hxxps://www[.]mediafire[.]com/file/7vas9gdrufnnyc3/SolaraV3(Folder)-Discord[.]gg[.]productions[.]7z/file

Analysis

max time kernel
942s
max time network
944s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
12/08/2024, 13:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/7vas9gdrufnnyc3/SolaraV3(Folder)-Discord.gg.productions.7z/file

Score

9^/10

discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Executes dropped EXE 6 IoCs

pid	Process
5860	Solara.exe
2080	BootstrapperV1.16(USE THIS IF SOLARA RELEASE A UPDATE).exe
4436	BootstrapperV1.16(USE THIS IF SOLARA RELEASE A UPDATE).exe
2820	node.exe
3584	Solara.exe
2164	node.exe

Loads dropped DLL 13 IoCs

pid	Process
4872	MsiExec.exe
4872	MsiExec.exe
1792	MsiExec.exe
1792	MsiExec.exe
1792	MsiExec.exe
1792	MsiExec.exe
1792	MsiExec.exe
5428	MsiExec.exe
5428	MsiExec.exe
5428	MsiExec.exe
4872	MsiExec.exe
3584	Solara.exe
3584	Solara.exe

Themida packer 13 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/3584-4463-0x0000000180000000-0x0000000180FA6000-memory.dmp	themida
behavioral1/memory/3584-4462-0x0000000180000000-0x0000000180FA6000-memory.dmp	themida
behavioral1/memory/3584-4465-0x0000000180000000-0x0000000180FA6000-memory.dmp	themida
behavioral1/memory/3584-4464-0x0000000180000000-0x0000000180FA6000-memory.dmp	themida
behavioral1/memory/3584-4606-0x0000000180000000-0x0000000180FA6000-memory.dmp	themida
behavioral1/memory/3584-4621-0x0000000180000000-0x0000000180FA6000-memory.dmp	themida
behavioral1/memory/3584-4759-0x0000000180000000-0x0000000180FA6000-memory.dmp	themida
behavioral1/memory/3584-4776-0x0000000180000000-0x0000000180FA6000-memory.dmp	themida
behavioral1/memory/3584-4853-0x0000000180000000-0x0000000180FA6000-memory.dmp	themida
behavioral1/memory/3584-4948-0x0000000180000000-0x0000000180FA6000-memory.dmp	themida
behavioral1/memory/3584-4989-0x0000000180000000-0x0000000180FA6000-memory.dmp	themida
behavioral1/memory/3584-5039-0x0000000180000000-0x0000000180FA6000-memory.dmp	themida
behavioral1/memory/3584-5052-0x0000000180000000-0x0000000180FA6000-memory.dmp	themida

Blocklisted process makes network request 1 IoCs

flow	pid	Process
286	352	msiexec.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
279	pastebin.com
282	pastebin.com
289	pastebin.com
292	pastebin.com
297	pastebin.com
191	pastebin.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
3584	Solara.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\just-diff-apply\rollup.config.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-uninstall.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-collect\node_modules\minipass\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\explain-dep.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-link.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\readable-stream\experimentalWarning.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\read-package-json\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\is-core-module\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\jsonparse\samplejson\basic.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\bin\lib\logging.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\src\win_delay_load_hook.cc	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\update-notifier.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\events\tests\common.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\parser.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cssesc\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\msvs_test.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\readable-stream\lib\_stream_transform.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\events\tests\prepend.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\lib\content\rm.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\dist\abort-controller.umd.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\dist\abort-controller.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\models\snapshot.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\lib\fetch-error.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\get-write-flag.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\version-from-tgz.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\lib\content\write.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-unpublish.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\.flake8	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\event-target-shim\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tiny-relative-date\translations\da.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\git.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\fs.realpath\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\google\protobuf\descriptor.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\gather-dep-set.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\configuring-npm\install.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\dist\abort-controller.mjs.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\using-npm\scripts.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\ca\verify\signer.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-audit-report\lib\colors.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\chownr\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cli-table3\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\http-proxy-agent\dist\index.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\depd\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\util\dsse.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-exec.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-ls.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmaccess\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\wcwidth\docs\index.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\lib\set-immediate.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\cli.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\npm.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minimatch\dist\mjs\index.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\util\params.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\common-ancestor-path\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\concat-map\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\node_modules\brace-expansion\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\is-lambda\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\https-proxy-agent\dist\parse-proxy-response.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\npm.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\spdx-expression-parse\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cli-table3\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\smart-buffer\build\smartbuffer.js	msiexec.exe

