Malware Analysis Report

2024-11-16 13:03

Sample ID 240912-yzjr1ssclp
Target https://www.mediafire.com/file/lwg6n17e2ihznl3/Xapse.zip/file
Tags
discordrat defense_evasion discovery evasion persistence rat rootkit stealer themida trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.mediafire.com/file/lwg6n17e2ihznl3/Xapse.zip/file was found to be: Known bad.

Malicious Activity Summary

discordrat defense_evasion discovery evasion persistence rat rootkit stealer themida trojan

Suspicious use of NtCreateUserProcessOtherParentProcess

Discord RAT

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Themida packer

Checks BIOS information in registry

Loads dropped DLL

Indicator Removal: Clear Windows Event Logs

Executes dropped EXE

Checks whether UAC is enabled

Enumerates connected drives

Blocklisted process makes network request

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Scheduled Task/Job: Scheduled Task

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

cURL User-Agent

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-12 20:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-12 20:13

Reported

2024-09-12 20:15

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

151s

Command Line

winlogon.exe

Signatures

Discord RAT

stealer rootkit rat persistence discordrat

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 5704 created 612 N/A C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe C:\Windows\system32\winlogon.exe

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\Solara\Solara.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\Solara\Solara.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\Solara\Solara.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\Solara\Solara.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\Solara\Solara.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\Solara\Solara.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\Solara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\Solara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\Solara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\Solara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\Solara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\Solara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\Solara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\Solara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\Solara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\Solara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\Solara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\Solara\Solara.exe N/A

Indicator Removal: Clear Windows Event Logs

defense_evasion
Description Indicator Process Target
File opened for modification C:\Windows\System32\Winevt\Logs\Microsoft-Windows-Security-Mitigations%4KernelMode.evtx C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\System32\Winevt\Logs\Microsoft-Windows-Security-Mitigations%4UserMode.evtx C:\Windows\System32\svchost.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\Solara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\Solara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\Solara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\Solara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\Solara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\ProgramData\Solara\Solara.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A pastebin.com N/A N/A
N/A discord.com N/A N/A
N/A pastebin.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A pastebin.com N/A N/A
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A discord.com N/A N/A
N/A pastebin.com N/A N/A
N/A discord.com N/A N/A
N/A pastebin.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A discord.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A pastebin.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A pastebin.com N/A N/A
N/A discord.com N/A N/A
N/A pastebin.com N/A N/A
N/A discord.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 5704 set thread context of 5156 N/A C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe C:\Windows\System32\dllhost.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\nodejs\node_modules\npm\node_modules\just-diff-apply\index.mjs C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\unpack.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\lib\entry-index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\identity\oauth.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\selectors\root.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\glob\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\tlog\verify\set.d.ts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\normalize-package-data\lib\fixer.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\diff\json.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\store\public-good-instance-root.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\npm-profile\LICENSE.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\normalize-windows-path.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@isaacs\string-locale-compare\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\google\protobuf\descriptor.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\lib\utils\tar.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\man\man5\npm-shrinkwrap-json.5 C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@tootallnate\once\dist\index.js.map C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\npm-registry-fetch\lib\errors.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\merkle\digest.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\corepack\dist\yarn.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\safe-buffer\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@isaacs\string-locale-compare\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\ms\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\sigstore-utils.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\lib\commands\access.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmexec\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmdiff\lib\format-diff.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\sortAscending.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\fs-minipass\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-fund.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\lib\get.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\minipass-fetch\lib\headers.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-adduser.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\update.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\pretty_gyp.py C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\supports-color\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\make-fetch-happen\lib\options.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\ca\verify\chain.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\tuf\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\npm-audit-report\lib\reporters\quiet.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\npm-install-checks\lib\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\tlog\types\__generated__\hashedrekord.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\sigstore_verification.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\lib\commands\query.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\promise-spawn\lib\escape.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\README.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\util\tar-create-options.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\internal\streams\lazy_transform.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\rcompare.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-flush\node_modules\minipass\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\dbcs-data.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\text-table\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\which\README.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\npm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\bin.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\README.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\write-file-atomic\lib\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\pnpx.cmd C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-explore.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\sigstore_bundle.d.ts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\lib\commands\whoami.js C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI7050.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI93BB.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e586220.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6667.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6677.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6B1D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7030.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8BF7.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8E0C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e586224.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI65D9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6B3D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8C85.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e586220.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI69B5.tmp C:\Windows\system32\msiexec.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\wevtutil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\SCHTASKS.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\wevtutil.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\ProgramData\Solara\Solara.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3432 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3432 wrote to memory of 2500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

cURL User-Agent

Description Indicator Process Target
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A
HTTP User-Agent header curl/8.9.1-DEV N/A N/A

Processes

C:\Windows\system32\winlogon.exe

winlogon.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s nsi

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc

C:\Windows\system32\taskhostw.exe

taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}

C:\Windows\sysmon.exe

C:\Windows\sysmon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\unsecapp.exe -Embedding

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

C:\Windows\System32\RuntimeBroker.exe

C:\Windows\System32\RuntimeBroker.exe -Embedding

C:\Windows\System32\RuntimeBroker.exe

C:\Windows\System32\RuntimeBroker.exe -Embedding

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service

C:\Windows\system32\SppExtComObj.exe

C:\Windows\system32\SppExtComObj.exe -Embedding

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Windows\System32\RuntimeBroker.exe

C:\Windows\System32\RuntimeBroker.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/lwg6n17e2ihznl3/Xapse.zip/file

