Analysis

  • max time kernel
    211s
  • max time network
    213s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    30-11-2024 06:42

General

  • Target

    Bootstrapper.exe

  • Size

    800KB

  • MD5

    02c70d9d6696950c198db93b7f6a835e

  • SHA1

    30231a467a49cc37768eea0f55f4bea1cbfb48e2

  • SHA256

    8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

  • SHA512

    431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb

  • SSDEEP

    12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 15 IoCs
  • Themida packer 16 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Blocklisted process makes network request 2 IoCs
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 21 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Gathers network information 2 TTPs 3 IoCs

    Uses commandline utility to view network configuration.

  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 30 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 41 IoCs
  • cURL User-Agent 12 IoCs

    Uses User-Agent string associated with cURL utility.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
    "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1864
    • C:\Windows\SYSTEM32\cmd.exe
      "cmd" /c ipconfig /all
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2164
      • C:\Windows\system32\ipconfig.exe
        ipconfig /all
        3⤵
        • Gathers network information
        PID:2688
    • C:\Windows\System32\msiexec.exe
      "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:5028
    • C:\ProgramData\Solara\Solara.exe
      "C:\ProgramData\Solara\Solara.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4832
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1800
    • C:\Windows\System32\MsiExec.exe
      C:\Windows\System32\MsiExec.exe -Embedding 001449F523DFF1C7EB71473432AAFD8D
      2⤵
      • Loads dropped DLL
      PID:3560
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding C7C7B6CC2E8089DA58C4B057B8205F2F
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2252
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 390AB7006F29747504CEDFE73F48DFFA E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3308
      • C:\Windows\SysWOW64\wevtutil.exe
        "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4732
        • C:\Windows\System32\wevtutil.exe
          "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:5044
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1996
    • C:\Users\Admin\Desktop\dwadddaw\Bootstrapper.exe
      "C:\Users\Admin\Desktop\dwadddaw\Bootstrapper.exe"
      1⤵
      • Checks computer location settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3912
      • C:\Windows\SYSTEM32\cmd.exe
        "cmd" /c ipconfig /all
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:4444
        • C:\Windows\system32\ipconfig.exe
          ipconfig /all
          3⤵
          • Gathers network information
          PID:4824
      • C:\Program Files\nodejs\node.exe
        "node" -v
        2⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:4272
      • C:\ProgramData\Solara\Solara.exe
        "C:\ProgramData\Solara\Solara.exe"
        2⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2728
        • C:\Program Files\nodejs\node.exe
          "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 791baf7872ef4949
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:1680
    • C:\Users\Admin\Desktop\dwadddaw\Bootstrapper.exe
      "C:\Users\Admin\Desktop\dwadddaw\Bootstrapper.exe"
      1⤵
      • Checks computer location settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4040
      • C:\Windows\SYSTEM32\cmd.exe
        "cmd" /c ipconfig /all
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2216
        • C:\Windows\system32\ipconfig.exe
          ipconfig /all
          3⤵
          • Gathers network information
          PID:1168
      • C:\Program Files\nodejs\node.exe
        "node" -v
        2⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:192
      • C:\ProgramData\Solara\Solara.exe
        "C:\ProgramData\Solara\Solara.exe"
        2⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4484
        • C:\Program Files\nodejs\node.exe
          "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 368247a1e9164c5a
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:1936