Drops file in Windows directory 25 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIE4A1.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE86D.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF1D0B3D3B3D6B1E79.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICE1A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICE19.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE6B6.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF1D57BF43DD7D6510.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC57A.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICA0F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE500.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\SystemTemp\~DF90C82790A2DA6EE9.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC52A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICB0B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e63c20d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC579.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File created	C:\Windows\Installer\e63c211.msi	msiexec.exe
File created	C:\Windows\Installer\e63c20d.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF27DC5DF34F8E74C3.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICADB.tmp	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 6 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
6112	msedgewebview2.exe
4140	msedgewebview2.exe
5140	msedgewebview2.exe
5572	msedgewebview2.exe
5484	msedgewebview2.exe
5860	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "5"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 9c003100000000000b59949b1020534f4c4152417e312e50524f0000800009000400efbe0c595d700c595d702e00000067ab0200000003000000000000000000000000000000b9b8f80053006f006c0061007200610056003300280046006f006c0064006500720029002d0044006900730063006f00720064002e00670067002e00700072006f00640075006300740069006f006e00730000001c000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 9c003100000000000c595d701000534f4c4152417e312e50524f0000800009000400efbe0c595d700c595d702e00000050ab02000000040000000000000000000000000000005139ff0053006f006c0061007200610056003300280046006f006c0064006500720029002d0044006900730063006f00720064002e00670067002e00700072006f00640075006300740069006f006e00730000001c000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000235c31fcede4da01cd2f5565f1e4da01eb5e9c96c0ecda0114000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions.7z:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
4916	msedge.exe
4916	msedge.exe
4436	msedge.exe
4436	msedge.exe
2936	identity_helper.exe
2936	identity_helper.exe
72	msedge.exe
72	msedge.exe
72	msedge.exe
72	msedge.exe
2216	msedge.exe
2216	msedge.exe
5860	Solara.exe
2080	BootstrapperV1.16(USE THIS IF SOLARA RELEASE A UPDATE).exe
2080	BootstrapperV1.16(USE THIS IF SOLARA RELEASE A UPDATE).exe
2080	BootstrapperV1.16(USE THIS IF SOLARA RELEASE A UPDATE).exe
352	msiexec.exe
352	msiexec.exe
4436	BootstrapperV1.16(USE THIS IF SOLARA RELEASE A UPDATE).exe
4436	BootstrapperV1.16(USE THIS IF SOLARA RELEASE A UPDATE).exe
4436	BootstrapperV1.16(USE THIS IF SOLARA RELEASE A UPDATE).exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
5152	msedgewebview2.exe
5152	msedgewebview2.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
5860	msedgewebview2.exe
5860	msedgewebview2.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe
3584	Solara.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5364	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
3204	msedgewebview2.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	4508	7zG.exe
Token: 35	4508	7zG.exe
Token: SeSecurityPrivilege	4508	7zG.exe
Token: SeSecurityPrivilege	4508	7zG.exe
Token: SeDebugPrivilege	5860	Solara.exe
Token: SeDebugPrivilege	2080	BootstrapperV1.16(USE THIS IF SOLARA RELEASE A UPDATE).exe
Token: SeShutdownPrivilege	5032	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5032	msiexec.exe
Token: SeSecurityPrivilege	352	msiexec.exe
Token: SeCreateTokenPrivilege	5032	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	5032	msiexec.exe
Token: SeLockMemoryPrivilege	5032	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5032	msiexec.exe
Token: SeMachineAccountPrivilege	5032	msiexec.exe
Token: SeTcbPrivilege	5032	msiexec.exe
Token: SeSecurityPrivilege	5032	msiexec.exe
Token: SeTakeOwnershipPrivilege	5032	msiexec.exe
Token: SeLoadDriverPrivilege	5032	msiexec.exe
Token: SeSystemProfilePrivilege	5032	msiexec.exe
Token: SeSystemtimePrivilege	5032	msiexec.exe
Token: SeProfSingleProcessPrivilege	5032	msiexec.exe
Token: SeIncBasePriorityPrivilege	5032	msiexec.exe
Token: SeCreatePagefilePrivilege	5032	msiexec.exe
Token: SeCreatePermanentPrivilege	5032	msiexec.exe
Token: SeBackupPrivilege	5032	msiexec.exe
Token: SeRestorePrivilege	5032	msiexec.exe
Token: SeShutdownPrivilege	5032	msiexec.exe
Token: SeDebugPrivilege	5032	msiexec.exe
Token: SeAuditPrivilege	5032	msiexec.exe
Token: SeSystemEnvironmentPrivilege	5032	msiexec.exe
Token: SeChangeNotifyPrivilege	5032	msiexec.exe
Token: SeRemoteShutdownPrivilege	5032	msiexec.exe
Token: SeUndockPrivilege	5032	msiexec.exe
Token: SeSyncAgentPrivilege	5032	msiexec.exe
Token: SeEnableDelegationPrivilege	5032	msiexec.exe
Token: SeManageVolumePrivilege	5032	msiexec.exe
Token: SeImpersonatePrivilege	5032	msiexec.exe
Token: SeCreateGlobalPrivilege	5032	msiexec.exe
Token: SeRestorePrivilege	352	msiexec.exe
Token: SeTakeOwnershipPrivilege	352	msiexec.exe
Token: SeRestorePrivilege	352	msiexec.exe
Token: SeTakeOwnershipPrivilege	352	msiexec.exe
Token: SeRestorePrivilege	352	msiexec.exe
Token: SeTakeOwnershipPrivilege	352	msiexec.exe
Token: SeRestorePrivilege	352	msiexec.exe
Token: SeTakeOwnershipPrivilege	352	msiexec.exe
Token: SeRestorePrivilege	352	msiexec.exe
Token: SeTakeOwnershipPrivilege	352	msiexec.exe
Token: SeRestorePrivilege	352	msiexec.exe
Token: SeTakeOwnershipPrivilege	352	msiexec.exe
Token: SeRestorePrivilege	352	msiexec.exe
Token: SeTakeOwnershipPrivilege	352	msiexec.exe
Token: SeRestorePrivilege	352	msiexec.exe
Token: SeTakeOwnershipPrivilege	352	msiexec.exe
Token: SeRestorePrivilege	352	msiexec.exe
Token: SeTakeOwnershipPrivilege	352	msiexec.exe
Token: SeRestorePrivilege	352	msiexec.exe
Token: SeTakeOwnershipPrivilege	352	msiexec.exe
Token: SeRestorePrivilege	352	msiexec.exe
Token: SeTakeOwnershipPrivilege	352	msiexec.exe
Token: SeSecurityPrivilege	5540	wevtutil.exe
Token: SeBackupPrivilege	5540	wevtutil.exe
Token: SeSecurityPrivilege	5660	wevtutil.exe
Token: SeBackupPrivilege	5660	wevtutil.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2332	MiniSearchHost.exe
2820	node.exe
2164	node.exe
5364	msedge.exe
5364	msedge.exe
5364	msedge.exe
5364	msedge.exe
5364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4916 wrote to memory of 3868	4916	msedge.exe	80
PID 4916 wrote to memory of 3868	4916	msedge.exe	80
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 668	4916	msedge.exe	82
PID 4916 wrote to memory of 4012	4916	msedge.exe	83
PID 4916 wrote to memory of 4012	4916	msedge.exe	83
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84
PID 4916 wrote to memory of 2968	4916	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/7vas9gdrufnnyc3/SolaraV3(Folder)-Discord.gg.productions.7z/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff909d73cb8,0x7ff909d73cc8,0x7ff909d73cd8
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:72
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5528 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:72
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8180 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8148 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,11208358719648045222,4355063605469570213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1040 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4140

