.159.136.234:443 | gateway.discord.gg | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 162.159.136.234:443 | gateway.discord.gg | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| NL | 128.116.21.4:443 | clientsettings.roblox.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 162.159.136.234:443 | gateway.discord.gg | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| NL | 128.116.21.4:443 | clientsettings.roblox.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| NL | 128.116.21.4:443 | clientsettings.roblox.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| NL | 128.116.21.4:443 | clientsettings.roblox.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| NL | 128.116.21.4:443 | clientsettings.roblox.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| NL | 128.116.21.4:443 | clientsettings.roblox.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| NL | 128.116.21.4:443 | clientsettings.roblox.com | tcp |
| NL | 128.116.21.4:443 | clientsettings.roblox.com | tcp |
| NL | 128.116.21.4:443 | clientsettings.roblox.com | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| NL | 128.116.21.4:443 | clientsettings.roblox.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| NL | 128.116.21.4:443 | clientsettings.roblox.com | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| N/A | 127.0.0.1:57375 | tcp | |
| N/A | 127.0.0.1:57379 | tcp | |
| N/A | 127.0.0.1:57383 | tcp | |
| N/A | 127.0.0.1:57390 | tcp | |
| N/A | 127.0.0.1:57399 | tcp | |
| N/A | 127.0.0.1:57401 | tcp | |
| N/A | 127.0.0.1:57409 | tcp | |
| N/A | 127.0.0.1:57412 | tcp | |
| N/A | 127.0.0.1:57415 | tcp | |
| N/A | 127.0.0.1:57419 | tcp | |
| N/A | 127.0.0.1:57422 | tcp | |
| N/A | 127.0.0.1:57425 | tcp | |
| N/A | 127.0.0.1:57428 | tcp | |
| N/A | 127.0.0.1:57431 | tcp | |
| N/A | 127.0.0.1:57433 | tcp | |
| N/A | 127.0.0.1:57435 | tcp | |
| N/A | 127.0.0.1:57440 | tcp | |
| N/A | 127.0.0.1:57446 | tcp | |
| N/A | 127.0.0.1:57449 | tcp | |
| N/A | 127.0.0.1:57453 | tcp | |
| N/A | 127.0.0.1:57455 | tcp | |
| N/A | 127.0.0.1:57459 | tcp | |
| N/A | 127.0.0.1:57461 | tcp | |
| N/A | 127.0.0.1:57465 | tcp | |
| N/A | 127.0.0.1:57468 | tcp | |
| N/A | 127.0.0.1:57472 | tcp | |
| N/A | 127.0.0.1:57475 | tcp | |
| N/A | 127.0.0.1:57478 | tcp | |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| N/A | 127.0.0.1:57515 | tcp | |
| N/A | 127.0.0.1:57519 | tcp | |
| N/A | 127.0.0.1:57522 | tcp | |
| N/A | 127.0.0.1:57525 | tcp | |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| N/A | 127.0.0.1:57528 | tcp | |
| N/A | 127.0.0.1:57530 | tcp | |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| N/A | 127.0.0.1:57534 | tcp | |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2783c40400a8912a79cfd383da731086 |
| SHA1 | 001a131fe399c30973089e18358818090ca81789 |
| SHA256 | 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5 |
| SHA512 | b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685 |
\??\pipe\LOCAL\crashpad_3432_IEHEXARDWJSLFCYE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ff63763eedb406987ced076e36ec9acf |
| SHA1 | 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d |
| SHA256 | 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c |
| SHA512 | ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f185de7056a808e5d7f58388f4c17db0 |
| SHA1 | 3f63704917b51500076d1691efec71972e3e1268 |