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83a3746f8,0x7ff83a374708,0x7ff83a374718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding

C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe

"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3C97.tmp\3C98.tmp\3C99.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe

bootstraper.exe

C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe

botstrapper.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 8F864B2FBCFCD143BEDFDDBEC254AAF4

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding AA5F007F8E79041E2D6D065ED828E129

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding DB1D595D9B45CB8210F4ACA1F31BFAF9 E Global\MSI0000

C:\Windows\SysWOW64\wevtutil.exe

"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"

C:\Windows\System32\wevtutil.exe

"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64

C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe

"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\F48C.tmp\F48D.tmp\F48E.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe

bootstraper.exe

C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe

botstrapper.exe

C:\Program Files\nodejs\node.exe

"node" -v

C:\ProgramData\Solara\Solara.exe

"C:\ProgramData\Solara\Solara.exe"

C:\Program Files\nodejs\node.exe

"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" dc854d076d2a4d27

C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe

"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\35EB.tmp\35EC.tmp\35ED.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe

bootstraper.exe

C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe

botstrapper.exe

C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe

"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\424F.tmp\4250.tmp\4251.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe

bootstraper.exe

C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe

botstrapper.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x380 0x424

C:\Program Files\nodejs\node.exe

"node" -v

C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe

"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe

"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4C61.tmp\4C62.tmp\4C63.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4C62.tmp\4C62.tmp\4C63.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe

bootstraper.exe

C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe

bootstraper.exe

C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe

botstrapper.exe

C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe

botstrapper.exe

C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe

"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4D1C.tmp\4D1D.tmp\4D1E.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe

"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe

bootstraper.exe

C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe

botstrapper.exe

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4DB9.tmp\4DBA.tmp\4DBB.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe

"C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4EA3.tmp\4EA4.tmp\4EA5.bat C:\Users\Admin\Downloads\Xapse\Solara\bootstrapper.exe"

C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe

bootstraper.exe

C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe

botstrapper.exe

C:\ProgramData\Solara\Solara.exe

"C:\ProgramData\Solara\Solara.exe"

C:\Users\Admin\Downloads\Xapse\Solara\bootstraper.exe

bootstraper.exe

C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe

botstrapper.exe

C:\Program Files\nodejs\node.exe

"node" -v

C:\Program Files\nodejs\node.exe

"node" -v

C:\ProgramData\Solara\Solara.exe

"C:\ProgramData\Solara\Solara.exe"

C:\Program Files\nodejs\node.exe

"node" -v

C:\Program Files\nodejs\node.exe

"node" -v

C:\ProgramData\Solara\Solara.exe

"C:\ProgramData\Solara\Solara.exe"

C:\ProgramData\Solara\Solara.exe

"C:\ProgramData\Solara\Solara.exe"

C:\ProgramData\Solara\Solara.exe

"C:\ProgramData\Solara\Solara.exe"

C:\Program Files\nodejs\node.exe

"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 245b7bcaf2514ad1

C:\Program Files\nodejs\node.exe

"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 27b2a73b76854098

C:\Program Files\nodejs\node.exe

"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" ee2ef6c299d044f7

C:\Program Files\nodejs\node.exe

"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 30b31766735e44b1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10931739821663335497,15571295982395333218,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4756 /prefetch:2

C:\Program Files\nodejs\node.exe

"node" -v

C:\Windows\SYSTEM32\SCHTASKS.exe

"SCHTASKS.exe" /create /tn "$77botstrapper.exe" /tr "'C:\Users\Admin\Downloads\Xapse\Solara\botstrapper.exe'" /sc onlogon /rl HIGHEST

C:\ProgramData\Solara\Solara.exe

"C:\ProgramData\Solara\Solara.exe"

C:\Program Files\nodejs\node.exe

"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 84b98eaed9a84831

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\dllhost.exe

C:\Windows\System32\dllhost.exe /Processid:{e7a98292-4214-4735-8d1f-6c3abca6a139}