    Network

    • flag-us
      DNS
      13.86.106.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.86.106.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      getsolara.dev
      Solara.exe
      Remote address:
      8.8.8.8:53
      Request
      getsolara.dev
      IN A
      Response
      getsolara.dev
      IN A
      104.21.93.27
      getsolara.dev
      IN A
      172.67.203.125
    • flag-us
      GET
      https://getsolara.dev/asset/discord.json
      Bootstrapper.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /asset/discord.json HTTP/1.1
      Host: getsolara.dev
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:42:43 GMT
      Content-Type: application/json
      Transfer-Encoding: chunked
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: W/"7d966f73b6ce74a610dddaf0d0951ed8"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qFLI3IJVo%2Bb4nslQwwByJM4T%2F1REIuTUOqey7wKUDsBbc%2F%2BI9Tg4JokC5L0dk5m9YCxRiGm2xtgRIc0D%2BZDyrlpzlzFq6kr1%2FVcBQ%2Fk2aY9nxVWxN7lgMahv7xcjAi9Y"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8dbec5a00417f-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=61244&min_rtt=53945&rtt_var=18808&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2973&recv_bytes=378&delivery_rate=75327&cwnd=215&unsent_bytes=0&cid=332ee882ad30c7b4&ts=146&x=0"
    • flag-us
      GET
      https://getsolara.dev/api/endpoint.json
      Bootstrapper.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /api/endpoint.json HTTP/1.1
      Host: getsolara.dev
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:42:45 GMT
      Content-Type: application/json
      Transfer-Encoding: chunked
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: W/"94670152d340e6e41e0e564b886ac5d4"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CiDJqo9eUFWFutmn%2BQFF8fuNd2hr%2BTTGp1VADiGuAJZ6vsSEqKjnc3DXsYUXOmHCAtJCbRxFFKGFRm7p7WObeyeYvxqdyiroX%2Bzel589ngIxKmt84g1JZKt%2FzW5LWD4H"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8dbf9ecee417f-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=59589&min_rtt=47934&rtt_var=17417&sent=7&recv=8&lost=0&retrans=0&sent_bytes=4204&recv_bytes=463&delivery_rate=75327&cwnd=217&unsent_bytes=0&cid=332ee882ad30c7b4&ts=2303&x=0"
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      67.31.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      67.31.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      27.93.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      27.93.21.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      clientsettings.roblox.com
      Solara.exe
      Remote address:
      8.8.8.8:53
      Request
      clientsettings.roblox.com
      IN A
      Response
      clientsettings.roblox.com
      IN CNAME
      titanium.roblox.com
      titanium.roblox.com
      IN CNAME
      edge-term4.roblox.com
      edge-term4.roblox.com
      IN CNAME
      edge-term4-ams2.roblox.com
      edge-term4-ams2.roblox.com
      IN A
      128.116.21.4
    • flag-nl
      GET
      https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
      Bootstrapper.exe
      Remote address:
      128.116.21.4:443
      Request
      GET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
      Host: clientsettings.roblox.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      content-length: 119
      content-type: application/json; charset=utf-8
      date: Sat, 30 Nov 2024 06:42:45 GMT
      server: Kestrel
      cache-control: no-cache
      strict-transport-security: max-age=3600
      x-frame-options: SAMEORIGIN
      roblox-machine-id: bc36554b-9b05-d3dc-9281-aec7e7041c24
      x-roblox-region: us-central_rbx
      x-roblox-edge: ams2
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
    • flag-us
      DNS
      4.21.116.128.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      4.21.116.128.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      www.nodejs.org
      Bootstrapper.exe
      Remote address:
      8.8.8.8:53
      Request
      www.nodejs.org
      IN A
      Response
      www.nodejs.org
      IN A
      104.20.22.46
      www.nodejs.org
      IN A
      104.20.23.46
    • flag-us
      GET
      https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
      Bootstrapper.exe
      Remote address:
      104.20.22.46:443
      Request
      GET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1
      Host: www.nodejs.org
      Connection: Keep-Alive
      Response
      HTTP/1.1 307 Temporary Redirect
      Date: Sat, 30 Nov 2024 06:42:48 GMT
      Content-Type: text/plain
      Transfer-Encoding: chunked
      Connection: keep-alive
      Cache-Control: public, max-age=0, must-revalidate
      location: https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      x-vercel-id: lhr1::c28rs-1732948968262-4b44d5adad6f
      CF-Cache-Status: DYNAMIC
      X-Content-Type-Options: nosniff
      Server: cloudflare
      CF-RAY: 8ea8dc09b94494eb-LHR
    • flag-us
      DNS
      nodejs.org
      Bootstrapper.exe
      Remote address:
      8.8.8.8:53
      Request
      nodejs.org
      IN A
      Response
      nodejs.org
      IN A
      104.20.23.46
      nodejs.org
      IN A
      104.20.22.46
    • flag-us
      GET
      https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
      Bootstrapper.exe
      Remote address:
      104.20.23.46:443
      Request
      GET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1
      Host: nodejs.org
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:42:48 GMT
      Content-Type: application/x-msi
      Content-Length: 31539200
      Connection: keep-alive
      Cache-Control: public, max-age=3600, s-maxage=14400
      ETag: "0e4e9aa41d24221b29b19ba96c1a64d0"
      Last-Modified: Wed, 12 Apr 2023 04:13:37 GMT
      accept-range: bytes
      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
      X-Content-Type-Options: nosniff
      Server: cloudflare
      CF-RAY: 8ea8dc0d4a43419b-LHR
    • flag-us
      DNS
      46.22.20.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      46.22.20.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      46.22.20.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      46.22.20.104.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      46.23.20.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      46.23.20.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      97.17.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.17.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      23.149.64.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.149.64.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      8049c006.solaraweb-alj.pages.dev
      Bootstrapper.exe
      Remote address:
      8.8.8.8:53
      Request
      8049c006.solaraweb-alj.pages.dev
      IN A
      Response
      8049c006.solaraweb-alj.pages.dev
      IN A
      172.66.44.59
      8049c006.solaraweb-alj.pages.dev
      IN A
      172.66.47.197
    • flag-us
      GET
      https://8049c006.solaraweb-alj.pages.dev/download/static/files/Solara.Dir.zip
      Bootstrapper.exe
      Remote address:
      172.66.44.59:443
      Request
      GET /download/static/files/Solara.Dir.zip HTTP/1.1
      Host: 8049c006.solaraweb-alj.pages.dev
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:43:10 GMT
      Content-Type: application/zip
      Content-Length: 11038114
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: "fd8de623471c9004d6d0fb765b323c63"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      x-robots-tag: noindex
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jaObvt4IZjobFHYd7nl3oj3gAq91aIub3n%2FEfB393vJ%2FdlbYlPU76T7GgNbrAZDbf058kAVQFrONTRa6BtATnIydmDrSuf5RO7a7O8ise8a87FBlarVBqxJjQ2SbIbuOu4%2FKpU1FJ7G9MdB1whvlTaqcJw%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8ea8dc98288f6400-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=47970&min_rtt=47000&rtt_var=11267&sent=6&recv=6&lost=0&retrans=0&sent_bytes=3022&recv_bytes=434&delivery_rate=82151&cwnd=253&unsent_bytes=0&cid=cdc8d8a7a6779115&ts=177&x=0"
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      59.44.66.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      59.44.66.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      59.44.66.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      59.44.66.172.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      pastebin.com
      Solara.exe
      Remote address:
      8.8.8.8:53
      Request
      pastebin.com
      IN A
      Response
      pastebin.com
      IN A
      104.20.3.235
      pastebin.com
      IN A
      172.67.19.24
      pastebin.com
      IN A
      104.20.4.235
    • flag-us
      GET
      https://pastebin.com/raw/pjseRvyK
      Solara.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/pjseRvyK HTTP/1.1
      Host: pastebin.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:43:13 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 1167
      Last-Modified: Sat, 30 Nov 2024 06:23:46 GMT
      Server: cloudflare
      CF-RAY: 8ea8dcaaec289547-LHR
    • flag-nl
      GET
      https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
      Solara.exe
      Remote address:
      128.116.21.4:443
      Request
      GET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
      Host: clientsettings.roblox.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      content-length: 119
      content-type: application/json; charset=utf-8
      date: Sat, 30 Nov 2024 06:43:14 GMT
      server: Kestrel
      cache-control: no-cache
      strict-transport-security: max-age=3600
      x-frame-options: SAMEORIGIN
      roblox-machine-id: c9f5f144-3ac7-534b-6ffd-8b7dd5c43abd
      x-roblox-region: us-central_rbx
      x-roblox-edge: ams2
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
    • flag-us
      DNS
      235.3.20.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      235.3.20.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.210.23.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.210.23.2.in-addr.arpa
      IN PTR
      Response
      88.210.23.2.in-addr.arpa
      IN PTR
      a2-23-210-88deploystaticakamaitechnologiescom
    • flag-us
      DNS
      19.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      19.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.229.111.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      checkappexec.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      checkappexec.microsoft.com
      IN A
      Response
      checkappexec.microsoft.com
      IN CNAME
      prod-atm-wds-apprep.trafficmanager.net
      prod-atm-wds-apprep.trafficmanager.net
      IN CNAME
      prod-agic-us-3.uksouth.cloudapp.azure.com
      prod-agic-us-3.uksouth.cloudapp.azure.com
      IN A
      172.165.61.93
    • flag-gb
      POST
      https://checkappexec.microsoft.com/windows/shell/actions
      Remote address:
      172.165.61.93:443
      Request
      POST /windows/shell/actions HTTP/2.0
      host: checkappexec.microsoft.com
      accept-encoding: gzip, deflate
      user-agent: SmartScreen/2814751014982010
      authorization: SmartScreenHash eyJhdXRoSWQiOiJhZGZmZjVhZC1lZjllLTQzYTYtYjFhMy0yYWQ0MjY3YWVlZDUiLCJoYXNoIjoiN2lmUC8wUm52MUE9Iiwia2V5IjoiMEYwUlRJWXNVZWU0S0ZVT0pzMDdCUT09In0=
      content-length: 1162
      content-type: application/json; charset=utf-8
      cache-control: no-cache
      Response
      HTTP/2.0 200
      date: Sat, 30 Nov 2024 06:44:57 GMT
      content-type: application/json; charset=utf-8
      content-length: 183
      server: Kestrel
      cache-control: max-age=0, private
      request-context: appId=cid-v1:7f05e9f0-1fe6-401c-8ae7-2478e40e2f1e
    • flag-us
      DNS
      2.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      93.61.165.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      93.61.165.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      GET
      https://getsolara.dev/asset/discord.json
      Bootstrapper.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /asset/discord.json HTTP/1.1
      Host: getsolara.dev
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:44:59 GMT
      Content-Type: application/json
      Transfer-Encoding: chunked
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: W/"7d966f73b6ce74a610dddaf0d0951ed8"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SkhTHpQRQL75JZj6JYrCju9vFbUUzNmCSbgumHHhht6Brpfhf4UI5%2FYyW%2BJekDWgrMMydTiP3DtFWAqp41coh7OrQzFq0IADqjj7DiVq%2B6F7hdXcVkEe30hLjEdSu%2BR3"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8df3e6c697198-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=49307&min_rtt=47730&rtt_var=13030&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2974&recv_bytes=378&delivery_rate=80435&cwnd=238&unsent_bytes=0&cid=64cedc66e10848cc&ts=142&x=0"
    • flag-us
      GET
      https://getsolara.dev/api/endpoint.json
      Bootstrapper.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /api/endpoint.json HTTP/1.1
      Host: getsolara.dev
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:45:01 GMT
      Content-Type: application/json
      Transfer-Encoding: chunked
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: W/"94670152d340e6e41e0e564b886ac5d4"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZI%2FQA1fc6xsHSM3dxl1yzmOoWc%2Fe25AMbnq%2B2UXsCOMkI3sKuS8Rt4Zq8QYGJNT8vFv6t%2FKG%2Fm64ABCgIxRTxzbp0hWw1faERNwKiOqUBBVRjRElBI%2BlblTnXYSUiRGO"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8df4bbc787198-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=49441&min_rtt=47730&rtt_var=10041&sent=7&recv=8&lost=0&retrans=0&sent_bytes=4199&recv_bytes=463&delivery_rate=80435&cwnd=240&unsent_bytes=0&cid=64cedc66e10848cc&ts=2277&x=0"
    • flag-nl
      GET
      https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
      Bootstrapper.exe
      Remote address:
      128.116.21.4:443
      Request
      GET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
      Host: clientsettings.roblox.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      content-length: 119
      content-type: application/json; charset=utf-8
      date: Sat, 30 Nov 2024 06:45:01 GMT
      server: Kestrel
      cache-control: no-cache
      strict-transport-security: max-age=3600
      x-frame-options: SAMEORIGIN
      roblox-machine-id: d5cfde8c-e67b-7b3d-5198-b0e6d3b18785
      x-roblox-region: us-central_rbx
      x-roblox-edge: ams2
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
    • flag-us
      GET
      https://pastebin.com/raw/pjseRvyK
      Solara.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/pjseRvyK HTTP/1.1
      Host: pastebin.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:45:05 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 1279
      Last-Modified: Sat, 30 Nov 2024 06:23:46 GMT
      Server: cloudflare
      CF-RAY: 8ea8df62b8567691-LHR
    • flag-nl
      GET
      https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
      Solara.exe
      Remote address:
      128.116.21.4:443
      Request
      GET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
      Host: clientsettings.roblox.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      content-length: 119
      content-type: application/json; charset=utf-8
      date: Sat, 30 Nov 2024 06:45:05 GMT
      server: Kestrel
      cache-control: no-cache
      strict-transport-security: max-age=3600
      x-frame-options: SAMEORIGIN
      roblox-machine-id: db4946b9-517c-7537-12e3-010c4a5e7229
      x-roblox-region: us-central_rbx
      x-roblox-edge: ams2
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
    • flag-us
      GET
      https://getsolara.dev/asset/Cheers
      Solara.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /asset/Cheers HTTP/1.1
      Host: getsolara.dev
      User-Agent: curl/8.9.1-DEV
      Accept: */*
      Accept-Encoding: deflate, gzip
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:45:07 GMT
      Content-Type: application/octet-stream
      Content-Length: 364
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: "19fbed4a27bd3755bc536005047ef7c0"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LEYunVnoLWF6I7TDN0kK%2B0PWGgOwssDqvYUW9WlhfPW6wnol4anSEa%2F%2Fl9Z0PaZmk08lmWh%2Bo1XEcC6v5ZoHLvWWcxE%2F5QdiRiD0DssPJANYRXYjrGfhYC8hp61%2FEkj3"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8df6eda4bcd57-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=85584&min_rtt=57815&rtt_var=67303&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3284&recv_bytes=445&delivery_rate=46942&cwnd=253&unsent_bytes=0&cid=712139cc2a791812&ts=444&x=0"
    • flag-us
      DNS
      c.pki.goog
      Remote address:
      8.8.8.8:53
      Request
      c.pki.goog
      IN A
      Response
      c.pki.goog
      IN CNAME
      pki-goog.l.google.com
      pki-goog.l.google.com
      IN A
      142.250.200.3
    • flag-gb
      GET
      http://c.pki.goog/r/gsr1.crl
      Remote address:
      142.250.200.3:80
      Request
      GET /r/gsr1.crl HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Microsoft-CryptoAPI/10.0