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2340

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\" -spe -an -ai#7zMap19056:138:7zEvent11342
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4508

C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\Solara.exe
"C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\Solara.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5860

C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\BootstrapperV1.16(USE THIS IF SOLARA RELEASE A UPDATE).exe
"C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\BootstrapperV1.16(USE THIS IF SOLARA RELEASE A UPDATE).exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2080
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5032

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:352
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 2F277A9F60B91C09A039794D059BCD7A
  2⤵
  - Loads dropped DLL
  PID:4872
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A26330B2EF99E682E38232B9A5BCF46F
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1792
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C68E71A4B0036BE9AA625F886BC8FD73 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5428
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:5540
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5660

C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\BootstrapperV1.16(USE THIS IF SOLARA RELEASE A UPDATE).exe
"C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\BootstrapperV1.16(USE THIS IF SOLARA RELEASE A UPDATE).exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4436
- C:\Program Files\nodejs\node.exe
  "node" -v
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2820
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  PID:3584
- - C:\Program Files\nodejs\node.exe
    "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 42a8c34fb47b4ca7
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2164
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3584.2844.8668260663006401351
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:3204
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xc4,0x1c0,0x7ff909d73cb8,0x7ff909d73cc8,0x7ff909d73cd8
      4⤵
      PID:3976
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1900,10285448562395841123,15000241478844282038,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:5140
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,10285448562395841123,15000241478844282038,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2164 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5152
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,10285448562395841123,15000241478844282038,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1872 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:5572
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1900,10285448562395841123,15000241478844282038,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:5484
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,10285448562395841123,15000241478844282038,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4716 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:5860
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1900,10285448562395841123,15000241478844282038,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4124 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:6112
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1900,10285448562395841123,15000241478844282038,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=5024 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e63c210.rbs

Filesize
1.0MB

MD5
72ed7072c3d493e196ed92eb240382cc

SHA1
25547c3ccd1f542862a7d8369b6b4f24d70d34da

SHA256
ff9384de7c8831ee9244a31339f6236bbbdcef17c5c403b7713f14486a086759

SHA512
9b55590d7826c5e5b1159869b9f44c04c4a13cbdad41057f0d53e961ca993c6b2ed7d450af603993f0dacdf0dc09d8740f314dd84289db505495e77cd8c7a122

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
2a6686d512ee9ba8b75e0bce9a794770

SHA1
465e00320c74d4481a5e7e7242aaeb60d02e2fab

SHA256
5afa5bcab0d66f0dc65ccad359650730ace53dff1d891cd33a9f54aa43d34419

SHA512
ff44d6f3e7be06c98077a00854edb0ca122fc5c98c976f86787c7b003d224f62c1079412e7c5cdb36c2a6df0825dd17ccbffe44eb264fa63e3d1e44654af74b2

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\31298846-b359-4f97-983d-33a7cb99825a.tmp

Filesize
8KB

MD5
b8614f46e30de74547f53bc924bfbc8a

SHA1
10d78641e8ce43d593e1891b940a0989b8751087

SHA256
905fd262572e748eaf85194fb6e8eabbf5a464248028b5369fca48a05c47f1c2

SHA512
cffbcc3a1ac78f5afcf99e2f198136c50e92ff962e96fa97a5e35182c54b265cbe63fb5bb041dc555f936ae863026a5d37caa4256e764f1ac3da714d9ff1968c

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
0ed13eb16cdbc80b1e5ffb692943d212

SHA1
84919356f3f7baa2e0c6a07b6532d3b60dbc8e69

SHA256
e9d6373c02561d07ff1da0c1b5383f6d2683d6fb09fd7f3a6abdad5cda347d4e

SHA512
8fc838e38650c343c9d50a4d5cffcd197ed66c7d94e4fdc595771e638d61b2358376157870ff23246dced297c11bff0b2548f42766d2ec429f6ab69869bbfc6b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
f110bc0d0bafd87700931327059efd7b

SHA1
b1d6ebeb1d37a60415f243f7ca01cd0307a668c7

SHA256
a97447a065d36c774d2e1f2a848ea40911d63a6f1e42228c253619ef0002ca91

SHA512
7ee0c31e85fe0c201eba3c51a2fc955100e4efb099bf31dc61fb0e08373f44d08b0b4136f23698472a42985ae64c1bdd2dbfdc452bb2f2dabac199580a406a36

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State

Filesize
930B

MD5
5934b50a9dd2962b5e4770d32008ee98

SHA1
1a55a640c9dba4a94f7db7209bfea92724b27745

SHA256
2be2c264a942b59c6e0b452bde66b647f2c55fb777774e4ca25f961b34aa0c45

SHA512
76d8c61bf358c356a4e5732021a4893c8738cf2a56517dd05b47cd6f583db97956cec2c60eb38034a2104ad2508169473ef06007ff2ffd44cee4345984eb6872

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State~RFe657904.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
94fe3d5be75f14f6c19501e82081f805

SHA1
74e0721a9a438d4a466f7ecae716dc3f140f0912

SHA256
bb549694c58c73ecf08bcc334897bb68c9a7eae14412c17f317407b55c1166b4

SHA512
91a341f1a31098b13fa65b62bdd1cdf1415184703218fc1a88951bb6330fe0f243edb1c29630d3caca95fc7ea59c4f4bdc1fc40f1a79774801dd2518c20aa98f

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences~RFe6576b2.TMP

Filesize
3KB

MD5
d545570d28e17e2295e51ee69bdf4873

SHA1
7396416dbddfc39e306ec7692503e355ad93cefd

SHA256
3614c8dc35a440287ba71ad3084bd9d2561b855ffac93b570e2da5a0a5e2f0ed

SHA512
5f5a336b67e5e11616b44652322f6703588a21b3272789842c4010ed0fcd9321a47d73bb41b79da4c128e12043d39a2770d8527f6b4fc8d9c765e8712704504e

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\ProgramData\Solara\bin\version.txt