| SHA256 | 51d241fb81562f3be744e0d5c2a5e42ea874872e98bcb6cb38599de09f3f8331 |
| SHA512 | e0f6bd17fc6494754f615f27139406676ca1f6796c2ae292e94e5a80d489af56843652ae6977196dd84e261ba5b58fc49e230edcc4e7e438562d8e9d5f82f6ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 72b1ca93e516e39a090d675caf5dbb22 |
| SHA1 | a8e9e129ac3c46a678dfd28d2311146311a9ba2f |
| SHA256 | 5d25ceeff9502a0838e3a230c63036db18e53a078470c3c1bd756c822655abe2 |
| SHA512 | 0c098ad7f4dd16c296aa65f08afd03d7ec04d3536d3cd8d6c3394774a63d7a2c8737a78c8ad48333191d4e9a076cbcfb08e1de25064e3cd52bec2d0e46e62651 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 70a19a20c34f813a420981a53d8b962f |
| SHA1 | 5585712ea80ed3180c36ed3e2150d4f1431e535c |
| SHA256 | 88b2e5983f33670713454d998d3fded5ce76cdc9005d4970c1b986d490f62aa3 |
| SHA512 | 2dc328aa699e612bfd6e2149971aea8b04ab21536573f860024f485fe7774e6ef37517a7266f91317a4c91da3878059844d2eb7880185a2a2399a77540da7e20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\Xapse.zip
| MD5 | 6189db7c9380f6c1dbdccbc03ac3100b |
| SHA1 | e426ee6c9df0168cddccf0bc13cb8b582b766e5c |
| SHA256 | 902ed95364247dbe1dfa2fc9489a02d22331d1833a430f957cdf22339db11ff0 |
| SHA512 | 9c2c18fab15907165053e3008a3c495c640b35a60d14b77d438b765ecc20a540fd16cdde54920de7c181a1da6a277efdb759b237616870177c0be6444a08168c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 00939eb58f5a35990c7e73352926be5b |
| SHA1 | 58d11b6066c9c18903a56fe5466dca11ee682689 |
| SHA256 | d4610c491cf20a6ab5eb3fc3300292231c07e09fb3660aec503a8c56a8e31b9e |
| SHA512 | 1f7a347ac345d718cfad3031532042c6feb3d17f212550adbaa894666dfba134392ac1240c7b19dd6c99832fef4050c85fa194c8d7ecfff062fa85472beb0393 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581fb8.TMP
| MD5 | 6472337d70064f093f16346533792247 |
| SHA1 | 9f0839f190853dbab3877d24c0fd89a96039f5d9 |
| SHA256 | 620f3bc519b2c3052ca0b83906591261f241a1c947d3b74132357880efdcc262 |
| SHA512 | bea295083ce8e7348a96d3b438c01b3cb3753c8cd313f7c16769a5ba022d5846d48bed2716ddb8679fc1aab21ac068c08e4875512c414c7d5789641bb8fdbc9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aa6a1290923088f8fd8f9ea347f71b42 |
| SHA1 | c5f830986c44d0267099624a82a9b299bb392c6e |
| SHA256 | faa0cac74acd8f409873da9c4fd2cb2a525d1ce5bef51f0d32f92b3fc872f840 |
| SHA512 | 2de5dc8bd17a2a510c2837065495aee25fb4e4da59352d9268e0029923b2ce8050d85a9d1d80e61fbc0e68ac10b06d94c9104b89b3ed54e3d6deca0257f10e95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 536a050060e6b0f779978aeda0c4c8cc |
| SHA1 | d0d6609ca062af8b9c795431913bdc394a6376e5 |
| SHA256 | 42ba513cc0269e13fa185b6db7a50c5c87f99590247d1575984b6c74b86f2014 |
| SHA512 | 6c273e2cad62e5d2f2c7497d907a06309340a45ad8b21e3812d8a5c28b15eb86132f804ad47cd9bb0932931d35760e643330c53e754f6b8515e98ca44da7b5f9 |
C:\Users\Admin\AppData\Local\Temp\3C97.tmp\3C98.tmp\3C99.bat
| MD5 | 646c713009ef5caf7d3a3db983482149 |
| SHA1 | 6362880bd6f2faf6a2d4c85155a44a07c015f587 |
| SHA256 | 3037135e8fb4a77fd06f19150c38d785de741558376a0afba95a350eeb64a0ae |
| SHA512 | 2df2f3640e79818cb9ee0d31ff0cfedf1bb2ee9f92a2ad97f7c41256df4110b233751a82e28b77068f3859075fd7ce371c3dd5b2692106c2d7a21caa2fbd806c |
memory/5380-265-0x00000128A5D70000-0x00000128A5D88000-memory.dmp
memory/5380-266-0x00000128C0410000-0x00000128C05D2000-memory.dmp
memory/5376-267-0x000002C3B9FE0000-0x000002C3BA0DA000-memory.dmp
memory/5380-268-0x00000128C0C10000-0x00000128C1138000-memory.dmp