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.17.151.117:443 www.mediafire.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 117.151.17.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 cdn.amplitude.com udp
US 172.67.170.144:443 www.ezojs.com tcp
GB 142.250.187.238:443 translate.google.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
GB 18.154.84.60:443 cdn.amplitude.com tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 232.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 144.170.67.172.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 60.84.154.18.in-addr.arpa udp
US 104.16.53.110:443 cdn.otnolatrnup.com tcp
US 8.8.8.8:53 g.ezoic.net udp
FR 13.37.187.223:443 g.ezoic.net tcp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 www.mediafiredls.com udp
US 8.8.8.8:53 go.ezodn.com udp
GB 142.250.187.202:443 translate.googleapis.com tcp
US 172.67.73.78:443 www.mediafiredls.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 api.amplitude.com udp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 35.165.143.96:443 api.amplitude.com tcp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 bshr.ezodn.com udp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 110.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 223.187.37.13.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 78.73.67.172.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 96.143.165.35.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 172.67.142.121:443 bshr.ezodn.com tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 216.58.201.99:443 www.google.co.uk tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
IE 52.30.93.119:443 ad.crwdcntrl.net tcp
GB 18.245.143.58:443 tags.crwdcntrl.net tcp
IE 54.76.106.86:443 ad.crwdcntrl.net tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
GB 143.204.68.124:80 crt.rootg2.amazontrust.com tcp
GB 143.204.68.124:80 crt.rootg2.amazontrust.com tcp
GB 143.204.68.124:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 155.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 58.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 119.93.30.52.in-addr.arpa udp
US 8.8.8.8:53 86.106.76.54.in-addr.arpa udp
US 8.8.8.8:53 124.68.204.143.in-addr.arpa udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com udp
FR 13.37.187.223:443 g.ezoic.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
DE 162.19.138.83:443 id5-sync.com tcp
NL 79.127.227.46:443 id.a-mx.com tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 18.245.252.28:443 cdn.prod.uidapi.com tcp
US 8.8.8.8:53 c3.a-mo.net udp
US 8.8.8.8:53 oajs.openx.net udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
NL 79.127.227.46:443 c3.a-mo.net tcp
US 34.120.107.143:443 oajs.openx.net tcp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 dnacdn.net udp
IE 52.51.179.14:443 ap.lijit.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
GB 108.138.217.48:443 hb.yellowblue.io tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
FR 163.5.194.37:443 prebid.a-mo.net tcp
IE 54.217.114.196:443 ads.yieldmo.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
US 34.120.107.143:443 oajs.openx.net udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 83.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 28.252.245.18.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 143.107.120.34.in-addr.arpa udp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
DE 51.38.120.206:443 onetag-sys.com udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 e0ea2bb96a80c1bf73bd7a695d0fc95a.safeframe.googlesyndication.com udp
GB 142.250.178.1:443 e0ea2bb96a80c1bf73bd7a695d0fc95a.safeframe.googlesyndication.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 download1590.mediafire.com udp
US 8.8.8.8:53 48.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 14.179.51.52.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 37.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 196.114.217.54.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 199.91.152.90:443 download1590.mediafire.com tcp
US 199.91.152.90:443 download1590.mediafire.com tcp
US 199.91.152.90:443 download1590.mediafire.com tcp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 172.217.169.65:443 cdn.ampproject.org tcp
GB 172.217.169.65:443 cdn.ampproject.org tcp
GB 172.217.169.65:443 cdn.ampproject.org tcp
GB 172.217.169.65:443 cdn.ampproject.org tcp
GB 172.217.169.65:443 cdn.ampproject.org tcp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
US 104.16.53.110:80 otnolatrnup.com tcp
US 104.16.53.110:80 otnolatrnup.com tcp
US 8.8.8.8:53 90.152.91.199.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
FR 185.235.86.228:443 gem.gbc.criteo.com tcp
FR 185.235.86.158:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 woreppercomming.com udp
GB 18.165.227.8:443 woreppercomming.com tcp
US 8.8.8.8:53 www.chancial.com udp
US 172.67.141.135:443 www.chancial.com tcp
US 8.8.8.8:53 www.opera.com udp
DE 3.123.255.2:443 www.opera.com tcp
US 8.8.8.8:53 check.analytics.rlcdn.com udp
US 8.8.8.8:53 158.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 228.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 8.227.165.18.in-addr.arpa udp
US 8.8.8.8:53 135.141.67.172.in-addr.arpa udp
GB 18.164.68.67:443 check.analytics.rlcdn.com tcp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 23.214.143.61:443 cdn-production-opera-website.operacdn.com tcp
GB 142.250.187.238:443 www.googleoptimize.com tcp
US 8.8.8.8:53 2.255.123.3.in-addr.arpa udp
US 8.8.8.8:53 67.68.164.18.in-addr.arpa udp
US 8.8.8.8:53 61.143.214.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
PL 57.144.110.128:443 connect.facebook.net tcp
