Analysis Overview
SHA256
2510be907ec476e8375ac7b5431536ae9a32bf99fe77ab695a5100852b111b96
Threat Level: Likely malicious
The file SolaraB (3).zip was found to be: Likely malicious.
Malicious Activity Summary
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Themida packer
Checks BIOS information in registry
Executes dropped EXE
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Checks whether UAC is enabled
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 21:37
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 21:37
Reported
2024-06-10 21:40
Platform
win10-20240404-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Loads dropped DLL
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\4183903823\2290032291.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.0.1212999732\2141643034" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25806332-ddc7-4f92-8b9c-9b95c10b3b2f} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 1812 1eff2fd6a58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.1.704058579\196351236" -parentBuildID 20221007134813 -prefsHandle 2148 -prefMapHandle 2144 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {487f0c72-ae47-464e-8db3-fd05c6ad0327} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 2168 1eff2eef258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.2.714498601\1773051881" -childID 1 -isForBrowser -prefsHandle 2784 -prefMapHandle 2892 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {358b3c75-f11a-4d68-8a24-b4055c0b30d4} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 2948 1eff71cbe58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.3.157506670\2044405844" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3552 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1a78aab-3077-4471-b10a-8c57aa00f7ff} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 3560 1eff5786058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.4.654295130\171385647" -childID 3 -isForBrowser -prefsHandle 4300 -prefMapHandle 4296 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {43ac17d8-d9f0-4b69-b384-d11577ac7704} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 4324 1eff8fa5158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.5.988405865\1275447640" -childID 4 -isForBrowser -prefsHandle 4828 -prefMapHandle 4776 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2ead2a8-2d75-4556-87a2-39adec0893a0} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 4812 1eff8fa5a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.6.1419201563\32925550" -childID 5 -isForBrowser -prefsHandle 4964 -prefMapHandle 4968 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ac3b9d9-261e-433a-957a-f0951e8c5b8e} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 4960 1eff98b5058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.7.920689637\1456091482" -childID 6 -isForBrowser -prefsHandle 5160 -prefMapHandle 4832 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3ef1185-4420-4884-9cb6-2e3b4bddeeed} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 5148 1eff9db6058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.8.548272458\881004079" -childID 7 -isForBrowser -prefsHandle 2728 -prefMapHandle 3236 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1989ccc3-f625-459f-a88c-65c7e42b095f} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 1548 1eff3296258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.9.321147916\546736035" -childID 8 -isForBrowser -prefsHandle 4436 -prefMapHandle 4432 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a06c5d79-953a-456f-a32b-a9f1eb7f5503} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 4424 1eff9a69b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.10.666055840\1109493531" -parentBuildID 20221007134813 -prefsHandle 2652 -prefMapHandle 2648 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc4db8dc-25a0-4880-89ad-082dbc33ae94} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 5476 1eff580ba58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.11.1193746312\1821861237" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5108 -prefMapHandle 1492 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8ecfeee-bd6b-416e-87ea-fd8017933224} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 5072 1effcc1e858 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.12.1092848281\1134988588" -childID 9 -isForBrowser -prefsHandle 9908 -prefMapHandle 9912 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cfc7f45-b9dc-4d7e-87fa-05592da746cc} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 9892 1effbdf6c58 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:51252 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 44.232.194.163:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.194.232.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:51283 | tcp | |
| N/A | 127.0.0.1:51290 | tcp | |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| BR | 172.217.29.227:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| BR | 172.217.29.227:443 | id.google.com | udp |
| US | 8.8.8.8:53 | 227.29.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| GB | 142.250.187.229:443 | mail.google.com | tcp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | 229.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 142.250.187.238:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 142.250.187.238:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | www3.l.google.com | tcp |