Filesize
4B

MD5
593dc09207fef6b89479d8f429fa85dd

SHA1
de55dd91d2daf767b826c772364d218039ece3d8

SHA256
d5f2a3e30f900b1844a2c224e051589da9feee17bbd33742289f9e19f713353a

SHA512
8cf28482664ab6242740ddf7d88d502a76781d4164a64f542ddfb97498e3903d68f700d7e5713f83caff8d0dec98493c21a305cbca3ff96f915f35d0b9cbb9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BootstrapperV1.16(USE THIS IF SOLARA RELEASE A UPDATE).exe.log

Filesize
1KB

MD5
31c453119ec9dc7752421c693ba52edc

SHA1
cb96c8fa3036dabe3846a90c21a71e5578acf059

SHA256
6dcd9446147f57c13b75a331467fb80abcd04a0fc09a4b9ccc076b173228c5c4

SHA512
d43611ed2976300dff71828681ab2e6b85707ea60810c129088023c10c71440decfa8f8cf41e75ab6c03bcc14b334c503d38581aec2eba75b76fb1223f94f0fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\18a8b8ac-a10a-4491-91f9-502318510127.tmp

Filesize
11KB

MD5
f6c0ad2fd81527902b6ba4f8828cdf60

SHA1
171301146307efbccddd69e6ca2df407291f97c0

SHA256
684c69ef4bb7df8a728192bf3348e66d486e87ecbd406c0715cf1aac0f433089

SHA512
9c74210e6aba1c208729ab1c245309623399f9f0618ac12bf283322b8f7b78588237a7b613a05bfd43d05d567437eece1d497d17d7dfcb20fbc9181132a396f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea667b2dedf919487c556b97119cf88a

SHA1
0ee7b1da90be47cc31406f4dba755fd083a29762

SHA256
9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

SHA512
832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
20KB

MD5
af076fce47d859d009c16f2192bc94b3

SHA1
2f56c334cd6338b69a0f39c3edd6ea0a5b21bbd8

SHA256
d36457358687310d026665a3aca628637697a703adde698287a3ea25ed49497e

SHA512
d89b829f8292c2ce770b54c86eeeacb0f59e251134c17fba214649b132a10b99adf120b45b6c3c939b1846ada1626b683cabcd6313748c6fe62e1e72086f1a2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481963cd074f1a48_0

Filesize
268B

MD5
aa26a805e9f6795404fab386bc4d86fb

SHA1
e15bfd72ecb67b088f82f4e8d3f55d13a604ea52

SHA256
ae7afe015d7d07a2ffd2fd512b5acd9c21937f284afd8d63dfd254cf1637b3d8

SHA512
f4e891ff0a3d13de16e68900e21c72bc9c28f02b6193c4135874e8b5494baed15da0121910a5af768e6d99a1bc4b369d9dec4f167930e10596b7cb6151ee02a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56d6f409590db490_0

Filesize
55KB

MD5
b19619a2a2a63c66b7eca8378db0ea1f

SHA1
294f3cf02bc7871b92a2ed25c83c3fa1dfc98faa

SHA256
7a4bb1c0c3ff9ca8632f0481a3d3e7670ce1276324c7fbd9e3de6b9c6672e149

SHA512
dbc0c7547d0306cb3688661350ca95a660a96f81c6ffd81c356ec87d34e41d9fe025f62c93d1cf103366136830022a5e0955e2264ed0fb121bf989f6fbdb4e26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0

Filesize
21KB

MD5
fa9d447132cf306e3e05be5eb117e123

SHA1
57a5e055be82aecf56b1e1396e071ceb8a158b52

SHA256
6e7174876b43be60bf6127aee030301fe9c22267b8e7468eb5747b4bb12d7435

SHA512
9d9b4947251158e4c5d199d204464f497bddc9b21390d9403635565447f1fed3b35fc05ad84f87bf0b4270a1ffedabec0f84b2c95f8a48500b9bcd29e5ee591e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b13d9848aa9ac2f2_0

Filesize
278B

MD5
876a2809a8c01ae4bf136e09b2c2f2b0

SHA1
b1713948a11368de3b512f0abb6fccbe1dd173e1

SHA256
48a6705d8f3236ce543fcc16f1a1ff024568930602ecbe3f9c502c6620117550

SHA512
42574229866809a84d29b1ea709b7f59e4a71bce1952205975de3e8ba450c5c54d8fe51bcf5b923353a0a99ef6d5b54902daeff033b9d7d64ed798ee73a781ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bcf477f9f940739c_0

Filesize
159KB

MD5
50c6afd1af5ae7e452604a904e7f5ac4

SHA1
1f478dbcf4945ba9f0afc735d71d7b591e1f7bd7

SHA256
09d066f14ce1326a0fa4226408308fd5e9009266729137899eb8a44fdcb1e90b

SHA512
13a2a9a8445c3a1a73e5893ebac4471a8653c267aa793e53afbde35e4839596577b3e5bff5fa66f3678964aa27e3f69c44ab02f5446ab8566018c487911c1bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c472784dec098560_0

Filesize
10KB

MD5
ad716998169104a48fceff0b53e85fbe

SHA1
9314a55328e7d75f6a2edb8fbfe3799fd6035673

SHA256
a282a15afe404b09fd9eaa33ca7472128ab22ca04f9093607ea7ee4af6ab2839

SHA512
aa66587b743c23472147ea7e2ee6b85c6a56e8c56339f04057f587251965dc715900f04edda3d52f302de63bbd0dbaefec40f6bc198a82b06555d52c1d4770c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c810183d218dabfd_0

Filesize
329KB

MD5
fe8da2d1fbcfa03949514704fe026922

SHA1
ca973664e14e350d08db63ed49df627c80baf840

SHA256
be0b0f27007a8c2b45b714d9ad128e400cdc61d2a82a2f20d339b968b79484d9

SHA512
1c600f362c2fc3e55be14c238e4323e381a53060bee3ff11cab3e3bcae5237c02b3d0a4c44467e345d01d5bbe7429cbbc77d4aea2ce1279ec7bb9eba8d85ef90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1745aab2d57181decf6745965cae5225