US 8.8.8.8:53 128.110.144.57.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
PL 57.144.110.1:443 www.facebook.com tcp
US 8.8.8.8:53 1.110.144.57.in-addr.arpa udp
US 8.8.8.8:53 gateway.discord.gg udp
US 8.8.8.8:53 getsolara.dev udp
US 162.159.136.234:443 gateway.discord.gg tcp
US 172.67.203.125:443 getsolara.dev tcp
N/A 127.0.0.1:6463 tcp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 234.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 125.203.67.172.in-addr.arpa udp
US 8.8.8.8:53 geolocation-db.com udp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 pastebin.com udp
US 104.20.4.235:443 pastebin.com tcp
US 8.8.8.8:53 clientsettings.roblox.com udp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
US 8.8.8.8:53 253.102.89.159.in-addr.arpa udp
US 8.8.8.8:53 235.4.20.104.in-addr.arpa udp
US 8.8.8.8:53 4.21.116.128.in-addr.arpa udp
US 8.8.8.8:53 www.nodejs.org udp
US 104.20.22.46:443 www.nodejs.org tcp
US 8.8.8.8:53 46.22.20.104.in-addr.arpa udp
US 8.8.8.8:53 nodejs.org udp
US 104.20.23.46:443 nodejs.org tcp
US 8.8.8.8:53 46.23.20.104.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 162.159.138.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 162.159.136.234:443 gateway.discord.gg tcp
US 172.67.203.125:443 getsolara.dev tcp
US 104.20.4.235:443 pastebin.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
US 8.8.8.8:53 discord.com udp
US 162.159.136.232:443 discord.com tcp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.136.232:443 discord.com tcp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
US 104.20.4.235:443 pastebin.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
US 172.67.203.125:443 getsolara.dev tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
N/A 127.0.0.1:57263 tcp
N/A 127.0.0.1:57269 tcp
N/A 127.0.0.1:57272 tcp
N/A 127.0.0.1:57275 tcp
N/A 127.0.0.1:57278 tcp
N/A 127.0.0.1:57280 tcp
N/A 127.0.0.1:57284 tcp
US 172.67.203.125:443 getsolara.dev tcp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 216.58.201.99:443 www.google.co.uk udp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.234:443 gateway.discord.gg tcp
US 162.159.136.232:443 discord.com tcp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.136.232:443 discord.com tcp
US 172.67.203.125:443 getsolara.dev tcp
US 104.20.4.235:443 pastebin.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
US 162.159.136.234:443 gateway.discord.gg tcp
US 172.67.203.125:443 getsolara.dev tcp
US 104.20.4.235:443 pastebin.com tcp
US 162.159.136.232:443 discord.com tcp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.234:443 gateway.discord.gg tcp
US 162.159.136.234:443 gateway.discord.gg tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 162.159.136.234:443 gateway.discord.gg tcp
US 104.20.4.235:443 pastebin.com tcp
US 162.159.136.234:443 gateway.discord.gg tcp
US 162.159.136.232:443 discord.com tcp
US 172.67.203.125:443 getsolara.dev tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
US 104.20.4.235:443 pastebin.com tcp
US 172.67.203.125:443 getsolara.dev tcp
US 162.159.136.234:443 gateway.discord.gg tcp
US 172.67.203.125:443 getsolara.dev tcp
US 104.20.4.235:443 pastebin.com tcp
DE 159.89.102.253:443 geolocation-db.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
US 104.20.4.235:443 pastebin.com tcp
US 104.20.4.235:443 pastebin.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
US 162.159.136.232:443 discord.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
US 162.159.136.232:443 discord.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
US 162.159.136.232:443 discord.com tcp
US 104.20.4.235:443 pastebin.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
US 104.20.4.235:443 pastebin.com tcp
US 104.20.4.235:443 pastebin.com tcp
US 104.20.4.235:443 pastebin.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 162.159.136.232:443 discord.com tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 104.20.4.235:443 pastebin.com tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 162.159.136.232:443 discord.com tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
US 162.159.136.232:443 discord.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
US 104.20.4.235:443 pastebin.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
US 172.67.203.125:443 getsolara.dev tcp
N/A 127.0.0.1:57375 tcp
N/A 127.0.0.1:57379 tcp
N/A 127.0.0.1:57383 tcp
N/A 127.0.0.1:57390 tcp
N/A 127.0.0.1:57399 tcp
N/A 127.0.0.1:57401 tcp
N/A 127.0.0.1:57409 tcp
N/A 127.0.0.1:57412 tcp
N/A 127.0.0.1:57415 tcp
N/A 127.0.0.1:57419 tcp
N/A 127.0.0.1:57422 tcp
N/A 127.0.0.1:57425 tcp
N/A 127.0.0.1:57428 tcp
N/A 127.0.0.1:57431 tcp
N/A 127.0.0.1:57433 tcp
N/A 127.0.0.1:57435 tcp
N/A 127.0.0.1:57440 tcp
N/A 127.0.0.1:57446 tcp
N/A 127.0.0.1:57449 tcp
N/A 127.0.0.1:57453 tcp
N/A 127.0.0.1:57455 tcp
N/A 127.0.0.1:57459 tcp
N/A 127.0.0.1:57461 tcp
N/A 127.0.0.1:57465 tcp
N/A 127.0.0.1:57468 tcp
N/A 127.0.0.1:57472 tcp
N/A 127.0.0.1:57475 tcp
N/A 127.0.0.1:57478 tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
N/A 127.0.0.1:57515 tcp
N/A 127.0.0.1:57519 tcp
N/A 127.0.0.1:57522 tcp
N/A 127.0.0.1:57525 tcp
US 172.67.203.125:443 getsolara.dev tcp
N/A 127.0.0.1:57528 tcp
N/A 127.0.0.1:57530 tcp
US 172.67.203.125:443 getsolara.dev tcp
US 172.67.203.125:443 getsolara.dev tcp
N/A 127.0.0.1:57534 tcp
US 172.67.203.125:443 getsolara.dev tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 162.159.136.232:443 discord.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2783c40400a8912a79cfd383da731086
SHA1 001a131fe399c30973089e18358818090ca81789
SHA256 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512 b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