memory/5376-279-0x000002C3BBE10000-0x000002C3BBE32000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0021abd6a07cb8afe8d851fcf76a26e9 |
| SHA1 | 915e36b9f74b4c2ebe47254a92d5840988f1326e |
| SHA256 | b51d3b06995a0548c0acb95f354446684cf074c5d257329d23121ade0ae40b1b |
| SHA512 | fcf01e3776ba59d4ffdbf7cc2fa37a3c0031db3491f92fa6992ecac61dbfcc1b9832060a5182ba75d4895f35e3623eb710eecd440832507bb6592ffeac3106d8 |
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi
| MD5 | 0e4e9aa41d24221b29b19ba96c1a64d0 |
| SHA1 | 231ade3d5a586c0eb4441c8dbfe9007dc26b2872 |
| SHA256 | 5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d |
| SHA512 | e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913 |
C:\Windows\Installer\MSI65D9.tmp
| MD5 | 9fe9b0ecaea0324ad99036a91db03ebb |
| SHA1 | 144068c64ec06fc08eadfcca0a014a44b95bb908 |
| SHA256 | e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9 |
| SHA512 | 906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176 |
C:\Windows\Installer\MSI6677.tmp
| MD5 | a3ae5d86ecf38db9427359ea37a5f646 |
| SHA1 | eb4cb5ff520717038adadcc5e1ef8f7c24b27a90 |
| SHA256 | c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74 |
| SHA512 | 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0 |
C:\Windows\Installer\MSI6B1D.tmp
| MD5 | 7a86ce1a899262dd3c1df656bff3fb2c |
| SHA1 | 33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541 |
| SHA256 | b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c |
| SHA512 | 421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3babc985718ca0ef88abcf43e5599d7a |
| SHA1 | 3c34c8db12c110159b1c7ee94d10028489c1b5d6 |
| SHA256 | 18b94b06e4b0d09d1b3838ed1092e1673f68b2366e1452580673f4a045844f0f |
| SHA512 | edc438bc6ae9b35fda00367c234417e7b07dff9dd26991141fa5db50e60895596058d787ed879f6c6125821a048aad912d47dcd25b60b8f93cab4c254a08f117 |
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE
| MD5 | b020de8f88eacc104c21d6e6cacc636d |
| SHA1 | 20b35e641e3a5ea25f012e13d69fab37e3d68d6b |
| SHA256 | 3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706 |
| SHA512 | 4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38 |
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE
| MD5 | d2cf52aa43e18fdc87562d4c1303f46a |
| SHA1 | 58fb4a65fffb438630351e7cafd322579817e5e1 |
| SHA256 | 45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0 |
| SHA512 | 54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16 |
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE
| MD5 | 7428aa9f83c500c4a434f8848ee23851 |
| SHA1 | 166b3e1c1b7d7cb7b070108876492529f546219f |
| SHA256 | 1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7 |
| SHA512 | c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce |
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license
| MD5 | 5ad87d95c13094fa67f25442ff521efd |
| SHA1 | 01f1438a98e1b796e05a74131e6bb9d66c9e8542 |
| SHA256 | 67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec |
| SHA512 | 7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE
| MD5 | d7c8fab641cd22d2cd30d2999cc77040 |
| SHA1 | d293601583b1454ad5415260e4378217d569538e |
| SHA256 | 04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be |
| SHA512 | 278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js
| MD5 | bc0c0eeede037aa152345ab1f9774e92 |
| SHA1 | 56e0f71900f0ef8294e46757ec14c0c11ed31d4e |
| SHA256 | 7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5 |
| SHA512 | 5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3 |