      Host: c.pki.goog
      Response
      HTTP/1.1 200 OK
      Accept-Ranges: bytes
      Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
      Cross-Origin-Resource-Policy: cross-origin
      Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
      Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
      Content-Length: 1739
      X-Content-Type-Options: nosniff
      Server: sffe
      X-XSS-Protection: 0
      Date: Sat, 30 Nov 2024 06:20:25 GMT
      Expires: Sat, 30 Nov 2024 07:10:25 GMT
      Cache-Control: public, max-age=3000
      Age: 1481
      Last-Modified: Mon, 07 Oct 2024 07:18:00 GMT
      Content-Type: application/pkix-crl
      Vary: Accept-Encoding
    • flag-gb
      GET
      http://c.pki.goog/r/r4.crl
      Remote address:
      142.250.200.3:80
      Request
      GET /r/r4.crl HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Microsoft-CryptoAPI/10.0
      Host: c.pki.goog
      Response
      HTTP/1.1 200 OK
      Accept-Ranges: bytes
      Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
      Cross-Origin-Resource-Policy: cross-origin
      Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
      Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
      Content-Length: 436
      X-Content-Type-Options: nosniff
      Server: sffe
      X-XSS-Protection: 0
      Date: Sat, 30 Nov 2024 06:20:37 GMT
      Expires: Sat, 30 Nov 2024 07:10:37 GMT
      Cache-Control: public, max-age=3000
      Age: 1469
      Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
      Content-Type: application/pkix-crl
      Vary: Accept-Encoding
    • flag-us
      GET
      https://getsolara.dev/asset/Cheers
      Solara.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /asset/Cheers HTTP/1.1
      Host: getsolara.dev
      User-Agent: curl/8.9.1-DEV
      Accept: */*
      Accept-Encoding: deflate, gzip
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:45:07 GMT
      Content-Type: application/octet-stream
      Content-Length: 364
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: "19fbed4a27bd3755bc536005047ef7c0"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h2Vsdjj9QPXktaJVST3Y3cjtJjlVNAKYXQz%2Fe2XQKp6C9M7t%2FjlfUJoFZ17uzEqarOa7X6DD3J9W6zQ%2F4mSxgfa3a8gv0DtwMjwc7g2TVFPNYDebYuGYlMvPTcdLmqw4"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8df70999b77b1-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=55519&min_rtt=48235&rtt_var=18686&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3282&recv_bytes=445&delivery_rate=57671&cwnd=249&unsent_bytes=0&cid=7c58b10ad3980c77&ts=157&x=0"
    • flag-us
      GET
      https://getsolara.dev/asset/Palatable
      Solara.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /asset/Palatable HTTP/1.1
      Host: getsolara.dev
      User-Agent: curl/8.9.1-DEV
      Accept: */*
      Accept-Encoding: deflate, gzip
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:45:08 GMT
      Content-Type: application/octet-stream
      Content-Length: 1408
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: "38096245279947c08a45acff0093b7b7"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9AETQ7TIlYwfa0u4PsJi8G6NgzR8Hq9i%2BgFwAaoGme7GsBqz%2F2wgdstcVPj58BU11w0F0CXT9PLpH1wDgU55eFlzUfbSc2XDX8SMlwuaoa684NrVwjBMoPJ8CNJ7S9yc"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8df787f2d9557-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=48271&min_rtt=47750&rtt_var=13951&sent=5&recv=6&lost=0&retrans=1&sent_bytes=3284&recv_bytes=448&delivery_rate=82202&cwnd=239&unsent_bytes=0&cid=bd2e40c9eb5bb765&ts=141&x=0"
    • flag-us
      DNS
      3.200.250.142.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      3.200.250.142.in-addr.arpa
      IN PTR
      Response
      3.200.250.142.in-addr.arpa
      IN PTR
      lhr48s29-in-f31e100net
    • flag-us
      GET
      https://getsolara.dev/asset/Palatable
      Solara.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /asset/Palatable HTTP/1.1
      Host: getsolara.dev
      User-Agent: curl/8.9.1-DEV
      Accept: */*
      Accept-Encoding: deflate, gzip
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:45:08 GMT
      Content-Type: application/octet-stream
      Content-Length: 1408
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: "38096245279947c08a45acff0093b7b7"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CJq0TvedveDK%2BGEzJ6jiPkc1o4fJDw2txmOb2hjE4%2B7GOQCgvQsazcC7rbTeGbbCCFhVZuLOYG6PyKZX5%2BCK9%2Fkw814SdyZvxcyeQuFW2bTPTwFsEtxoCfzI0vkoUB0i"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8df7a5c866f19-CDG
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=57372&min_rtt=55111&rtt_var=14875&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3283&recv_bytes=448&delivery_rate=58498&cwnd=254&unsent_bytes=0&cid=2255a9454df3a301&ts=166&x=0"
    • flag-us
      GET
      https://getsolara.dev/asset/DelectableFruits
      Solara.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /asset/DelectableFruits HTTP/1.1
      Host: getsolara.dev
      User-Agent: curl/8.9.1-DEV
      Accept: */*
      Accept-Encoding: deflate, gzip
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:45:09 GMT
      Content-Type: application/octet-stream
      Content-Length: 132824
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: "c105d69eb296abc3b0078577647e1da1"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JWCumkn3h8wJ0nb0UJo0C0gWsvvCzcWBXVyl1S0ZguIoiEMQR%2Fw9jpL%2B0%2FJHk%2BGL3tWhe7kZYMvBA5DqbPpxkbB5TlVzA7NiySZMOKbbx%2B0ocoXg44HpW2gXcwy28VfJ"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8df7c2c741e7d-AMS
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=57894&min_rtt=57370&rtt_var=12824&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3283&recv_bytes=455&delivery_rate=69421&cwnd=253&unsent_bytes=0&cid=72cedcd0073cc65b&ts=150&x=0"
    • flag-us
      GET
      https://getsolara.dev/api/endpoint.json
      Solara.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /api/endpoint.json HTTP/1.1
      Host: getsolara.dev
      User-Agent: curl/8.9.1-DEV
      Accept: */*
      Accept-Encoding: deflate, gzip
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:45:09 GMT
      Content-Type: application/json
      Transfer-Encoding: chunked
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: W/"94670152d340e6e41e0e564b886ac5d4"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WmzqiBr5pEayxkrnBBeOwR5pNr3Jwd7Tw4%2FKW1QP3euRlpjD77KCy4UWdqPsBPYTGT3bQXsEdhYoCkCTawpWazSIBoA4gT660V68pQAcH15RDxY3v1wECRqbAgDORGMf"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      Content-Encoding: gzip
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8df7dfe849485-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=47633&min_rtt=47244&rtt_var=14017&sent=6&recv=7&lost=0&retrans=1&sent_bytes=3540&recv_bytes=450&delivery_rate=81955&cwnd=254&unsent_bytes=0&cid=f4c1b28bdca9cb94&ts=455&x=0"
    • flag-us
      GET
      https://getsolara.dev/asset/discord.json
      Bootstrapper.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /asset/discord.json HTTP/1.1
      Host: getsolara.dev
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:45:11 GMT
      Content-Type: application/json
      Transfer-Encoding: chunked
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: W/"7d966f73b6ce74a610dddaf0d0951ed8"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hkYbhcTK9KXbRAvuY6%2Bpkuk%2BE7xTkCQuD03g5drR8HP7GRX5HyD9lC%2BU6hzCJIX3IKDNP2TsgzBO9FfeiRA9qgwoGazFoA79LRpKNxKk0R%2FHfQgeFWXT7RuRkprjnVeu"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8df8a98c2e911-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=55039&min_rtt=47107&rtt_var=24211&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2973&recv_bytes=378&delivery_rate=84261&cwnd=253&unsent_bytes=0&cid=52178b72771bd1d3&ts=178&x=0"
    • flag-us
      GET
      https://getsolara.dev/api/endpoint.json
      Bootstrapper.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /api/endpoint.json HTTP/1.1
      Host: getsolara.dev
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:45:11 GMT
      Content-Type: application/json
      Transfer-Encoding: chunked
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: W/"94670152d340e6e41e0e564b886ac5d4"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BoU0%2BIjAw%2BW7KNsjwTi3o0CQ66tTX8CmpWH%2F82vA6UbHAF0r12iukgA8CguFLu%2B9XWELhIBgDT18jPnDrE8Wxujkp5aCDFGQgMM6kq7eaoICRuRZrWIdSTgAM5a%2F41et"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8df8b19dbe911-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=54064&min_rtt=47107&rtt_var=20108&sent=7&recv=8&lost=0&retrans=0&sent_bytes=4198&recv_bytes=463&delivery_rate=84261&cwnd=255&unsent_bytes=0&cid=52178b72771bd1d3&ts=246&x=0"
    • flag-nl
      GET
      https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
      Bootstrapper.exe
      Remote address:
      128.116.21.4:443
      Request
      GET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
      Host: clientsettings.roblox.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      content-length: 119
      content-type: application/json; charset=utf-8
      date: Sat, 30 Nov 2024 06:45:11 GMT
      server: Kestrel
      cache-control: no-cache
      strict-transport-security: max-age=3600
      x-frame-options: SAMEORIGIN
      roblox-machine-id: 19b2b21c-55de-f7cd-ba65-1b7496602dba
      x-roblox-region: us-central_rbx
      x-roblox-edge: ams2
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
    • flag-us
      GET
      https://pastebin.com/raw/pjseRvyK
      Solara.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/pjseRvyK HTTP/1.1
      Host: pastebin.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:45:14 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 1288
      Last-Modified: Sat, 30 Nov 2024 06:23:46 GMT
      Server: cloudflare
      CF-RAY: 8ea8df9fadb663e3-LHR
    • flag-nl
      GET
      https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
      Solara.exe
      Remote address:
      128.116.21.4:443
      Request
      GET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
      Host: clientsettings.roblox.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      content-length: 119
      content-type: application/json; charset=utf-8
      date: Sat, 30 Nov 2024 06:45:14 GMT
      server: Kestrel
      cache-control: no-cache
      strict-transport-security: max-age=3600
      x-frame-options: SAMEORIGIN
      roblox-machine-id: 80752a3a-9c0b-3568-5b54-c41b8057693f
      x-roblox-region: us-central_rbx
      x-roblox-edge: ams2
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
    • flag-us
      GET
      https://getsolara.dev/asset/Cheers
      Solara.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /asset/Cheers HTTP/1.1
      Host: getsolara.dev
      User-Agent: curl/8.9.1-DEV
      Accept: */*
      Accept-Encoding: deflate, gzip
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:45:16 GMT
      Content-Type: application/octet-stream
      Content-Length: 364
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: "19fbed4a27bd3755bc536005047ef7c0"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Gx9AX4%2BftJg5xWgxIhdhHlPxi%2BPqF1%2BNwKpNV0JBXhhPzitxUAZ%2FWSvqz2n50nmtjxkv8cGj%2FfyKahYm0YPuDKV1V8GoatqEWF4i0bDAkYHsMNZvIdzdNDzNlBhDj6Q"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8dfa75d75385e-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=53303&min_rtt=47568&rtt_var=14018&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3283&recv_bytes=445&delivery_rate=78127&cwnd=241&unsent_bytes=0&cid=1b51c269a027a862&ts=139&x=0"
    • flag-us
      GET
      https://getsolara.dev/asset/Cheers
      Solara.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /asset/Cheers HTTP/1.1
      Host: getsolara.dev
      User-Agent: curl/8.9.1-DEV
      Accept: */*
      Accept-Encoding: deflate, gzip
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:45:16 GMT
      Content-Type: application/octet-stream
      Content-Length: 364
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: "19fbed4a27bd3755bc536005047ef7c0"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lSO3CZrBAK0wcLABy%2BYDPN12qIrOm91ci5Qr3WFXTFwJrRiShFJ0PJkCUwdCAtyODBCRdtkgghbQBlJPnYhmHkunl0WmVPqYJgy3EPpWp6C6ZwLVTJPD%2FY9U4MnjU6nP"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8dfa90c6c6437-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=50203&min_rtt=48477&rtt_var=11252&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3283&recv_bytes=445&delivery_rate=81260&cwnd=240&unsent_bytes=0&cid=8d7122d3082f47e7&ts=132&x=0"
    • flag-us
      GET
      https://getsolara.dev/asset/Palatable
      Solara.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /asset/Palatable HTTP/1.1
      Host: getsolara.dev
      User-Agent: curl/8.9.1-DEV
      Accept: */*
      Accept-Encoding: deflate, gzip
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:45:16 GMT
      Content-Type: application/octet-stream
      Content-Length: 1408
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: "38096245279947c08a45acff0093b7b7"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vuSTpIc2aOEYKD8VexRkanUumiW04rODC%2FCSsO8ruwfvOi2f%2FLL7FS1w3sm7dDJFpbyEMwmE8PxTYHkTPouk1ygOxmAWZCMPvY%2FA7SWEzFmJk%2BdEJd0fTmBXZeqxdjTY"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8dfaacda199e1-CDG
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=60514&min_rtt=55760&rtt_var=15783&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3283&recv_bytes=448&delivery_rate=68730&cwnd=253&unsent_bytes=0&cid=1b779a153a0e6a14&ts=157&x=0"
    • flag-us
      GET
      https://getsolara.dev/asset/Palatable
      Solara.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /asset/Palatable HTTP/1.1
      Host: getsolara.dev
      User-Agent: curl/8.9.1-DEV
      Accept: */*
      Accept-Encoding: deflate, gzip
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:45:16 GMT
      Content-Type: application/octet-stream
      Content-Length: 1408
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: "38096245279947c08a45acff0093b7b7"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uc8jnPnJ1v%2F%2BwydtT%2Bmjsbv5hHFrl7AFaRHpMv3ELwpOW5XRL6DFXasWW6Yem5LxdmOirTcP%2BrL6bQUtVExQAzjZb2DdVg9qs4W60wvHCAFALQhfuWThu4BxcSNV5hzo"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8dfac79ce94aa-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=51890&min_rtt=47500&rtt_var=17279&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3283&recv_bytes=448&delivery_rate=71583&cwnd=247&unsent_bytes=0&cid=daaa65db4d7f60b8&ts=164&x=0"
    • flag-us
      GET
      https://getsolara.dev/asset/DelectableFruits
      Solara.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /asset/DelectableFruits HTTP/1.1
      Host: getsolara.dev
      User-Agent: curl/8.9.1-DEV
      Accept: */*
      Accept-Encoding: deflate, gzip
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:45:17 GMT
      Content-Type: application/octet-stream
      Content-Length: 132824
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: "c105d69eb296abc3b0078577647e1da1"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YxSANyK9xFNl2%2BMNpysxBYY1n3DscgNQLRyhgfMkwbgoyy8Vux4ZHW4%2BB%2BDJDw2hi7iC6FIhMXKHQEhkTiVecVGe1vXuUwt0K%2FghPWcmxIAoxY6uatJcjRzLIE7uRLO2"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8dfae5cc1e90a-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=51521&min_rtt=48837&rtt_var=14807&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3283&recv_bytes=455&delivery_rate=75185&cwnd=253&unsent_bytes=0&cid=218235946b882f5b&ts=142&x=0"
    • flag-us
      GET
      https://getsolara.dev/api/endpoint.json
      Solara.exe
      Remote address:
      104.21.93.27:443
      Request
      GET /api/endpoint.json HTTP/1.1
      Host: getsolara.dev
      User-Agent: curl/8.9.1-DEV
      Accept: */*
      Accept-Encoding: deflate, gzip
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Nov 2024 06:45:17 GMT
      Content-Type: application/json
      Transfer-Encoding: chunked
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Cache-Control: public, max-age=0, must-revalidate
      ETag: W/"94670152d340e6e41e0e564b886ac5d4"
      referrer-policy: strict-origin-when-cross-origin
      x-content-type-options: nosniff
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4VhYzLFAD1fuOBUX%2FinhH%2FruOdegySyCejKTwU7uV2dXtq42d0UWU7c%2BYq1OVB7zRwozQkhhc3hVNxCMgcSRlMJsBy3ooyLj7ueLECQ0BySUKPtxVM5E0wVPejYoor89"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      Content-Encoding: gzip
      CF-Cache-Status: DYNAMIC
      Strict-Transport-Security: max-age=0
      Server: cloudflare
      CF-RAY: 8ea8dfae5e9ebe9a-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=55369&min_rtt=48280&rtt_var=21724&sent=5&recv=6&lost=0&retrans=0&sent_bytes=3283&recv_bytes=450&delivery_rate=63207&cwnd=250&unsent_bytes=0&cid=05a5ec42cdcab83f&ts=175&x=0"
    • 104.21.93.27:443
      https://getsolara.dev/api/endpoint.json
      tls, http
      Bootstrapper.exe
      951 B
      6.3kB
      11
      11