\??\pipe\LOCAL\crashpad_3432_IEHEXARDWJSLFCYE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ff63763eedb406987ced076e36ec9acf
SHA1 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA256 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512 ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f185de7056a808e5d7f58388f4c17db0
SHA1 3f63704917b51500076d1691efec71972e3e1268
SHA256 51d241fb81562f3be744e0d5c2a5e42ea874872e98bcb6cb38599de09f3f8331
SHA512 e0f6bd17fc6494754f615f27139406676ca1f6796c2ae292e94e5a80d489af56843652ae6977196dd84e261ba5b58fc49e230edcc4e7e438562d8e9d5f82f6ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 72b1ca93e516e39a090d675caf5dbb22
SHA1 a8e9e129ac3c46a678dfd28d2311146311a9ba2f
SHA256 5d25ceeff9502a0838e3a230c63036db18e53a078470c3c1bd756c822655abe2
SHA512 0c098ad7f4dd16c296aa65f08afd03d7ec04d3536d3cd8d6c3394774a63d7a2c8737a78c8ad48333191d4e9a076cbcfb08e1de25064e3cd52bec2d0e46e62651

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 70a19a20c34f813a420981a53d8b962f
SHA1 5585712ea80ed3180c36ed3e2150d4f1431e535c
SHA256 88b2e5983f33670713454d998d3fded5ce76cdc9005d4970c1b986d490f62aa3
SHA512 2dc328aa699e612bfd6e2149971aea8b04ab21536573f860024f485fe7774e6ef37517a7266f91317a4c91da3878059844d2eb7880185a2a2399a77540da7e20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\Downloads\Xapse.zip

MD5 6189db7c9380f6c1dbdccbc03ac3100b
SHA1 e426ee6c9df0168cddccf0bc13cb8b582b766e5c
SHA256 902ed95364247dbe1dfa2fc9489a02d22331d1833a430f957cdf22339db11ff0
SHA512 9c2c18fab15907165053e3008a3c495c640b35a60d14b77d438b765ecc20a540fd16cdde54920de7c181a1da6a277efdb759b237616870177c0be6444a08168c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 00939eb58f5a35990c7e73352926be5b
SHA1 58d11b6066c9c18903a56fe5466dca11ee682689
SHA256 d4610c491cf20a6ab5eb3fc3300292231c07e09fb3660aec503a8c56a8e31b9e
SHA512 1f7a347ac345d718cfad3031532042c6feb3d17f212550adbaa894666dfba134392ac1240c7b19dd6c99832fef4050c85fa194c8d7ecfff062fa85472beb0393

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581fb8.TMP

MD5 6472337d70064f093f16346533792247
SHA1 9f0839f190853dbab3877d24c0fd89a96039f5d9
SHA256 620f3bc519b2c3052ca0b83906591261f241a1c947d3b74132357880efdcc262
SHA512 bea295083ce8e7348a96d3b438c01b3cb3753c8cd313f7c16769a5ba022d5846d48bed2716ddb8679fc1aab21ac068c08e4875512c414c7d5789641bb8fdbc9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aa6a1290923088f8fd8f9ea347f71b42
SHA1 c5f830986c44d0267099624a82a9b299bb392c6e
SHA256 faa0cac74acd8f409873da9c4fd2cb2a525d1ce5bef51f0d32f92b3fc872f840
SHA512 2de5dc8bd17a2a510c2837065495aee25fb4e4da59352d9268e0029923b2ce8050d85a9d1d80e61fbc0e68ac10b06d94c9104b89b3ed54e3d6deca0257f10e95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 536a050060e6b0f779978aeda0c4c8cc
SHA1 d0d6609ca062af8b9c795431913bdc394a6376e5
SHA256 42ba513cc0269e13fa185b6db7a50c5c87f99590247d1575984b6c74b86f2014
SHA512 6c273e2cad62e5d2f2c7497d907a06309340a45ad8b21e3812d8a5c28b15eb86132f804ad47cd9bb0932931d35760e643330c53e754f6b8515e98ca44da7b5f9

C:\Users\Admin\AppData\Local\Temp\3C97.tmp\3C98.tmp\3C99.bat

MD5 646c713009ef5caf7d3a3db983482149
SHA1 6362880bd6f2faf6a2d4c85155a44a07c015f587
SHA256 3037135e8fb4a77fd06f19150c38d785de741558376a0afba95a350eeb64a0ae
SHA512 2df2f3640e79818cb9ee0d31ff0cfedf1bb2ee9f92a2ad97f7c41256df4110b233751a82e28b77068f3859075fd7ce371c3dd5b2692106c2d7a21caa2fbd806c

memory/5380-265-0x00000128A5D70000-0x00000128A5D88000-memory.dmp

memory/5380-266-0x00000128C0410000-0x00000128C05D2000-memory.dmp

memory/5376-267-0x000002C3B9FE0000-0x000002C3BA0DA000-memory.dmp

memory/5380-268-0x00000128C0C10000-0x00000128C1138000-memory.dmp

memory/5376-279-0x000002C3BBE10000-0x000002C3BBE32000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0021abd6a07cb8afe8d851fcf76a26e9
SHA1 915e36b9f74b4c2ebe47254a92d5840988f1326e
SHA256 b51d3b06995a0548c0acb95f354446684cf074c5d257329d23121ade0ae40b1b
SHA512 fcf01e3776ba59d4ffdbf7cc2fa37a3c0031db3491f92fa6992ecac61dbfcc1b9832060a5182ba75d4895f35e3623eb710eecd440832507bb6592ffeac3106d8

C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

MD5 0e4e9aa41d24221b29b19ba96c1a64d0
SHA1 231ade3d5a586c0eb4441c8dbfe9007dc26b2872
SHA256 5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d
SHA512 e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

C:\Windows\Installer\MSI65D9.tmp

MD5 9fe9b0ecaea0324ad99036a91db03ebb
SHA1 144068c64ec06fc08eadfcca0a014a44b95bb908
SHA256 e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9
SHA512 906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

C:\Windows\Installer\MSI6677.tmp

MD5 a3ae5d86ecf38db9427359ea37a5f646
SHA1 eb4cb5ff520717038adadcc5e1ef8f7c24b27a90
SHA256 c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74
SHA512 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

C:\Windows\Installer\MSI6B1D.tmp

MD5 7a86ce1a899262dd3c1df656bff3fb2c
SHA1 33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541
SHA256 b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c
SHA512 421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3babc985718ca0ef88abcf43e5599d7a
SHA1 3c34c8db12c110159b1c7ee94d10028489c1b5d6
SHA256 18b94b06e4b0d09d1b3838ed1092e1673f68b2366e1452580673f4a045844f0f
SHA512 edc438bc6ae9b35fda00367c234417e7b07dff9dd26991141fa5db50e60895596058d787ed879f6c6125821a048aad912d47dcd25b60b8f93cab4c254a08f117