SHA1
09197db3f8f261e854aa7c042827be742aee4efb

SHA256
1b9283def06e5ac55bc9f3955e56f27f09724071880a11260c7af31ffed486f6

SHA512
95ae2bde5a78ee4856e939a6e6d53b92b5ed96f41232f3106c19fb2d04d9fad00ce5302b0340bb1ffbe8840eb7d7933d492d1a83fbcd573ed66da6b1f16b2569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
73387d6beb2c14b5455593d7d45552c1

SHA1
1f1b0172e54299758212158bbee530f28c965047

SHA256
1036325ab79782cfe4056a53311fa0f25941f1eff470534e6b5b8414f0bf85b9

SHA512
6428bb320e91390b149f040aa964feaf9068e111a652920e81bbec9b9740d2027a79f7b49f80548b6442b379148df0d863f5b4dc524c03b30832424e45581a5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bddc7cb09f0cd4061d757f992fd38f35

SHA1
c2718ce55fba5f05a9ef54657db1774f4e2a8a57

SHA256
01fc13d45ee56f60435f9e636f85bee1c2a8c1461d6d0f696ed1aeb680444595

SHA512
58de2c28990dede892798e4be5ccb9346ada6d6f96ca614b34bf3281c42dd148425b38dafbf233935db65176ab27f39f2e61e1a0b92f1adb00b99e3a2aa9466d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
02bb71ea1778e579f5863f533a014dd1

SHA1
049b146ba545593665a8424326bc56501d1a8e14

SHA256
38fc1ae681dc14c881150a111c18c885e25ae41ddc6f8b4ab8507d7a1b4eda3a

SHA512
d8b32678ddad24eae9a9875a5b201250140eb81b993f2014deac0a4dbf1965e924f82ef3103e88d3b30162942c4e89e7217890856fefaf6a7482ea063aaa86e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2fbb0b270b950bb688d0a2addb38e27f

SHA1
a041a390129ab83246517151bd5b15f9845769c5

SHA256
76d2788e8bf0c99c90905dcd77c442bf56cbd9efcc8f426cfcd84c19f3f772ca

SHA512
d4e35afc42da607e808caacf6ea8fa2bcfeda9a89f0184f9a37368c84d611b5c0e01422ec6d9eb447a31821913ba3a7d5964c4fb98ae6480b3895aff86170346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
228caf446cc37a27384590d095f40445

SHA1
949b8553b079eb70306398da12ac9e29e1bb2e01

SHA256
c24f47c5ccbce404fa804f7510acf7c1f21812355a3ff8035e8436a73ea11901

SHA512
2903f1bbd14b3df54c4671e4ea8c0e907eccbacd6ba50ac4dc01d918c8a258066c2712972ffd09a3a7dbe874c1dbcc51dd9d7504543f8ba2e0347871fba8c1e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9ca62d46b235207df3e8376b9e30e86b

SHA1
8e7adec0f4894f47813228a695b68c6781596bee

SHA256
acc6f851de775f8e89a5d7e07d9a0411d1e9ea9c9cf9cc6dc1f290d8682f37f1

SHA512
b17e9466f242df482853d9101c851a511109779ee3f90ed40391a01ac00040040a5845db7fc1135f1e1fba33c9d37adaf2598a7ce65a72d004b673337cfe04cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b2ea9a8d8e4c7cc5f3362a1cb75bf708

SHA1
97cad3a2756cf2ceb6ca71d8504c2f2e87670d39

SHA256
fe22ba0e57ab1cf22fde41016aa73806054a4feca8d707d7a58e614ddb7922ed

SHA512
a85757d64123b2cb227a46bc25fdc3249f60cc2ca361550fd0eb56edf790a976ddd9757a41c59821f927e0d1ee55fd79262a4e73ac157ffd3e8bdb763050c83b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
934f79b2abf587e1c00ba0c742da3574

SHA1
4d00c62c6b60b187399d2eb10ef096102a99ab1f

SHA256
14934f6debc1ad4612fbe7cdaeb83623d87afa1bbbe355c61fccf874a758d44e

SHA512
efd5d92f5cedc29b84342cc1f1f00b00accc53b8306fd4b1e13a447037c526452ab82c65560f557504e4d424b2b6fd9b50028068086fa003150a111b01b36930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ab5ed9ee3ef16c27491da9f7cce5f13b

SHA1
7c409219e01a680515d8d8988e56b2c5882d35fd

SHA256
0438b432af41a3f0421522751c4f2baedd9baaefabfa7d3504238f96c002d4a9

SHA512
7910c54ea16823ba2f648d16d4fde2fab7de99987c1e3f1f3ba39e4720b7f9fcd77374163aa135776af4695441921f1db789879e15151ca7685da1fa6f219975

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
28f66c001b001ca271a2af0286f0e7b7

SHA1
9061b424795508c8f0ea35e7127a41725f54ecfa

SHA256
a486c3a5bdb32c277e46c3d599fbd2b43a52320844ad44664187bcfc2da342f2

SHA512
1c61cc0a472aefe747a9bb6cda2f90ebd835529cd13b62ca6706c9a48b12ef6971e738d4556c0f251bdf158cd0ff9e6b669c097148d8acb4b38dff44f804af3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
5a1a6043de3072c99fbf80983ab31eb1

SHA1
91f2ceb122b63394467992e8161b8085f13c6eea

SHA256
4e8a43f2c8db7836115cfe170347935c6c224ae42fe8620d397e0183c5673572

SHA512
1ebf9c8fa184ef1f2e6ed30944b395914db3753cf939520d46ed6842ac25f87a5cc1525da108ef94e48c0393f3b3044d36f3191daf48f92c45428e0aba7d4cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
25addf40e3cd590b34906f5e2931bebb

SHA1
5dbe6059db3cab1616787c0249d5e6592cee3644

SHA256
b55ad0087f860b65370f2fd756d85b6f9a1d253b5a732a2356e0b798853d9755

SHA512
6b68185cbaf8c173b7ab2f60291748a2a2963067baa6e4a3b3d845818d145c048bebca61ad2e2303f8ddd1368d762eb2ba00d14f085be96d5968a1abe4851b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
92d57bb4a745badbebd92e4c59f1b886