      HTTP Request

      GET https://getsolara.dev/asset/discord.json

      HTTP Response

      200

      HTTP Request

      GET https://getsolara.dev/api/endpoint.json

      HTTP Response

      200
    • 127.0.0.1:6463
      Bootstrapper.exe
    • 128.116.21.4:443
      https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
      tls, http
      Bootstrapper.exe
      830 B
      6.5kB
      9
      9

      HTTP Request

      GET https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live

      HTTP Response

      200
    • 104.20.22.46:443
      https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
      tls, http
      Bootstrapper.exe
      799 B
      6.8kB
      9
      11

      HTTP Request

      GET https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi

      HTTP Response

      307
    • 104.20.23.46:443
      https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
      tls, http
      Bootstrapper.exe
      1.4MB
      36.2MB
      21401
      25925

      HTTP Request

      GET https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi

      HTTP Response

      200
    • 172.66.44.59:443
      https://8049c006.solaraweb-alj.pages.dev/download/static/files/Solara.Dir.zip
      tls, http
      Bootstrapper.exe
      299.6kB
      11.4MB
      5305
      8175

      HTTP Request

      GET https://8049c006.solaraweb-alj.pages.dev/download/static/files/Solara.Dir.zip

      HTTP Response

      200
    • 104.20.3.235:443
      https://pastebin.com/raw/pjseRvyK
      tls, http
      Solara.exe
      726 B
      4.3kB
      8
      8

      HTTP Request

      GET https://pastebin.com/raw/pjseRvyK

      HTTP Response

      200
    • 128.116.21.4:443
      https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
      tls, http
      Solara.exe
      830 B
      6.5kB
      9
      9

      HTTP Request

      GET https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live

      HTTP Response

      200
    • 172.165.61.93:443
      https://checkappexec.microsoft.com/windows/shell/actions
      tls, http2
      2.9kB
      9.5kB
      21
      16