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts
| MD5 | f0bd53316e08991d94586331f9c11d97 |
| SHA1 | f5a7a6dc0da46c3e077764cfb3e928c4a75d383e |
| SHA256 | dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef |
| SHA512 | fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839 |
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE
| MD5 | 072ac9ab0c4667f8f876becedfe10ee0 |
| SHA1 | 0227492dcdc7fb8de1d14f9d3421c333230cf8fe |
| SHA256 | 2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013 |
| SHA512 | f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013 |
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md
| MD5 | 2916d8b51a5cc0a350d64389bc07aef6 |
| SHA1 | c9d5ac416c1dd7945651bee712dbed4d158d09e1 |
| SHA256 | 733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04 |
| SHA512 | 508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json
| MD5 | d116a360376e31950428ed26eae9ffd4 |
| SHA1 | 192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b |
| SHA256 | c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5 |
| SHA512 | 5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a |
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE
| MD5 | 1d7c74bcd1904d125f6aff37749dc069 |
| SHA1 | 21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab |
| SHA256 | 24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9 |
| SHA512 | b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778 |
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md
| MD5 | e9dc66f98e5f7ff720bf603fff36ebc5 |
| SHA1 | f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b |
| SHA256 | b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79 |
| SHA512 | 8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b |
C:\Program Files\nodejs\node_etw_provider.man
| MD5 | 1d51e18a7247f47245b0751f16119498 |
| SHA1 | 78f5d95dd07c0fcee43c6d4feab12d802d194d95 |
| SHA256 | 1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f |
| SHA512 | 1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76 |
C:\Program Files\nodejs\node_etw_provider.man
| MD5 | d3bc164e23e694c644e0b1ce3e3f9910 |
| SHA1 | 1849f8b1326111b5d4d93febc2bafb3856e601bb |
| SHA256 | 1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4 |
| SHA512 | 91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 6b04ab52540bdc8a646d6e42255a6c4b |
| SHA1 | 4cdfc59b5b62dafa3b20d23a165716b5218aa646 |
| SHA256 | 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d |
| SHA512 | 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | c03ff64e7985603de96e7f84ec7dd438 |
| SHA1 | dfc067c6cb07b81281561fdfe995aca09c18d0e9 |
| SHA256 | 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526 |
| SHA512 | bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url
| MD5 | 35b86e177ab52108bd9fed7425a9e34a |
| SHA1 | 76a1f47a10e3ab829f676838147875d75022c70c |
| SHA256 | afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319 |
| SHA512 | 3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url
| MD5 | db7dbbc86e432573e54dedbcc02cb4a1 |
| SHA1 | cff9cfb98cff2d86b35dc680b405e8036bbbda47 |
| SHA256 | 7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9 |
| SHA512 | 8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec |
C:\Config.Msi\e586223.rbs
| MD5 | 1da9254a481378f5ed400d60e3760a8a |
| SHA1 | ca5c718c059d0de2ffe1a730d542e56a158b2a00 |