SHA1
8e92caa7b03eeaa0f768da4f6bcce58c48e1e430

SHA256
47d350b466d12dd9e607bde06db089aa1a295c9673d8bfe84f463e05dd8d4414

SHA512
d14e823e4ae122f831fbad4cfd700141c40398cfc108c08c74f229442f10193d845b65599aaef1997549cd13eef743213eb9556d9d742d0061fdde45f8e34754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
621a3551a2fb32160bb556cf9b17cde7

SHA1
13f152814e7d7585ba85bc3a727f5603426ded35

SHA256
e0c17fca693c17eba2a2131fda67be3ac00a350ee201e1cc0267b0d073e58643

SHA512
b09a0d525d69d662fac1500472b6298e9a10e02d2bc35e55757e9ff218a0c3362318f53286b51788934032eee41499ca43c4ded8f37d7d78f3dc9d5000c2b97a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
959013f4f690c86d9a2118aa809344db

SHA1
e83d085a2cf8d62951c1646f63b3fbea469c7422

SHA256
28ac6707bd1ed34edd2067f0bc9e2785474277de97a43c1247a06994858cdbd8

SHA512
d15bf294daef1b3c2c4b424e489ab37267e999018699bac6d5c97a77f0da0a41862ec2d5e18ca1fff2084fbda8fb0acdd9d7917c626b86ea9da4cf6a51274edd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bbb834c13ab9c2618092ab8031c0c8e8

SHA1
dcede4d8dea940ad988e10c423cde2e97d4b9714

SHA256
39679ae2bf772397ff10f34891f3df9ed8eadd81ac9823599df912028150f5b9

SHA512
c5838e5c15d1d3abb122c11e0430618ff5d619ef551f41358c0452ebed78a8e0c1c6c16076246c36aae47e1f39cceaf17d39e5e8de8b95808546406737f48826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d0f952e3c477679fab122c8da1d52e01

SHA1
c3e60f8a19b883f16bbd041fb2aa4d986eb3bd52

SHA256
80d9250dcd8ae7c13dcf62cb12787b6cd34e7f1894894c739f4fc2a4ad3baa1c

SHA512
9079c964bd7d7f46c50e2159d3aac5defdd13b8d532cae96cb025fac342c1feded7d7a12f70911309333fe1df2bf2dafbbc17ea1192211c91cad52c364e13468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
c6f4ed3801bfb90f331d764ddb34fc48

SHA1
56653f68e228b6acb56e80dc13157e037f97133f

SHA256
7a4448adcc6e41e0e174dae93fb23f292d067b1b3266142d1295a69538cf8b65

SHA512
6fd884c6c5229dc77e9fed19aa7ae227e0ad199fd8e1d2fe57f3a4c98c77897a5b39806619932e8b862803b511bb5890f50bdbe05381f487546e1f7cdff7ccc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
fc9486e72b3b37d45c527f8ecb2a9f15

SHA1
feda1d467d1beadbc1164a0979c2ecc428c6c359

SHA256
e30d3c6ec7d241b156d5cde9fbdf3cd2037a5e7323177759c9c921e2812740be

SHA512
8e2aa88a71fa1f422fc3ab1abaf6cdd035367a8110cc3ad539218ac074dfa147e0d1bca344e34e86bfac6f37991302b73af7f164d936c3f88c30bdd013374246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
66eec8cc8ef4ade3bf25e9cde7209782

SHA1
50628e033a20c802fb3a10ef4816d1e810d53b52

SHA256
1209f089dfc33fd2f046aa86d79da739f0a4cf3f11fcedaa165d95ae7d772a57

SHA512
24b0f7341297ef317b22691c2eebb0f12a8414585cbdd95122905dcb872a1cd7c0b967b8e08de54d13f6bd0523ba7e19d903c3dba12e9b8de93c7a393dcc3acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
40e8daca5f7a8fe0416f1ac624158159

SHA1
27511c4579e65088cc752235f01f5f80dbaa1caa

SHA256
1220cb8b30a2dda5d88a1aebcb2235cf9a46e4f4d65af7f6b600f08ac77957a8

SHA512
deba9fc20d7260c3372d45bd0a3cf7c73fb8910da61999f35a8fde2e93dd11acdc2a44132fe35f3dc135f030a0ded452eb10a365c5cdf187fc57246564e37b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
12dbf54a3995dfbd8660fde16154cd29

SHA1
ad24e6d1005eafeadb608dfb743ff2e5944d8575

SHA256
1904d173c93005e5843af718583c83b965783bfe5634355d44d31114ab5f97c0

SHA512
62fc10d14ee4f3f098fb2dd5914c3a92682d8c4d442f2343cc25359a854a50a811e57bae76614c3bf3b442dae8c8e2249613c5908b5de870e62b1b212edf8351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e03cc26d8f2b4193efa007c14e739daa

SHA1
ae3cc83851b35b43005ff72ce8976753b44edec3

SHA256
2964ee9f8d3c7354134de15a38fc1349517a658cacea83940111aec4e4697afd

SHA512
3f3e66bc5ae282c41cee3c3c17599bb900c3364bfe9169d8f7bea625fe994ed8b4ed9ef10fcca6ce651213a249d1afeade657119d098eac07b165c6ce4271580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe655a51.TMP

Filesize
48B

MD5
4569b06470c16fc8ce8388fea8819c0e

SHA1
0cb42240da9a998e46e564d03a46355261795f3a

SHA256
a9373a4c336cba862befa3441e3f79a7103b151ac5e58b318a90e60096520fe7

SHA512
3c0b035d17e052db4168ebcab7611ac872ba2b57d3962ac29718ccef6f2a1c4f5a1ac5c72f607a2a4032ac50c72b2c78cc8833326c4c143b9417f3927b20903f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f6d008b717e5f85ef2b9a08599172a3b

SHA1
478cf198460800edf266409ed5e58b1bc03700c6

SHA256
c1f0305e9304d86a2f2bc36eec8c6bbce3fdcf21122f89710acb0bf8e72f8a23

SHA512
234ddecca2efdc9be984d9feb887f7ef670291500ee07e09f88a845cca9269b2fd25f8936b21110d24744ef14d2aafd8ec848dfae589141d62d7c643db0212a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
33e521c70f653c9ed5dc41a9cac7b058