C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

MD5 b020de8f88eacc104c21d6e6cacc636d
SHA1 20b35e641e3a5ea25f012e13d69fab37e3d68d6b
SHA256 3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706
SHA512 4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

MD5 d2cf52aa43e18fdc87562d4c1303f46a
SHA1 58fb4a65fffb438630351e7cafd322579817e5e1
SHA256 45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0
SHA512 54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

MD5 7428aa9f83c500c4a434f8848ee23851
SHA1 166b3e1c1b7d7cb7b070108876492529f546219f
SHA256 1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7
SHA512 c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

MD5 5ad87d95c13094fa67f25442ff521efd
SHA1 01f1438a98e1b796e05a74131e6bb9d66c9e8542
SHA256 67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec
SHA512 7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

MD5 d7c8fab641cd22d2cd30d2999cc77040
SHA1 d293601583b1454ad5415260e4378217d569538e
SHA256 04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be
SHA512 278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

MD5 bc0c0eeede037aa152345ab1f9774e92
SHA1 56e0f71900f0ef8294e46757ec14c0c11ed31d4e
SHA256 7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5
SHA512 5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

MD5 f0bd53316e08991d94586331f9c11d97
SHA1 f5a7a6dc0da46c3e077764cfb3e928c4a75d383e
SHA256 dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef
SHA512 fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

MD5 072ac9ab0c4667f8f876becedfe10ee0
SHA1 0227492dcdc7fb8de1d14f9d3421c333230cf8fe
SHA256 2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013
SHA512 f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

MD5 2916d8b51a5cc0a350d64389bc07aef6
SHA1 c9d5ac416c1dd7945651bee712dbed4d158d09e1
SHA256 733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04
SHA512 508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

MD5 d116a360376e31950428ed26eae9ffd4
SHA1 192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b
SHA256 c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5
SHA512 5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

MD5 1d7c74bcd1904d125f6aff37749dc069
SHA1 21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab
SHA256 24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9
SHA512 b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

MD5 e9dc66f98e5f7ff720bf603fff36ebc5
SHA1 f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b
SHA256 b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79
SHA512 8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

C:\Program Files\nodejs\node_etw_provider.man

MD5 1d51e18a7247f47245b0751f16119498
SHA1 78f5d95dd07c0fcee43c6d4feab12d802d194d95
SHA256 1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f
SHA512 1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

C:\Program Files\nodejs\node_etw_provider.man

MD5 d3bc164e23e694c644e0b1ce3e3f9910
SHA1 1849f8b1326111b5d4d93febc2bafb3856e601bb
SHA256 1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4
SHA512 91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 6b04ab52540bdc8a646d6e42255a6c4b
SHA1 4cdfc59b5b62dafa3b20d23a165716b5218aa646
SHA256 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d
SHA512 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 c03ff64e7985603de96e7f84ec7dd438
SHA1 dfc067c6cb07b81281561fdfe995aca09c18d0e9
SHA256 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526
SHA512 bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

MD5 35b86e177ab52108bd9fed7425a9e34a
SHA1 76a1f47a10e3ab829f676838147875d75022c70c
SHA256 afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319
SHA512 3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

MD5 db7dbbc86e432573e54dedbcc02cb4a1
SHA1 cff9cfb98cff2d86b35dc680b405e8036bbbda47
SHA256 7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9
SHA512 8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

C:\Config.Msi\e586223.rbs

MD5 1da9254a481378f5ed400d60e3760a8a
SHA1 ca5c718c059d0de2ffe1a730d542e56a158b2a00
SHA256 c12f8ed2ce8a66be06ed4afac1cb639bf1872d5835732948db01786239676c29
SHA512 334a973c08926be66697d082fa22316d679c7843929f81113541d2ae6fa4e941112551f4e70f22bfd9d269b48e8b64cf42e840eb052d1ef61f0077840cf6a9ca

memory/5376-2713-0x000002C3D48B0000-0x000002C3D48BA000-memory.dmp

memory/5376-2715-0x000002C3D48E0000-0x000002C3D48F2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dbb9cfe6bde9a493cd94efcfaee99028
SHA1 8f49177cf57b4c94d121eb5ef28662deefd19ad4
SHA256 2ff75a822b3caf4aac4ab5841dba0bc79eb4754785964aedeb709e332fd08c88
SHA512 db944b27491516189eecbf56e60b7f8c7dd612b3fe4b9ed85971b16901c6f7426cc3f1a53a205d77343405cd59bd543a7f054e95d8eace6f668d340750c772c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1dcc9b7b-f97f-4ad9-a51e-66aad1c776a5.tmp

MD5 88013d47134873285061cfaba82be147
SHA1 2ca1e7fb3b07fb9ad3d33a57c28769f9e5e4b633
SHA256 96560ea9138c7c07898f30fdab2b85a75491ed95247474d7a20c77ed7894564c
SHA512 dfdba6623f12f7a4f6f7925a8f55f33cdd1060a6c889199ad92a84fc289741531d5ce2a631685ca2d03fcb1209527aad923cecc9048dab85dc64c30577272464

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d6eb8dfaf83d53398583fe7980082697
SHA1 2460dccd3a69d45ddc481168fa91d3d499bac1e1
SHA256 77361225846f5402eba571913fb5649e62ecea19ff081d5158f6c16af3ed8e5c
SHA512 aa13ce8264d7c3bb9b04bc3300f0c046d2f09fba6224d902a763f90eeb6ec0706c6bbe79eda3de59f8815a3889dac434cdff593f2c4f87873f07d07ac4236883