      HTTP Request

      POST https://checkappexec.microsoft.com/windows/shell/actions

      HTTP Response

      200
    • 104.21.93.27:443
      https://getsolara.dev/api/endpoint.json
      tls, http
      Bootstrapper.exe
      951 B
      6.4kB
      11
      12

      HTTP Request

      GET https://getsolara.dev/asset/discord.json

      HTTP Response

      200

      HTTP Request

      GET https://getsolara.dev/api/endpoint.json

      HTTP Response

      200
    • 127.0.0.1:6463
      Bootstrapper.exe
    • 128.116.21.4:443
      https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
      tls, http
      Bootstrapper.exe
      830 B
      6.5kB
      9
      9

      HTTP Request

      GET https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live

      HTTP Response

      200
    • 104.20.3.235:443
      https://pastebin.com/raw/pjseRvyK
      tls, http
      Solara.exe
      726 B
      4.3kB
      8
      8

      HTTP Request

      GET https://pastebin.com/raw/pjseRvyK

      HTTP Response

      200
    • 128.116.21.4:443
      https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
      tls, http
      Solara.exe
      830 B
      6.5kB
      9
      9

      HTTP Request

      GET https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live

      HTTP Response

      200
    • 104.21.93.27:443
      https://getsolara.dev/asset/Cheers
      tls, http
      Solara.exe
      1.1kB
      5.3kB
      13
      13

      HTTP Request

      GET https://getsolara.dev/asset/Cheers

      HTTP Response

      200
    • 142.250.200.3:80
      http://c.pki.goog/r/r4.crl
      http
      602 B
      3.9kB
      8
      6

      HTTP Request

      GET http://c.pki.goog/r/gsr1.crl

      HTTP Response

      200

      HTTP Request

      GET http://c.pki.goog/r/r4.crl

      HTTP Response

      200
    • 104.21.93.27:443
      https://getsolara.dev/asset/Cheers
      tls, http
      Solara.exe
      989 B
      5.2kB
      11
      11

      HTTP Request

      GET https://getsolara.dev/asset/Cheers

      HTTP Response

      200
    • 104.21.93.27:443
      https://getsolara.dev/asset/Palatable
      tls, http
      Solara.exe
      1.0kB
      6.2kB
      12
      10

      HTTP Request

      GET https://getsolara.dev/asset/Palatable

      HTTP Response

      200
    • 104.21.93.27:443
      https://getsolara.dev/asset/Palatable
      tls, http
      Solara.exe
      921 B
      6.2kB
      10
      10

      HTTP Request

      GET https://getsolara.dev/asset/Palatable

      HTTP Response

      200
    • 104.21.93.27:443
      https://getsolara.dev/asset/DelectableFruits
      tls, http
      Solara.exe
      3.3kB
      143.5kB
      62
      114

      HTTP Request

      GET https://getsolara.dev/asset/DelectableFruits

      HTTP Response

      200
    • 104.21.93.27:443
      https://getsolara.dev/api/endpoint.json
      tls, http
      Solara.exe
      1.2kB
      5.5kB
      12
      11

      HTTP Request

      GET https://getsolara.dev/api/endpoint.json

      HTTP Response

      200
    • 127.0.0.1:52629
      Solara.exe
    • 127.0.0.1:52634
      Solara.exe
    • 127.0.0.1:52637
      Solara.exe
    • 127.0.0.1:52640
      Solara.exe
    • 127.0.0.1:52643
      Solara.exe
    • 127.0.0.1:52645
      Solara.exe
    • 104.21.93.27:443
      https://getsolara.dev/api/endpoint.json
      tls, http
      Bootstrapper.exe
      951 B
      6.4kB
      11
      12

      HTTP Request

      GET https://getsolara.dev/asset/discord.json

      HTTP Response

      200

      HTTP Request

      GET https://getsolara.dev/api/endpoint.json

      HTTP Response

      200
    • 128.116.21.4:443
      https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
      tls, http
      Bootstrapper.exe
      830 B
      6.5kB
      9
      9

      HTTP Request

      GET https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live

      HTTP Response

      200
    • 104.20.3.235:443
      https://pastebin.com/raw/pjseRvyK
      tls, http
      Solara.exe
      726 B
      4.3kB
      8
      8

      HTTP Request

      GET https://pastebin.com/raw/pjseRvyK

      HTTP Response

      200
    • 128.116.21.4:443
      https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
      tls, http
      Solara.exe
      830 B
      6.5kB
      9
      9

      HTTP Request

      GET https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live

      HTTP Response

      200
    • 104.21.93.27:443
      https://getsolara.dev/asset/Cheers
      tls, http
      Solara.exe
      964 B
      5.2kB
      11
      10

      HTTP Request

      GET https://getsolara.dev/asset/Cheers

      HTTP Response

      200
    • 104.21.93.27:443
      https://getsolara.dev/asset/Cheers
      tls, http
      Solara.exe
      918 B
      5.2kB
      10
      10

      HTTP Request

      GET https://getsolara.dev/asset/Cheers

      HTTP Response

      200
    • 104.21.93.27:443
      https://getsolara.dev/asset/Palatable
      tls, http
      Solara.exe
      967 B
      6.2kB
      11
      10

      HTTP Request

      GET https://getsolara.dev/asset/Palatable

      HTTP Response

      200
    • 104.21.93.27:443
      https://getsolara.dev/asset/Palatable
      tls, http
      Solara.exe
      921 B
      6.2kB
      10
      10

      HTTP Request

      GET https://getsolara.dev/asset/Palatable

      HTTP Response

      200
    • 104.21.93.27:443
      https://getsolara.dev/asset/DelectableFruits
      tls, http
      Solara.exe
      4.2kB
      143.4kB
      75
      111

      HTTP Request

      GET https://getsolara.dev/asset/DelectableFruits

      HTTP Response

      200
    • 104.21.93.27:443
      https://getsolara.dev/api/endpoint.json
      tls, http
      Solara.exe
      969 B
      5.2kB
      11
      11

      HTTP Request

      GET https://getsolara.dev/api/endpoint.json

      HTTP Response

      200
    • 127.0.0.1:52661
      Solara.exe
    • 127.0.0.1:52664
      Solara.exe
    • 127.0.0.1:52667
      Solara.exe
    • 127.0.0.1:52670
      Solara.exe
    • 127.0.0.1:52673
      Solara.exe
    • 127.0.0.1:52675
      Solara.exe
    • 8.8.8.8:53
      13.86.106.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      13.86.106.20.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
      128 B
      1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    • 8.8.8.8:53
      getsolara.dev
      dns
      Solara.exe
      59 B
      91 B
      1
      1

      DNS Request

      getsolara.dev

      DNS Response

      104.21.93.27
      172.67.203.125

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      67.31.126.40.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      67.31.126.40.in-addr.arpa

    • 8.8.8.8:53
      27.93.21.104.in-addr.arpa
      dns
      71 B
      133 B
      1
      1

      DNS Request

      27.93.21.104.in-addr.arpa

    • 8.8.8.8:53
      clientsettings.roblox.com
      dns
      Solara.exe
      71 B
      165 B
      1
      1

      DNS Request

      clientsettings.roblox.com

      DNS Response

      128.116.21.4

    • 8.8.8.8:53
      4.21.116.128.in-addr.arpa
      dns
      71 B
      125 B
      1
      1

      DNS Request

      4.21.116.128.in-addr.arpa

    • 8.8.8.8:53
      www.nodejs.org
      dns
      Bootstrapper.exe
      60 B
      92 B
      1
      1

      DNS Request

      www.nodejs.org

      DNS Response

      104.20.22.46
      104.20.23.46

    • 8.8.8.8:53
      nodejs.org
      dns
      Bootstrapper.exe
      56 B
      88 B
      1
      1

      DNS Request

      nodejs.org

      DNS Response

      104.20.23.46
      104.20.22.46

    • 8.8.8.8:53
      46.22.20.104.in-addr.arpa
      dns
      142 B
      133 B
      2
      1

      DNS Request

      46.22.20.104.in-addr.arpa

      DNS Request

      46.22.20.104.in-addr.arpa

    • 8.8.8.8:53
      46.23.20.104.in-addr.arpa
      dns
      71 B
      133 B
      1
      1

      DNS Request

      46.23.20.104.in-addr.arpa

    • 8.8.8.8:53
      97.17.167.52.in-addr.arpa
      dns
      71 B
      145 B
      1
      1

      DNS Request

      97.17.167.52.in-addr.arpa

    • 8.8.8.8:53
      23.149.64.172.in-addr.arpa
      dns
      72 B
      134 B
      1
      1

      DNS Request

      23.149.64.172.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
      156 B
      1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      8049c006.solaraweb-alj.pages.dev
      dns
      Bootstrapper.exe
      78 B
      110 B
      1
      1

      DNS Request

      8049c006.solaraweb-alj.pages.dev

      DNS Response

      172.66.44.59
      172.66.47.197

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      59.44.66.172.in-addr.arpa
      dns
      142 B
      133 B
      2
      1

      DNS Request

      59.44.66.172.in-addr.arpa

      DNS Request

      59.44.66.172.in-addr.arpa

    • 8.8.8.8:53
      pastebin.com
      dns
      Solara.exe
      58 B
      106 B
      1
      1

      DNS Request

      pastebin.com

      DNS Response

      104.20.3.235
      172.67.19.24
      104.20.4.235

    • 8.8.8.8:53
      235.3.20.104.in-addr.arpa
      dns
      71 B
      133 B
      1
      1