SHA1
ecd64b753b389a529d00070e92a5fb865900df5a

SHA256
67cf912c3d959e7a8a0d41b6cd6ba77fc6047b5aec20803f6a16c939588906b5

SHA512
09ab62cf699ba69fdfc344dd9444d9ecadb284c3b99eedcdeec9cb7e450ddbf75c4fb54f2f8ab6e42126e01d121e4e2e107e22d76fc470423d18815110eacc20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b54b41401e4f0a45cee7704433e10ea9

SHA1
cf0eca1d6067baccec58553956c27ef3d4af23bb

SHA256
f828ef0897540fae541b9b59333b30ec37bce61d21ed19753f0cdf2aa782fd16

SHA512
4c391674e8d7f066f576c6dc307ac8247b6a5d9139120fb0ef4bf10db70eebd6bdf7ec6c777686125f4334c979cfacd160a4eb6b94e7de9ad93db22990e96261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
693180ed70974a673311d165bbf244e8

SHA1
35449080dbbe30b6af475401d9cc12f12a35e1a8

SHA256
d2d438ccb1204a6fefd30845ea130cb0c111385e1fbca5c020f8444d2dc668a6

SHA512
cacb5fdbab02c63e6d064b5ef17caabe7c49553ee34226838c4c240200886ac4dfe653a366849fa2b9531f8ec87512284a13bd8c2157becefe81a40a45a8746c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c3fb0.TMP

Filesize
538B

MD5
68052901a2ff029eeb7971b95fad3d8b

SHA1
d15c99af19be1fa2d3ab8ed81bbdba9a67334896

SHA256
982109c6d9adc03b05712f94f64a3550d673073643f48b506efd6aaa43d91857

SHA512
bdbc7bfa80cd8ae6fb0f7291b9427bc20e5f43baa3e5091aab16f4bb4a2d09f2a4afe0870c28b8c884dc3defd575097c2cc8b6dd38d044fa34ad28314d72fcbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d734402ec85b39427436432d87d8385b

SHA1
fe2c9a46bab3715d1ef7b90ed87bd02198705e30

SHA256
846ccecece7c2c6bfeefcc6bb22e17f05ddce3a2d45ab3be7a8d6f9b8b63f2ff

SHA512
53f2c31e2cc10a77158a20ad5d9dd699e77394afc7d33d974351d70879612bbad59411c996cc36a0cbe1c4f18fe1ae5805f8512c07504833c601472539618cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2db742322ef02abdc19e0619614f0434

SHA1
2bf725184deedf731aa22b57f2df92ed0d899d9e

SHA256
2f8879a379487416b88fb4932b98ba73a6d5918117f4fe6f24a0c5ffb2c7bfa3

SHA512
b3d4f8aa38e49706faa2a79e655246540a14924c950c2a1aba769b0d23540f9807fd67dbdf519f00abaa16c29058098ac7b66e9f7635ecfa0fbf6a21952bd3ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
83fe2dced6802d71899567b2cec798f4

SHA1
dc76fee10c97345fb35625742afb4bc00045b89f

SHA256
58b7d66589a06438feccb9b01ee0ac265390ca9164cf9eefafa7a04528f3c763

SHA512
2640cdab5e7b77f35fe9a543ee356d83e0b65c4abcc79a6c34b598a0e1cd466bbc00724212952274719242864c4adab1fb9c0c0b7564e2a743778a2b6c853c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
df8d5ff9eaf711875406bb1ee9a2c02a

SHA1
082c5559b43660048ceb444d65d89cf924a7bcc0

SHA256
d2da5fe18874a4721acdb7b04ef942ec59095761893db07bd388eb002bac3aca

SHA512
782b7383647c14277108931ec2ffb8eea4a9e945e0964a6ab9bab5f7e8470e5f537c6f814da6d91d2256efe448d7e2d7b3d7d08eafc89353f817c167a0fbdb06

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
26d98b946f17c556ed48590e1e6afa3a

SHA1
e8f42f8fc64a498a5549da2a7e687f65346ebf84

SHA256
b2b3884625d0b3bc36888649d7c3a9187a29aa782fa68a3dd5ddf82f19ed9f91

SHA512
f09c4a67232efa5cf2a66bae57a2222b89fb45700da028a37598fa6b3cb760a8a84609a4ac91d4b314bc5e32f5f5d198d048ffdb9804b38d93e741a87285884e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
3e1f5eeae74491d8850ef2c8b03a9a3b

SHA1
0c02c9c2550107de6dd0eb740ac5668f292883c0

SHA256
66756c0edf3925de7bcb685385e2a4f0b854cffd796a9e90eb1ed064b1fb0e30

SHA512
7637f0807d88dbceeb68823a044583e2248ac1ba73c000da6560f94075635a27d15970df7e52f8315bdc2f1c45cff6f1ab7690e916b58307a533f8df24329c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions.7z:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\BootstrapperV1.16(USE THIS IF SOLARA RELEASE A UPDATE).exe

Filesize
796KB

MD5
76639ab92661f5c384302899934051ab

SHA1
9b33828f8ad3a686ff02b1a4569b8ae38128caed

SHA256
6bb9ad960bcc9010db1b9918369bdfc4558f19287b5b6562079c610a28320178

SHA512
928e4374c087070f8a6786f9082f05a866751ea877edf9afa23f6941dfc4d6762e1688bbb135788d6286ec324fa117fc60b46fed2f6e3a4ab059465a00f2ebee

Download Submit
C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\DISCORD

Filesize
103B

MD5
5aa26de003aeebae624a08de919c52b5

SHA1
ff1a4dd7673a6b604324e1363738658cc4d565c0

SHA256
335052f362ac50a1d52e8268ebc4323f59644ef7988cb29ea485d57745667bd2

SHA512
43220140c68668fd309ce343c06e22910dbe6b74818a9a0f07da052cd8d6020524311c6c00201fc3bceb6f18743ba07ae65e2d4900dd79fab7218bef5caf192c

Download Submit
C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\Solara.exe