| SHA256 | c12f8ed2ce8a66be06ed4afac1cb639bf1872d5835732948db01786239676c29 |
| SHA512 | 334a973c08926be66697d082fa22316d679c7843929f81113541d2ae6fa4e941112551f4e70f22bfd9d269b48e8b64cf42e840eb052d1ef61f0077840cf6a9ca |
memory/5376-2713-0x000002C3D48B0000-0x000002C3D48BA000-memory.dmp
memory/5376-2715-0x000002C3D48E0000-0x000002C3D48F2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | dbb9cfe6bde9a493cd94efcfaee99028 |
| SHA1 | 8f49177cf57b4c94d121eb5ef28662deefd19ad4 |
| SHA256 | 2ff75a822b3caf4aac4ab5841dba0bc79eb4754785964aedeb709e332fd08c88 |
| SHA512 | db944b27491516189eecbf56e60b7f8c7dd612b3fe4b9ed85971b16901c6f7426cc3f1a53a205d77343405cd59bd543a7f054e95d8eace6f668d340750c772c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1dcc9b7b-f97f-4ad9-a51e-66aad1c776a5.tmp
| MD5 | 88013d47134873285061cfaba82be147 |
| SHA1 | 2ca1e7fb3b07fb9ad3d33a57c28769f9e5e4b633 |
| SHA256 | 96560ea9138c7c07898f30fdab2b85a75491ed95247474d7a20c77ed7894564c |
| SHA512 | dfdba6623f12f7a4f6f7925a8f55f33cdd1060a6c889199ad92a84fc289741531d5ce2a631685ca2d03fcb1209527aad923cecc9048dab85dc64c30577272464 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d6eb8dfaf83d53398583fe7980082697 |
| SHA1 | 2460dccd3a69d45ddc481168fa91d3d499bac1e1 |
| SHA256 | 77361225846f5402eba571913fb5649e62ecea19ff081d5158f6c16af3ed8e5c |
| SHA512 | aa13ce8264d7c3bb9b04bc3300f0c046d2f09fba6224d902a763f90eeb6ec0706c6bbe79eda3de59f8815a3889dac434cdff593f2c4f87873f07d07ac4236883 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\bootstraper.exe.log
| MD5 | 596a9de3c4f94d66dbea5763a4911ed4 |
| SHA1 | 47811a7de2387348a03c9254e1e298e7bba31348 |
| SHA256 | 08d5d90a9db62f97f5a4928633b905fee3949601ed6393686afd731842791df7 |
| SHA512 | b082101578da90c8b820d354b20cd5f240bd31282b0dfa607f57698202823da6c6c0d77dbae472773d89275bf7fe738a360bd5a5c88d642b632f38bb7147eeef |
C:\Users\Admin\Downloads\Xapse\Solara\DISCORD
| MD5 | 487ab53955a5ea101720115f32237a45 |
| SHA1 | c59d22f8bc8005694505addef88f7968c8d393d3 |
| SHA256 | d64354a111fd859a08552f6738fecd8c5594475e8c03bb37546812a205d0d368 |
| SHA512 | 468689d98645c9f32813d833a07bbcf96fe0de4593f4f4dc6757501fbce8e9951d21a8aa4a7050a87a904d203f521134328d426d4e6ab9f20e7e759769003b7c |
C:\ProgramData\Solara\bin\version.txt
| MD5 | 1087f46b6fe067d6674d8b7787eb8ef6 |
| SHA1 | 6669abab0a1bbf202f99f96d6f9550faa3e4fd12 |
| SHA256 | 7c8bc82d3afeaf6167db5b64ba2006c99617200c4da73657d0ef81705c6e7e29 |
| SHA512 | 9316836d7941cb5b1da1ee764676608e80df2d06e81084f9f91ae6af01aa3ecf313b71333e4c0bdc1993a2b63c0788cd9393347ecb51e20e22483d1b18ebe416 |
C:\ProgramData\Solara\Solara.exe
| MD5 | 4af398a46d4bd09811ced324ba8cc22c |
| SHA1 | 458264f284969210c1128bac89dbf06ac48ad85d |
| SHA256 | b5cc85c245f92044f8c79d7c94d3fcb4763be8a1d339d580a4e47540f7a1fd97 |
| SHA512 | 22f7c47d19e42ea197d4ffc1a060bdc9a7b6601cace9e93a8b3ea28efda2c6cedb7752ac8a00e1488d65b3b25fb9efd4bd618537440e1ce060dd1fb0843ce07b |
memory/5836-3168-0x00000253A0530000-0x00000253A0554000-memory.dmp
C:\ProgramData\Solara\Wpf.Ui.dll
| MD5 | aead90ab96e2853f59be27c4ec1e4853 |
| SHA1 | 43cdedde26488d3209e17efff9a51e1f944eb35f |
| SHA256 | 46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed |
| SHA512 | f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d |
memory/5836-3170-0x00000253BB0D0000-0x00000253BB60C000-memory.dmp
memory/5836-3171-0x00000253BAD40000-0x00000253BADFA000-memory.dmp
C:\ProgramData\Solara\Newtonsoft.Json.dll