      DNS Request

      235.3.20.104.in-addr.arpa

    • 8.8.8.8:53
      88.210.23.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      88.210.23.2.in-addr.arpa

    • 8.8.8.8:53
      19.229.111.52.in-addr.arpa
      dns
      144 B
      158 B
      2
      1

      DNS Request

      19.229.111.52.in-addr.arpa

      DNS Request

      19.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      checkappexec.microsoft.com
      dns
      72 B
      192 B
      1
      1

      DNS Request

      checkappexec.microsoft.com

      DNS Response

      172.165.61.93

    • 8.8.8.8:53
      2.159.190.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      2.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      93.61.165.172.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      93.61.165.172.in-addr.arpa

    • 8.8.8.8:53
      c.pki.goog
      dns
      56 B
      107 B
      1
      1

      DNS Request

      c.pki.goog

      DNS Response

      142.250.200.3

    • 8.8.8.8:53
      3.200.250.142.in-addr.arpa
      dns
      72 B
      110 B
      1
      1

      DNS Request

      3.200.250.142.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e57afcb.rbs

      Filesize

      1.0MB

      MD5

      e6f1d0b1192a868499ff4204254eb848

      SHA1

      c85ce255fe9d253b9189777afc62ef837b212dcd

      SHA256

      3e0086c04540695ccc2f28618a6765c3f5c167a8470a8af920fd8dc953326f17

      SHA512

      6856e4d129bd97df695cec67401b8aefe2986c03e2648f979d3d14e5fc25ad9f50287e45497e9628cab061a3ba7957c38db38d5b65b59d03529fbb473e90e541

    • C:\Program Files\nodejs\node_etw_provider.man

      Filesize

      10KB

      MD5

      1d51e18a7247f47245b0751f16119498

      SHA1

      78f5d95dd07c0fcee43c6d4feab12d802d194d95

      SHA256

      1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

      SHA512

      1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

    • C:\Program Files\nodejs\node_etw_provider.man

      Filesize

      8KB

      MD5

      d3bc164e23e694c644e0b1ce3e3f9910

      SHA1

      1849f8b1326111b5d4d93febc2bafb3856e601bb

      SHA256

      1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

      SHA512

      91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

    • C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

      Filesize

      818B

      MD5

      2916d8b51a5cc0a350d64389bc07aef6

      SHA1

      c9d5ac416c1dd7945651bee712dbed4d158d09e1

      SHA256

      733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

      SHA512

      508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

    • C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

      Filesize

      1KB

      MD5

      5ad87d95c13094fa67f25442ff521efd

      SHA1

      01f1438a98e1b796e05a74131e6bb9d66c9e8542

      SHA256

      67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

      SHA512

      7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

    • C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

      Filesize

      754B

      MD5

      d2cf52aa43e18fdc87562d4c1303f46a

      SHA1

      58fb4a65fffb438630351e7cafd322579817e5e1

      SHA256

      45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

      SHA512

      54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

    • C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

      Filesize

      771B

      MD5

      e9dc66f98e5f7ff720bf603fff36ebc5

      SHA1

      f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

      SHA256

      b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

      SHA512

      8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

    • C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

      Filesize

      730B

      MD5

      072ac9ab0c4667f8f876becedfe10ee0

      SHA1

      0227492dcdc7fb8de1d14f9d3421c333230cf8fe

      SHA256

      2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

      SHA512

      f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

    • C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

      Filesize

      1KB

      MD5

      d116a360376e31950428ed26eae9ffd4

      SHA1

      192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

      SHA256

      c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

      SHA512

      5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

    • C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

      Filesize

      802B

      MD5

      d7c8fab641cd22d2cd30d2999cc77040

      SHA1

      d293601583b1454ad5415260e4378217d569538e

      SHA256

      04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

      SHA512

      278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

    • C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

      Filesize

      16KB

      MD5

      bc0c0eeede037aa152345ab1f9774e92

      SHA1

      56e0f71900f0ef8294e46757ec14c0c11ed31d4e

      SHA256

      7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

      SHA512

      5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

    • C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

      Filesize

      780B

      MD5

      b020de8f88eacc104c21d6e6cacc636d

      SHA1

      20b35e641e3a5ea25f012e13d69fab37e3d68d6b

      SHA256

      3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

      SHA512

      4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

    • C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

      Filesize

      763B

      MD5

      7428aa9f83c500c4a434f8848ee23851

      SHA1

      166b3e1c1b7d7cb7b070108876492529f546219f

      SHA256

      1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

      SHA512

      c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

    • C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

      Filesize

      4KB

      MD5

      f0bd53316e08991d94586331f9c11d97

      SHA1

      f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

      SHA256

      dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

      SHA512

      fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

    • C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

      Filesize

      771B

      MD5

      1d7c74bcd1904d125f6aff37749dc069

      SHA1

      21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

      SHA256

      24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

      SHA512

      b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

      Filesize

      168B

      MD5

      db7dbbc86e432573e54dedbcc02cb4a1

      SHA1

      cff9cfb98cff2d86b35dc680b405e8036bbbda47

      SHA256

      7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

      SHA512

      8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

    • C:\ProgramData\Solara\Monaco\fileaccess\index.js

      Filesize

      6KB

      MD5

      0e709bfb5675ff0531c925b909b58008

      SHA1

      25a8634dd21c082d74a7dead157568b6a8fc9825

      SHA256

      ed94fd8980c043bad99599102291e3285323b99ce0eb5d424c00e3dea1a34e67

      SHA512

      35968412e6ed11ef5cd890520946167bcef2dc6166489759af8bb699f08256355708b1ab949cce034d6cc22ed79b242600c623121f2c572b396f0e96372740cd

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\body-parser\index.js

      Filesize

      2KB

      MD5

      b9e991c0e57c4d5adde68a2f4f063bc7

      SHA1

      0cb6b9eb7b310c37e5950bbcaf672943657c94b5

      SHA256

      9c6c900e7e85fb599c62d9b9e4dfd2ea2f61d119dce5ed69ac3a8da828819241

      SHA512

      3bbd31eed55c32435b01fe7356d39749e95f8f49222115ada841e751ad36227e6f427efdc4e8bad36d8ccd37c2e92c01fa67c24c23f52023df8c1e1be1a3b4f6

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\body-parser\package.json

      Filesize

      1KB

      MD5

      826bd4315438573ba1a6d88ae2a2aa65

      SHA1

      3e27986a947e7d10488739c9afb75f96b646c4c5

      SHA256

      0fd31ad69fdcf1e2a94530f9db9c93e96709b690393a14711643123f678ee956

      SHA512

      2e98ba8e57cb0950e45d20365d16e86ad94a60cfd4cf103b7d55dae02de677985d37c0f771e16ae0a628cb3b59adce8a9e1742cffc298f18cb7d935d72536e6d

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\debug\package.json

      Filesize

      1KB

      MD5

      71a7656944ffe50cc27ebe02491ae49b

      SHA1

      8ebf0f80660d982fc68f00f82855696157e74b10

      SHA256

      6c3d2c892db282317913ce7c340dd2edccd326bcafd18b644b8738144967d6ee

      SHA512

      5b0010b41304e212a22d2c89eff65ce410b000c71c4ab8c7fdba8f549ba0629fe27f37c142058b041fb889bc73e00959ad58f673866ee7d29724687da3c3f320

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\debug\src\debug.js

      Filesize

      4KB

      MD5

      74bdccf347345d27fe8a4ac3add99c60

      SHA1

      a2b8a915c86fc750f56a7137860f19ec1182ee21

      SHA256

      d8d1c1d6c387ab67c3f28d78fd0b20b9becd69442db9d3efe110ca464b509c8a

      SHA512

      c2d47efee2a4442be6375d623f46b4c7ee9552c132b9229eb284bdd98629edd02664167805b0af9b3faaa9b1906e9ed0c5e383396d4995cef7051f9a450e1b99

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\debug\src\index.js

      Filesize

      263B

      MD5

      dd13897ea2eed92695bb7e4e744a9148

      SHA1

      182314d32e789e4f9c29e3150ae392f1630f171c

      SHA256

      9a34fedeb2d269c46ed94e6f13039eb0d16d866dd460ec66fa3acd78122fa9fe

      SHA512

      0b53bc984178336ac516601e72d477d2beeef6936800da17d3a79c153e0036f7428517ebd75d296729f65856c7e07749029f5aa192b2ac071efc4d3e39750a32

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\debug\src\node.js

      Filesize

      5KB

      MD5

      25807a97fbb1fcc42a013abc7d7768c4

      SHA1

      f24d52cbc9144b011def218234ff7b50e7ddcb19

      SHA256

      a3e83594a4ce88997e2e4fc66bc942b17b9d736290ad62560c7f09d6d0989ad0

      SHA512

      8d316b63700126d7c8965a886e9b35a332d3f7e68d28f2264d235c0afad28066f877f25821e1983ddde5f2d5052716cc73338779b41b6f4d1b90ad33dc3e9f24

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\depd\index.js

      Filesize

      10KB

      MD5

      002a1f3e813cc05d9e3cc011f6601628

      SHA1

      1690c27457637ec234d6b7658f1b96e547a0eb99

      SHA256

      4d587a5662e20a7bb9bfe6555afe5987e1b80303a819b447394f37a93297ee91

      SHA512

      ea1ad9bcf09a73a10dd1fd8a66daac12f87725e16ad27e7beff6d9fda937579976cd5d7ed6439c4122b16178c3ffdf410d6c7a54918f94bc98fa7950adf3bd54