Filesize
133KB

MD5
5ac0462702a125b10cad429f1a29ebe5

SHA1
9a1f9e04fe156e929ef8edecaf9f11c7a5ee9ae2

SHA256
eb6c724328e344f63d7fd7207b89e7c192411d624e69d64859f282cd36bf5bb7

SHA512
f44af2ce1137bc7c8f9b54e605c6f08c0f1e56861d539e79bc35f6ccc724f8c5df15ba3611622172c21e57e19a2613cce132f6e3ab3e239fb5263b22b0add5aa

Download Submit
C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\Solara.exe.WebView2\EBWebView\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\Solara.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\Solara.exe.WebView2\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\Solara.exe.WebView2\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
5fac0a943782d6acc18a8ff345fb0984

SHA1
385b1c2b59dff2aa117e12531a8b4d26fec4f52b

SHA256
29da4108eaeaa7d42f31da0531de53648a8469ef8d0beb73064809f8c06f6c1b

SHA512
adb4514a4f5c265fff3b44e8c71f532b24401f35bf6b6a735b11cfb1a5cd5f10c169b38d05f45c6139bd71d5e16f9d7c74bb0566b30b72929c8b76a0e04f23b0

Download Submit
C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\Solara.exe.WebView2\EBWebView\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\Solara.exe.WebView2\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\Solara.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\Downloads\SolaraV3(Folder)-Discord.gg.productions\SolaraV3(Folder)-Discord.gg.productions\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 568952.crdownload

Filesize
1.3MB

MD5
0aea2032be2742a64efcee0d1a53db96

SHA1
73352e143b64ae5a0f2c93b461a456165d273b46

SHA256
22c070e3e4e709ceb036e539d7203d61720468b1bc85103de785468b8985d0d3

SHA512
fc2565b846c50735c78cd8c11384290e4ed06fae89e62f88e204f4ee8489c75623378372f6abd72d201e5e1d28943f3ed40e0c6cc61a134cfebb465575a48caf

Download Submit
C:\Windows\Installer\MSIC52A.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSIC57A.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSICADB.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
memory/352-4316-0x000001E5C9700000-0x000001E5CA1C2000-memory.dmp

Filesize
10.8MB

Download
memory/2080-1672-0x0000025F98E00000-0x0000025F98ECE000-memory.dmp

Filesize
824KB

Download
memory/2080-4048-0x0000025F9AE00000-0x0000025F9AE0A000-memory.dmp

Filesize
40KB

Download
memory/2080-4050-0x0000025FB3760000-0x0000025FB3772000-memory.dmp

Filesize
72KB

Download
memory/3584-4989-0x0000000180000000-0x0000000180FA6000-memory.dmp

Filesize
15.6MB

Download
memory/3584-4467-0x000001A36CA30000-0x000001A36CAC0000-memory.dmp

Filesize
576KB

Download
memory/3584-4471-0x000001A36FD80000-0x000001A36FD8E000-memory.dmp

Filesize
56KB

Download
memory/3584-4621-0x0000000180000000-0x0000000180FA6000-memory.dmp

Filesize
15.6MB

Download
memory/3584-4466-0x000001A36BC10000-0x000001A36BC20000-memory.dmp

Filesize
64KB

Download
memory/3584-4464-0x0000000180000000-0x0000000180FA6000-memory.dmp

Filesize
15.6MB

Download
memory/3584-4759-0x0000000180000000-0x0000000180FA6000-memory.dmp

Filesize
15.6MB

Download
memory/3584-4465-0x0000000180000000-0x0000000180FA6000-memory.dmp

Filesize
15.6MB

Download
memory/3584-4776-0x0000000180000000-0x0000000180FA6000-memory.dmp

Filesize
15.6MB

Download
memory/3584-4462-0x0000000180000000-0x0000000180FA6000-memory.dmp

Filesize
15.6MB

Download
memory/3584-4853-0x0000000180000000-0x0000000180FA6000-memory.dmp

Filesize
15.6MB

Download
memory/3584-4463-0x0000000180000000-0x0000000180FA6000-memory.dmp

Filesize
15.6MB

Download
memory/3584-5052-0x0000000180000000-0x0000000180FA6000-memory.dmp

Filesize
15.6MB

Download
memory/3584-4606-0x0000000180000000-0x0000000180FA6000-memory.dmp

Filesize
15.6MB

Download
memory/3584-4948-0x0000000180000000-0x0000000180FA6000-memory.dmp

Filesize
15.6MB

Download
memory/3584-5039-0x0000000180000000-0x0000000180FA6000-memory.dmp

Filesize
15.6MB

Download
memory/3584-4468-0x000001A36F7A0000-0x000001A36F7A8000-memory.dmp

Filesize
32KB

Download
memory/3584-4470-0x000001A36FDB0000-0x000001A36FDE8000-memory.dmp

Filesize
224KB

Download
memory/4140-5073-0x000002AE714D0000-0x000002AE7153F000-memory.dmp

Filesize
444KB

Download
memory/5140-4490-0x00007FF9178B0000-0x00007FF9178B1000-memory.dmp

Filesize
4KB

Download
memory/5140-4618-0x0000019418CE0000-0x0000019418D4F000-memory.dmp

Filesize
444KB

Download
memory/5484-4620-0x00000233020D0000-0x000002330213F000-memory.dmp

Filesize
444KB

Download
memory/5572-4619-0x00000249F36D0000-0x00000249F373F000-memory.dmp

Filesize
444KB

Download
memory/5860-1669-0x00000243AA270000-0x00000243AA292000-memory.dmp

Filesize
136KB

Download
memory/5860-1668-0x00000243AA3C0000-0x00000243AA472000-memory.dmp

Filesize
712KB

Download
memory/5860-1666-0x00000243AA300000-0x00000243AA3BA000-memory.dmp

Filesize
744KB

Download
memory/5860-1665-0x00000243AA780000-0x00000243AACBC000-memory.dmp

Filesize
5.2MB

Download
memory/5860-1663-0x000002438FAD0000-0x000002438FAF4000-memory.dmp

Filesize
144KB

Download
memory/6112-5034-0x00000235D12D0000-0x00000235D133F000-memory.dmp

Filesize
444KB

Download