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\bootstraper.exe.log

MD5 596a9de3c4f94d66dbea5763a4911ed4
SHA1 47811a7de2387348a03c9254e1e298e7bba31348
SHA256 08d5d90a9db62f97f5a4928633b905fee3949601ed6393686afd731842791df7
SHA512 b082101578da90c8b820d354b20cd5f240bd31282b0dfa607f57698202823da6c6c0d77dbae472773d89275bf7fe738a360bd5a5c88d642b632f38bb7147eeef

C:\Users\Admin\Downloads\Xapse\Solara\DISCORD

MD5 487ab53955a5ea101720115f32237a45
SHA1 c59d22f8bc8005694505addef88f7968c8d393d3
SHA256 d64354a111fd859a08552f6738fecd8c5594475e8c03bb37546812a205d0d368
SHA512 468689d98645c9f32813d833a07bbcf96fe0de4593f4f4dc6757501fbce8e9951d21a8aa4a7050a87a904d203f521134328d426d4e6ab9f20e7e759769003b7c

C:\ProgramData\Solara\bin\version.txt

MD5 1087f46b6fe067d6674d8b7787eb8ef6
SHA1 6669abab0a1bbf202f99f96d6f9550faa3e4fd12
SHA256 7c8bc82d3afeaf6167db5b64ba2006c99617200c4da73657d0ef81705c6e7e29
SHA512 9316836d7941cb5b1da1ee764676608e80df2d06e81084f9f91ae6af01aa3ecf313b71333e4c0bdc1993a2b63c0788cd9393347ecb51e20e22483d1b18ebe416

C:\ProgramData\Solara\Solara.exe

MD5 4af398a46d4bd09811ced324ba8cc22c
SHA1 458264f284969210c1128bac89dbf06ac48ad85d
SHA256 b5cc85c245f92044f8c79d7c94d3fcb4763be8a1d339d580a4e47540f7a1fd97
SHA512 22f7c47d19e42ea197d4ffc1a060bdc9a7b6601cace9e93a8b3ea28efda2c6cedb7752ac8a00e1488d65b3b25fb9efd4bd618537440e1ce060dd1fb0843ce07b

memory/5836-3168-0x00000253A0530000-0x00000253A0554000-memory.dmp

C:\ProgramData\Solara\Wpf.Ui.dll

MD5 aead90ab96e2853f59be27c4ec1e4853
SHA1 43cdedde26488d3209e17efff9a51e1f944eb35f
SHA256 46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512 f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

memory/5836-3170-0x00000253BB0D0000-0x00000253BB60C000-memory.dmp

memory/5836-3171-0x00000253BAD40000-0x00000253BADFA000-memory.dmp

C:\ProgramData\Solara\Newtonsoft.Json.dll

MD5 195ffb7167db3219b217c4fd439eedd6
SHA1 1e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256 e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA512 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

memory/5836-3173-0x00000253BAE00000-0x00000253BAEB2000-memory.dmp

C:\ProgramData\Solara\SolaraV3.dll

MD5 6d160b3871202d58db0e799e08866f7e
SHA1 ae1631ce37d122a493ed69629130f4ccd5ed8d9d
SHA256 c8bc128eda7208da532537f1ac2c228fbe0d9b67cb983dbc736cb91d7e29be20
SHA512 2c8550faa8413f2e67e6b49f2d7e7faf4ff5b96fdb7d56d940878cf0ce218f3d97e558c5738d9c4241005cd04abb43265d92fa0bf4ff133fc6e710257bc46e0e

memory/5836-3177-0x0000000180000000-0x000000018109F000-memory.dmp

memory/5836-3180-0x0000000180000000-0x000000018109F000-memory.dmp

memory/5836-3179-0x0000000180000000-0x000000018109F000-memory.dmp

C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\lib\express.js

MD5 d467bc485eddf6d38278bc6b1dc16389
SHA1 e233882de62eb095b3cae0b2956e8776e6af3d6a
SHA256 2f25585c03c3050779c8f5f00597f8653f4fb8a97448ef8ef8cb21e65ba4d15d
SHA512 2add66b4f2e8ce463449ca8f2eac19363844b6ab159a41b42163028c57f07a4245ebefe759a6f90e8685b5bd239c969fe99366eff89378cb8b92b8a703dacd61

C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\index.js

MD5 866e37a4d9fb8799d5415d32ac413465
SHA1 3f41478fdab31acabab8fa1d26126483a141ffb6
SHA256 4d2f5afc192178c5b0dc418d2da5826d52a8b6998771b011aede7fdba9118140
SHA512 766d2e202dd5e520ac227e28e3c359cca183605c52b4e4c95c69825c929356cea772723a9af491a3662d3c26f7209e89cc3a7af76f75165c104492dc6728accc

C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\package.json

MD5 3b5b76b70b0a549dce72c5a02756d2a8
SHA1 07786baebb5c52882e28a8bd281c9a36d63dd116
SHA256 bdd67333ab62b0bfeb10ecbbb23936db57b743a3eec580a354591fdf63334859
SHA512 bb266dfa725421fb26d26fda0f45a5fa5cd832667b05f27ceaf4e7fc1e032aeea8700493cfdd2941c3c38cd166eee1000d2b9ae3ddef375714e25a2027a943a3