| MD5 | 195ffb7167db3219b217c4fd439eedd6 |
| SHA1 | 1e76e6099570ede620b76ed47cf8d03a936d49f8 |
| SHA256 | e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d |
| SHA512 | 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac |
memory/5836-3173-0x00000253BAE00000-0x00000253BAEB2000-memory.dmp
C:\ProgramData\Solara\SolaraV3.dll
| MD5 | 6d160b3871202d58db0e799e08866f7e |
| SHA1 | ae1631ce37d122a493ed69629130f4ccd5ed8d9d |
| SHA256 | c8bc128eda7208da532537f1ac2c228fbe0d9b67cb983dbc736cb91d7e29be20 |
| SHA512 | 2c8550faa8413f2e67e6b49f2d7e7faf4ff5b96fdb7d56d940878cf0ce218f3d97e558c5738d9c4241005cd04abb43265d92fa0bf4ff133fc6e710257bc46e0e |
memory/5836-3177-0x0000000180000000-0x000000018109F000-memory.dmp
memory/5836-3180-0x0000000180000000-0x000000018109F000-memory.dmp
memory/5836-3179-0x0000000180000000-0x000000018109F000-memory.dmp
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\lib\express.js
| MD5 | d467bc485eddf6d38278bc6b1dc16389 |
| SHA1 | e233882de62eb095b3cae0b2956e8776e6af3d6a |
| SHA256 | 2f25585c03c3050779c8f5f00597f8653f4fb8a97448ef8ef8cb21e65ba4d15d |
| SHA512 | 2add66b4f2e8ce463449ca8f2eac19363844b6ab159a41b42163028c57f07a4245ebefe759a6f90e8685b5bd239c969fe99366eff89378cb8b92b8a703dacd61 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\index.js
| MD5 | 866e37a4d9fb8799d5415d32ac413465 |
| SHA1 | 3f41478fdab31acabab8fa1d26126483a141ffb6 |
| SHA256 | 4d2f5afc192178c5b0dc418d2da5826d52a8b6998771b011aede7fdba9118140 |
| SHA512 | 766d2e202dd5e520ac227e28e3c359cca183605c52b4e4c95c69825c929356cea772723a9af491a3662d3c26f7209e89cc3a7af76f75165c104492dc6728accc |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\package.json
| MD5 | 3b5b76b70b0a549dce72c5a02756d2a8 |
| SHA1 | 07786baebb5c52882e28a8bd281c9a36d63dd116 |
| SHA256 | bdd67333ab62b0bfeb10ecbbb23936db57b743a3eec580a354591fdf63334859 |
| SHA512 | bb266dfa725421fb26d26fda0f45a5fa5cd832667b05f27ceaf4e7fc1e032aeea8700493cfdd2941c3c38cd166eee1000d2b9ae3ddef375714e25a2027a943a3 |
C:\ProgramData\Solara\Monaco\fileaccess\package.json
| MD5 | b9f2ca8a50d6d71642dd920c76a851e5 |
| SHA1 | 8ca43e514f808364d0eb51e7a595e309a77fdfce |
| SHA256 | f44555af79dfa01a68ae8325382293fc68cd6c61d1d4eb9b8f7a42c651c51cde |
| SHA512 | 81b6352bbabd0bffbc50bfcd0cd67dc3c2a7d63bda0bf12421410c0ec8047af549a4928b5c5c3e89ead99aa9240bddb461c618c49287c15d9d4d3a899e8f596a |
C:\ProgramData\Solara\Monaco\fileaccess\index.js
| MD5 | 0e709bfb5675ff0531c925b909b58008 |
| SHA1 | 25a8634dd21c082d74a7dead157568b6a8fc9825 |
| SHA256 | ed94fd8980c043bad99599102291e3285323b99ce0eb5d424c00e3dea1a34e67 |
| SHA512 | 35968412e6ed11ef5cd890520946167bcef2dc6166489759af8bb699f08256355708b1ab949cce034d6cc22ed79b242600c623121f2c572b396f0e96372740cd |
memory/5836-3186-0x0000000180000000-0x000000018109F000-memory.dmp
memory/5836-3188-0x00000253A22E0000-0x00000253A22F0000-memory.dmp
memory/5836-3189-0x00000253BB000000-0x00000253BB090000-memory.dmp
memory/5836-3190-0x00000253BB0A0000-0x00000253BB0A8000-memory.dmp
memory/5836-3192-0x00000253BF5E0000-0x00000253BF618000-memory.dmp
memory/5836-3193-0x00000253BF5A0000-0x00000253BF5AE000-memory.dmp
memory/5836-3205-0x0000000180000000-0x000000018109F000-memory.dmp