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\depd\package.json

      Filesize

      1KB

      MD5

      7f0a9d228c79f0ee4b89fc6117f1c687

      SHA1

      3c10082c1464a6f589aa10cda88285e780ebf857

      SHA256

      5a3659bcc2e47b25ebf9f23f38eb9452a58920bfe4b59410bfa6fe84639a3b99

      SHA512

      7bdd7259bcb8d79aa41777f03d3a3f8a29b60c2d25104072edba9febeb813e12ef78d31573637702decddbaa97d8fec263bc413bd27dd660ded17d644458cbc2

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\ee-first\package.json

      Filesize

      859B

      MD5

      3ed21090e07ef5dd57729a77c4291cb9

      SHA1

      7ffe61f87f94a558fabc177cad5c9b90b16481cf

      SHA256

      a4eece6ff6b38bf7ac107323f381cc60500097a9cbdd473f5d5b45e68822cb89

      SHA512

      54de61c6ab428104f9a559ecd3df7868ab7f1b5c8b85a3f658c8dab13d435bd0766c6b48178a1d5bd083b0829f6461158e303538c7d08761b201b17f7c9940b3

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\encodeurl\index.js

      Filesize

      1KB

      MD5

      b90cf71779f72e14be703a4e494e968c

      SHA1

      842f42d9ee581d91ac82a7fa018f61bb3f8ef63a

      SHA256

      1d0a4e941c1504dcd9bc6cfbb77f7b44d93e56a29cba6f2ccebd78d501a51c16

      SHA512

      8db5d9a938f397c11c75c77c0cbe6eb609c5d4f81a590f221163fe3291cd0cb2a6286ba8935c8f8cfdabecec9f7e49a5bfa836dc777e936271fbe0daea7414e6

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\encodeurl\package.json

      Filesize

      1KB

      MD5

      453a9bb10c91e0ec44f305b14e30ce82

      SHA1

      73c01b81f34a9978b158df2744ef8c45251d6193

      SHA256

      30b1a43843675f42033fd6c77c19b20ad4344844f0bd5526c586081e93a48fe8

      SHA512

      d81ee5f2394493a5f93918ecae6581f82ee529fbbd257e0dc10ea68f09c39d0d19e3a6b0e9560eb1250d88a9b1f591d6469f28404410b16b580cbe179e37da0f

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\escape-html\index.js

      Filesize

      1KB

      MD5

      0c95e46d0f08bd96b93cfbea66888afc

      SHA1

      dfbb19c79eb0ca7ff2625fb1975a35cf47be378a

      SHA256

      42a7f91883d0c5ce9292dda4e017e1f8664d34b09276d89fb6f3859c29d1ca9b

      SHA512

      fbeb545274e55f0dface8407a563878083e8d2edc16320a31802e7b4c1dbf6d37f20b772c7436cb1810adb524ef86b3378b6b76a35e0967b6cae58340c58d4ad

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\escape-html\package.json

      Filesize

      434B

      MD5

      e9c758769fec9883d5ce3d30b8ee1047

      SHA1

      f9d3fd64a0196e77965489ce9b81fe4ce3a9ecb1

      SHA256

      bd320a3e9d23249f5f7d3ce72f2fa426e28a6b2704bd2b281d0c92806a1f5223

      SHA512

      e54bbb849368a53c620b65d0e4a847869dea8fbb767f3559315d9e031c11f23df4ac9d746b7883caf3f693c748e1b9c90f8789519891ed179399341cd49dcae2

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\index.js

      Filesize

      224B

      MD5

      866e37a4d9fb8799d5415d32ac413465

      SHA1

      3f41478fdab31acabab8fa1d26126483a141ffb6

      SHA256

      4d2f5afc192178c5b0dc418d2da5826d52a8b6998771b011aede7fdba9118140

      SHA512

      766d2e202dd5e520ac227e28e3c359cca183605c52b4e4c95c69825c929356cea772723a9af491a3662d3c26f7209e89cc3a7af76f75165c104492dc6728accc

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\lib\application.js

      Filesize

      14KB

      MD5

      15cf9c2f48c7ba6583c59d28908e3e27

      SHA1

      19c7718f6a3d0f9dcd4ca692c19718ec29aae092

      SHA256

      5901b32f609ba349351bf7406dbdc0c4c57b77ce6f7215ea67ccca5ac2a28e88

      SHA512

      c063277a59b83dffc085116769475ec5cce1c47c167b9bd2246e8bda04f0ebc2773b5f06e3b44fc5ed057e043f6d33e77741f34d15e22542134e3865574a29be

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\lib\express.js

      Filesize

      2KB

      MD5

      d467bc485eddf6d38278bc6b1dc16389

      SHA1

      e233882de62eb095b3cae0b2956e8776e6af3d6a

      SHA256

      2f25585c03c3050779c8f5f00597f8653f4fb8a97448ef8ef8cb21e65ba4d15d

      SHA512

      2add66b4f2e8ce463449ca8f2eac19363844b6ab159a41b42163028c57f07a4245ebefe759a6f90e8685b5bd239c969fe99366eff89378cb8b92b8a703dacd61

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\package.json

      Filesize

      2KB

      MD5

      3b5b76b70b0a549dce72c5a02756d2a8

      SHA1

      07786baebb5c52882e28a8bd281c9a36d63dd116

      SHA256

      bdd67333ab62b0bfeb10ecbbb23936db57b743a3eec580a354591fdf63334859

      SHA512

      bb266dfa725421fb26d26fda0f45a5fa5cd832667b05f27ceaf4e7fc1e032aeea8700493cfdd2941c3c38cd166eee1000d2b9ae3ddef375714e25a2027a943a3

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\finalhandler\index.js

      Filesize

      6KB

      MD5

      d50e9637775204f194d629000189f69c

      SHA1

      50d1a1725cb273b0a8e30433dabc43d65f55169b

      SHA256

      96900b458b12085ea16f228151439d9a7bae6b5d45248e355ad617f4dc213540

      SHA512

      563a8375e3ab7936162a9d209800f8b41c416c1500fe24de817871c3e5489e8faf5a4dcb7fb239f697a8736432356e60ecf1578d0aafc0de80d6e0ae90c34aad

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\finalhandler\package.json

      Filesize

      1KB

      MD5

      3d09ac571e0b6eaf8fdb9806118b6d30

      SHA1

      eb758bb6a7d3e4f32f0fa2f941265678539e74f1

      SHA256

      243d853d4386c4132508ae9a99e5176b25be7f5cb6967bc1bab241f20e937e72

      SHA512

      0207cf364e3eac974cae61ec68fe3975fd1f1eb6150f51293ce67f62dbb0f27a3d9c193101ef282dcd099fc653ca73cd3c875c18e5e266964038e3334697b5b4

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\merge-descriptors\index.js

      Filesize

      1KB

      MD5

      b4d3859e603602c87a45682862055af0

      SHA1

      e95cb1c14d70be457eba2ce61b2f4e90a13b21b1

      SHA256

      88564234b9eeb2f0fe2cc5d03f617a97eb4802f126bdd21aa223c3c87c02531c

      SHA512

      b17bb8c8b652f27d8037ed60f28b0d19a68e77bcc45d1e2be7dd304c942f6e85570e9720011f983fb8783d670eb66c0c3174d5fd90690b2aa79c2b402adcd00a

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\merge-descriptors\package.json

      Filesize

      931B

      MD5

      570e06d8ce0167e07a32ba70fdd56795

      SHA1

      39dc652dfa419d46d6fed0835444c603c57077f8

      SHA256

      45ebe570483c48b6460767fc4a0bb69e4dee4bf4becc645b0e0627172a30a580

      SHA512

      9c8ddf41b3207016935affce00108d87f176a9e473a01f03f1110456397c88ee2fbaf34f9e497e6cbff2b65c4f4c7f254a5129b4c1eaa2b85fbebffb8fe43777

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\ms\index.js

      Filesize

      2KB

      MD5

      ae157c9a8e70902576c2d8a06dbcde32

      SHA1

      0d10ee921436fa5ff5988445cc67676219dfffbe

      SHA256

      4bd92209cb9dacf3e3773e725acb7aaec43ea9e78540324e4d0f73e5ce9adef7

      SHA512

      4c2f31f1f2a297ab6c55a21d58a5c26cad22c1ed1913e7a48605111d217257ae2d9f26ea889e8610e011ba9b9c487c91ecdb4cea3437534faf905e8fb89ba248

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\ms\package.json

      Filesize

      704B

      MD5

      cbd55880a650b56c3d5acddbbdbee9bc

      SHA1

      4d354da7ece1c7d5689b8104f3b6f3dcbac7790e

      SHA256

      30fbfaa3840b2f63978ad4bcd7ed8dc24d277b818e4755fe93eda8cb1bc8b74c

      SHA512

      e329a6f6a38dd33bd60334a8dec4a91aa6e7dab28f0893240374ae6a303c12646399d821403e3b80eb51317d1808e6abf30bd91b0bd99951f96815a22ba105c7