C:\ProgramData\Solara\Monaco\fileaccess\package.json

MD5 b9f2ca8a50d6d71642dd920c76a851e5
SHA1 8ca43e514f808364d0eb51e7a595e309a77fdfce
SHA256 f44555af79dfa01a68ae8325382293fc68cd6c61d1d4eb9b8f7a42c651c51cde
SHA512 81b6352bbabd0bffbc50bfcd0cd67dc3c2a7d63bda0bf12421410c0ec8047af549a4928b5c5c3e89ead99aa9240bddb461c618c49287c15d9d4d3a899e8f596a

C:\ProgramData\Solara\Monaco\fileaccess\index.js

MD5 0e709bfb5675ff0531c925b909b58008
SHA1 25a8634dd21c082d74a7dead157568b6a8fc9825
SHA256 ed94fd8980c043bad99599102291e3285323b99ce0eb5d424c00e3dea1a34e67
SHA512 35968412e6ed11ef5cd890520946167bcef2dc6166489759af8bb699f08256355708b1ab949cce034d6cc22ed79b242600c623121f2c572b396f0e96372740cd

memory/5836-3186-0x0000000180000000-0x000000018109F000-memory.dmp

memory/5836-3188-0x00000253A22E0000-0x00000253A22F0000-memory.dmp

memory/5836-3189-0x00000253BB000000-0x00000253BB090000-memory.dmp

memory/5836-3190-0x00000253BB0A0000-0x00000253BB0A8000-memory.dmp

memory/5836-3192-0x00000253BF5E0000-0x00000253BF618000-memory.dmp

memory/5836-3193-0x00000253BF5A0000-0x00000253BF5AE000-memory.dmp

memory/5836-3205-0x0000000180000000-0x000000018109F000-memory.dmp

memory/5836-3208-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6560-3226-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6560-3225-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6560-3227-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6560-3228-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6736-3231-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6736-3232-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6736-3233-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6736-3234-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6828-3235-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6828-3237-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6828-3238-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6820-3239-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6820-3240-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6828-3236-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6820-3241-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6820-3242-0x0000000180000000-0x000000018109F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cbaba0c835e3e997b61942d953770f54
SHA1 c699f8245b7e9c40a6481370105c7a08f8cb82b1
SHA256 34e6745ab8b4614a4aaf62038e27eadc2422eed25a6552ce606e073dee8bc688
SHA512 e612807ed5c80562f99584d219e0cab2905c8c69e508ad7e4cc9b60fb818a56d4d92271cdf388ed9072aedccb5a66545e6bdb04c806474c719de60f7c38891df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 02f63127118464fd437c9e92f9c41e6e
SHA1 80335a680a5881b2f8819dffc9f93c71bb56a06f
SHA256 ed70e105aa191709e1a2a21fffbd9c5a915e67ae671ed5b21ce1765c10ad6d69
SHA512 ed87c4156ccdad940b0bd37ecdad725c5ce191785a7a755aeab54374797c7086f2b7cd023cff99bd4d8a9eea7129d696c6f6cf330bc6f30d6382625c856a238b

memory/6736-3265-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6820-3267-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6828-3266-0x0000000180000000-0x000000018109F000-memory.dmp

memory/6560-3268-0x0000000180000000-0x000000018109F000-memory.dmp

memory/7092-3270-0x0000000180000000-0x000000018109F000-memory.dmp

memory/7092-3272-0x0000000180000000-0x000000018109F000-memory.dmp

memory/7092-3271-0x0000000180000000-0x000000018109F000-memory.dmp

memory/7092-3269-0x0000000180000000-0x000000018109F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dc323096a0f0bc5d14817402caff971d
SHA1 7511552cbf1e26677703868a8b47b644c1d60bd4
SHA256 2c31ee5b07fce780464d2c7d5ae85e0a5e4e7cd2cec4784d5e1043546cb162f8
SHA512 2ddb6d926648112c20e61485c1f75b56ceb0d63c246e50ef0aa2dbbe42e60a3bd61109ea8ceebe72fe2672b41c39621528f314e4a1143fd31a501cb24d235ef2

memory/5704-3283-0x0000028659D30000-0x0000028659D6E000-memory.dmp

memory/5704-3284-0x00007FF848F10000-0x00007FF849105000-memory.dmp

memory/5704-3285-0x00007FF848CF0000-0x00007FF848DAE000-memory.dmp

memory/5156-3286-0x0000000140000000-0x0000000140040000-memory.dmp

memory/5156-3287-0x0000000140000000-0x0000000140040000-memory.dmp

memory/5156-3288-0x00007FF848F10000-0x00007FF849105000-memory.dmp

memory/5156-3289-0x00007FF848CF0000-0x00007FF848DAE000-memory.dmp

memory/5156-3290-0x0000000140000000-0x0000000140040000-memory.dmp

memory/672-3295-0x000001824C720000-0x000001824C74A000-memory.dmp

memory/672-3298-0x00007FF808F90000-0x00007FF808FA0000-memory.dmp

memory/64-3302-0x000001F46F200000-0x000001F46F22A000-memory.dmp

memory/612-3296-0x00007FF808F90000-0x00007FF808FA0000-memory.dmp

memory/612-3294-0x0000020E2B380000-0x0000020E2B3AA000-memory.dmp

memory/612-3292-0x0000020E2B350000-0x0000020E2B373000-memory.dmp

memory/64-3303-0x00007FF808F90000-0x00007FF808FA0000-memory.dmp