memory/5836-3208-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6560-3226-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6560-3225-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6560-3227-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6560-3228-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6736-3231-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6736-3232-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6736-3233-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6736-3234-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6828-3235-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6828-3237-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6828-3238-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6820-3239-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6820-3240-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6828-3236-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6820-3241-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6820-3242-0x0000000180000000-0x000000018109F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cbaba0c835e3e997b61942d953770f54 |
| SHA1 | c699f8245b7e9c40a6481370105c7a08f8cb82b1 |
| SHA256 | 34e6745ab8b4614a4aaf62038e27eadc2422eed25a6552ce606e073dee8bc688 |
| SHA512 | e612807ed5c80562f99584d219e0cab2905c8c69e508ad7e4cc9b60fb818a56d4d92271cdf388ed9072aedccb5a66545e6bdb04c806474c719de60f7c38891df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 02f63127118464fd437c9e92f9c41e6e |
| SHA1 | 80335a680a5881b2f8819dffc9f93c71bb56a06f |
| SHA256 | ed70e105aa191709e1a2a21fffbd9c5a915e67ae671ed5b21ce1765c10ad6d69 |
| SHA512 | ed87c4156ccdad940b0bd37ecdad725c5ce191785a7a755aeab54374797c7086f2b7cd023cff99bd4d8a9eea7129d696c6f6cf330bc6f30d6382625c856a238b |
memory/6736-3265-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6820-3267-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6828-3266-0x0000000180000000-0x000000018109F000-memory.dmp
memory/6560-3268-0x0000000180000000-0x000000018109F000-memory.dmp
memory/7092-3270-0x0000000180000000-0x000000018109F000-memory.dmp
memory/7092-3272-0x0000000180000000-0x000000018109F000-memory.dmp
memory/7092-3271-0x0000000180000000-0x000000018109F000-memory.dmp
memory/7092-3269-0x0000000180000000-0x000000018109F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | dc323096a0f0bc5d14817402caff971d |
| SHA1 | 7511552cbf1e26677703868a8b47b644c1d60bd4 |
| SHA256 | 2c31ee5b07fce780464d2c7d5ae85e0a5e4e7cd2cec4784d5e1043546cb162f8 |
| SHA512 | 2ddb6d926648112c20e61485c1f75b56ceb0d63c246e50ef0aa2dbbe42e60a3bd61109ea8ceebe72fe2672b41c39621528f314e4a1143fd31a501cb24d235ef2 |
memory/5704-3283-0x0000028659D30000-0x0000028659D6E000-memory.dmp
memory/5704-3284-0x00007FF848F10000-0x00007FF849105000-memory.dmp
memory/5704-3285-0x00007FF848CF0000-0x00007FF848DAE000-memory.dmp
memory/5156-3286-0x0000000140000000-0x0000000140040000-memory.dmp
memory/5156-3287-0x0000000140000000-0x0000000140040000-memory.dmp
memory/5156-3288-0x00007FF848F10000-0x00007FF849105000-memory.dmp
memory/5156-3289-0x00007FF848CF0000-0x00007FF848DAE000-memory.dmp
memory/5156-3290-0x0000000140000000-0x0000000140040000-memory.dmp
memory/672-3295-0x000001824C720000-0x000001824C74A000-memory.dmp
memory/672-3298-0x00007FF808F90000-0x00007FF808FA0000-memory.dmp
memory/64-3302-0x000001F46F200000-0x000001F46F22A000-memory.dmp
memory/612-3296-0x00007FF808F90000-0x00007FF808FA0000-memory.dmp
memory/612-3294-0x0000020E2B380000-0x0000020E2B3AA000-memory.dmp
memory/612-3292-0x0000020E2B350000-0x0000020E2B373000-memory.dmp
memory/64-3303-0x00007FF808F90000-0x00007FF808FA0000-memory.dmp