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\on-finished\index.js

      Filesize

      4KB

      MD5

      b1c3d24b92f25989b8aefc7f6aaa91ba

      SHA1

      3f69307bd04cc4dfe71cd13616509f443b48f923

      SHA256

      8e16bae14ec63bac9cdbb50572a7b53061fee914712f5e803ff03c44e8845276

      SHA512

      4225c714bec718d7cc59cd2c91a07a77e41cce3ab52502bf9b5b9ccd7d0ce88c040e0a765e5b2c3576ac8f101dc00fff94f8c7ac7586111a545b228831a11ed0

    • C:\ProgramData\Solara\Monaco\fileaccess\node_modules\on-finished\package.json

      Filesize

      1KB

      MD5

      436846dd0f4348ac2ee93c9c5eb291e4

      SHA1

      777e9cd400b42dee1199eacfb325876caeaff3cc

      SHA256

      c812eca4b0dee2317cb446124cb27ae8e5b993c8fdd0144886b629ef6ef53fc1

      SHA512

      d261e261bc9d2e5a39a50c6b072e6da995764769abdc4f9f3cf219cc2296c0e45ee194c3f4f431a248fd1d46d90745ad0b576d2fcb24e59d9208804b9c1532d7

    • C:\ProgramData\Solara\Monaco\fileaccess\package.json

      Filesize

      53B

      MD5

      b9f2ca8a50d6d71642dd920c76a851e5

      SHA1

      8ca43e514f808364d0eb51e7a595e309a77fdfce

      SHA256

      f44555af79dfa01a68ae8325382293fc68cd6c61d1d4eb9b8f7a42c651c51cde

      SHA512

      81b6352bbabd0bffbc50bfcd0cd67dc3c2a7d63bda0bf12421410c0ec8047af549a4928b5c5c3e89ead99aa9240bddb461c618c49287c15d9d4d3a899e8f596a

    • C:\ProgramData\Solara\Newtonsoft.Json.dll

      Filesize

      695KB

      MD5

      195ffb7167db3219b217c4fd439eedd6

      SHA1

      1e76e6099570ede620b76ed47cf8d03a936d49f8

      SHA256

      e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

      SHA512

      56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

    • C:\ProgramData\Solara\Solara.exe

      Filesize

      133KB

      MD5

      c6f770cbb24248537558c1f06f7ff855

      SHA1

      fdc2aaae292c32a58ea4d9974a31ece26628fdd7

      SHA256

      d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

      SHA512

      cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

    • C:\ProgramData\Solara\SolaraV3.dll

      Filesize

      6.8MB

      MD5

      c3d8a566119d8fee7fb2d0db4dea86e4

      SHA1

      c8094d474337ccf4dda2b1888a8235f73c20eaf3

      SHA256

      ca8df8f0b5d9981ed0e284f809472e8013252e59bed1a0f08c98a4b0726920ee

      SHA512

      0cd41d5d7c90e4f780dd92b03ac0938dbbf082c5658ee660c31986cd8e9d9c68f386b9989373cdd25c34a21943c266495c4f4c85b44487bb97d0edebb96555f7

    • C:\ProgramData\Solara\Wpf.Ui.dll

      Filesize

      5.2MB

      MD5

      aead90ab96e2853f59be27c4ec1e4853

      SHA1

      43cdedde26488d3209e17efff9a51e1f944eb35f

      SHA256

      46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

      SHA512

      f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

    • C:\ProgramData\Solara\bin\version.txt

      Filesize

      5B

      MD5

      a550e39a1b99146581652915aa853a6b

      SHA1

      3509c9a74b8fbdce7069149a65b86c70d1fb37c0

      SHA256

      f637e389c425692bb6ea379c4bdebef58ae2aea6aef7d28488816613e7bf9374

      SHA512

      4a62903c599ca8cc0ed9f48c9dfbf1cadc4953e2c87a9c5fdd71bfd8f689809c9223bf51f0190e177eb477cd7322c64812c8b4061065346d22a95b79d1c52104

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Bootstrapper.exe.log

      Filesize

      1KB

      MD5

      7227f2974903a25d032dca018f1860dc

      SHA1

      3480b1382e44c150bb50edac56e8661fe57a97bf

      SHA256

      27113670aaa6b62a004b9f3c7562c3f9bb55e6df47d166e32af39118a27b0ff1

      SHA512

      952cc7522a27d0cbe05162d60c5df874f25897cdfbadf77f60aa522ab5e582f991268e5b0ec6034b16486d17c85b12791667fc887e8f450e0f767c9ae84642e3

    • C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

      Filesize

      30.1MB

      MD5

      0e4e9aa41d24221b29b19ba96c1a64d0

      SHA1

      231ade3d5a586c0eb4441c8dbfe9007dc26b2872

      SHA256

      5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

      SHA512

      e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

    • C:\Windows\Installer\MSIB594.tmp

      Filesize

      122KB

      MD5

      9fe9b0ecaea0324ad99036a91db03ebb

      SHA1

      144068c64ec06fc08eadfcca0a014a44b95bb908

      SHA256

      e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

      SHA512

      906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

    • C:\Windows\Installer\MSIB661.tmp

      Filesize

      211KB

      MD5

      a3ae5d86ecf38db9427359ea37a5f646

      SHA1

      eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

      SHA256

      c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

      SHA512

      96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

    • C:\Windows\Installer\MSIC40F.tmp

      Filesize

      297KB

      MD5

      7a86ce1a899262dd3c1df656bff3fb2c

      SHA1

      33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

      SHA256

      b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

      SHA512

      421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

    • memory/1864-2808-0x00007FFCFF750000-0x00007FFD00212000-memory.dmp

      Filesize

      10.8MB

    • memory/1864-2383-0x00000252DE8C0000-0x00000252DE8CA000-memory.dmp

      Filesize

      40KB

    • memory/1864-5-0x00007FFCFF753000-0x00007FFCFF755000-memory.dmp

      Filesize

      8KB

    • memory/1864-1-0x00000252DCA30000-0x00000252DCAFE000-memory.dmp

      Filesize

      824KB

    • memory/1864-2-0x00007FFCFF750000-0x00007FFD00212000-memory.dmp

      Filesize

      10.8MB

    • memory/1864-0-0x00007FFCFF753000-0x00007FFCFF755000-memory.dmp

      Filesize

      8KB

    • memory/1864-4-0x00000252DE890000-0x00000252DE8B2000-memory.dmp

      Filesize

      136KB

    • memory/1864-15-0x00007FFCFF750000-0x00007FFD00212000-memory.dmp

      Filesize

      10.8MB

    • memory/1864-2385-0x00000252F71C0000-0x00000252F71D2000-memory.dmp

      Filesize

      72KB

    • memory/2728-2857-0x0000000180000000-0x0000000181168000-memory.dmp

      Filesize

      17.4MB

    • memory/2728-2855-0x000002408AB80000-0x000002408AB90000-memory.dmp

      Filesize

      64KB

    • memory/2728-2856-0x00000240A6C30000-0x00000240A6CC0000-memory.dmp

      Filesize

      576KB

    • memory/2728-2852-0x0000000180000000-0x0000000181168000-memory.dmp

      Filesize

      17.4MB

    • memory/2728-2850-0x0000000180000000-0x0000000181168000-memory.dmp

      Filesize

      17.4MB

    • memory/2728-2851-0x0000000180000000-0x0000000181168000-memory.dmp

      Filesize

      17.4MB

    • memory/2728-2853-0x0000000180000000-0x0000000181168000-memory.dmp

      Filesize

      17.4MB

    • memory/4484-2862-0x0000000180000000-0x0000000181168000-memory.dmp

      Filesize

      17.4MB

    • memory/4484-2865-0x000001AEA2F00000-0x000001AEA2F38000-memory.dmp

      Filesize

      224KB

    • memory/4484-2873-0x0000000180000000-0x0000000181168000-memory.dmp

      Filesize

      17.4MB

    • memory/4484-2871-0x0000000180000000-0x0000000181168000-memory.dmp

      Filesize

      17.4MB

    • memory/4484-2859-0x0000000180000000-0x0000000181168000-memory.dmp

      Filesize

      17.4MB

    • memory/4484-2861-0x0000000180000000-0x0000000181168000-memory.dmp

      Filesize

      17.4MB

    • memory/4484-2870-0x0000000180000000-0x0000000181168000-memory.dmp

      Filesize

      17.4MB

    • memory/4484-2860-0x0000000180000000-0x0000000181168000-memory.dmp

      Filesize

      17.4MB

    • memory/4484-2863-0x000001AE9E020000-0x000001AE9E028000-memory.dmp

      Filesize

      32KB

    • memory/4484-2869-0x0000000180000000-0x0000000181168000-memory.dmp

      Filesize

      17.4MB

    • memory/4484-2866-0x000001AEA2EC0000-0x000001AEA2ECE000-memory.dmp

      Filesize

      56KB

    • memory/4484-2867-0x0000000180000000-0x0000000181168000-memory.dmp

      Filesize

      17.4MB

    • memory/4484-2868-0x0000000180000000-0x0000000181168000-memory.dmp

      Filesize

      17.4MB

    • memory/4832-2804-0x000001CBF0B40000-0x000001CBF0B64000-memory.dmp

      Filesize

      144KB

    • memory/4832-2811-0x000001CBF3B50000-0x000001CBF3C02000-memory.dmp

      Filesize

      712KB

    • memory/4832-2809-0x000001CBF3A90000-0x000001CBF3B4A000-memory.dmp

      Filesize

      744KB

    • memory/4832-2806-0x000001CBF3F10000-0x000001CBF444C000-memory.dmp

      Filesize

      5.2MB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.