| GB | 142.250.187.238:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.google.com | udp |
| GB | 172.217.16.238:443 | lh3.google.com | tcp |
| US | 8.8.8.8:53 | lh2.l.google.com | udp |
| US | 8.8.8.8:53 | lh2.l.google.com | udp |
| GB | 172.217.16.238:443 | lh2.l.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.234:443 | waa-pa.clients6.google.com | tcp |
| GB | 172.217.16.234:443 | waa-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| GB | 172.217.16.234:443 | waa-pa.clients6.google.com | udp |
| GB | 142.250.200.14:443 | plus.l.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.16.225:443 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 172.217.16.234:443 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | addons-pa.clients6.google.com | udp |
| GB | 142.250.179.234:443 | addons-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | addons-pa.clients6.google.com | udp |
| GB | 142.250.179.234:443 | addons-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | addons-pa.clients6.google.com | udp |
| GB | 142.250.179.234:443 | addons-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.200.42:443 | signaler-pa.clients6.google.com | tcp |
| GB | 142.250.200.42:443 | signaler-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | mail-ads.google.com | udp |
| US | 8.8.8.8:53 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 172.217.16.229:443 | mail-ads.google.com | tcp |
| US | 8.8.8.8:53 | googlemail.l.google.com | udp |
| GB | 172.217.16.229:443 | googlemail.l.google.com | tcp |
| GB | 142.250.187.202:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| GB | 142.250.187.202:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 142.250.179.234:443 | addons-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | people-pa.clients6.google.com | udp |
| GB | 142.250.179.234:443 | addons-pa.clients6.google.com | tcp |
| GB | 142.250.200.42:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | googlemail.l.google.com | udp |
| US | 8.8.8.8:53 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | people-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 226.162.46.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| GB | 142.250.179.234:443 | addons-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | contacts.google.com | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 142.250.187.202:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 142.250.200.14:443 | contacts.google.com | tcp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| GB | 142.250.200.42:443 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.200.14:443 | contacts.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | udp |
| US | 8.8.8.8:53 | 229.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
Files
memory/3088-0-0x0000000073B5E000-0x0000000073B5F000-memory.dmp
memory/3088-1-0x0000000000830000-0x000000000083A000-memory.dmp
memory/3088-2-0x00000000050A0000-0x00000000050AA000-memory.dmp
memory/3088-3-0x0000000073B50000-0x000000007423E000-memory.dmp
memory/3088-5-0x0000000005AC0000-0x0000000005AD2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
| MD5 | d0104f79f0b4f03bbcd3b287fa04cf8c |
| SHA1 | 54f9d7adf8943cb07f821435bb269eb4ba40ccc2 |
| SHA256 | 997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a |
| SHA512 | daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
| MD5 | c2ab942102236f987048d0d84d73d960 |
| SHA1 | 95462172699187ac02eaec6074024b26e6d71cff |
| SHA256 | 948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a |
| SHA512 | e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
| MD5 | c28b0fe9be6e306cc2ad30fe00e3db10 |
| SHA1 | af79c81bd61c9a937fca18425dd84cdf8317c8b9 |
| SHA256 | 0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641 |
| SHA512 | e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
| MD5 | 13babc4f212ce635d68da544339c962b |
| SHA1 | 4881ad2ec8eb2470a7049421047c6d076f48f1de |
| SHA256 | bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400 |
| SHA512 | 40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
| MD5 | f8f4522d11178a26e97e2046f249dfa7 |
| SHA1 | 8b591d9a37716e235260fb6b3f601e4ccbebf15d |
| SHA256 | 3c372a8919c28dc76414b2f30da423c3e1018b1a8444527949ce20cc3fc93ed0 |
| SHA512 | 52ea881cad501cf1d5e8ac47355e862ac1bd39cb6e1ff3d362d392b6f2d676e74878832505d17a552aaa3bc8f3977da11fa3f9903722eedd23716fb46ddb7492 |
memory/3088-1467-0x0000000073B50000-0x000000007423E000-memory.dmp
memory/4560-1466-0x000002497A460000-0x000002497A47A000-memory.dmp
memory/4560-1465-0x00007FF8C3953000-0x00007FF8C3954000-memory.dmp
memory/4560-1469-0x00007FF8C3950000-0x00007FF8C433C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
| MD5 | aead90ab96e2853f59be27c4ec1e4853 |
| SHA1 | 43cdedde26488d3209e17efff9a51e1f944eb35f |
| SHA256 | 46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed |
| SHA512 | f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d |
memory/4560-1470-0x000002497D120000-0x000002497D65C000-memory.dmp
memory/4560-1471-0x000002497CCA0000-0x000002497CD58000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
| MD5 | 851fee9a41856b588847cf8272645f58 |
| SHA1 | ee185a1ff257c86eb19d30a191bf0695d5ac72a1 |
| SHA256 | 5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca |
| SHA512 | cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f |
memory/4560-1473-0x000002497CB50000-0x000002497CBCE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
| MD5 | 34ec990ed346ec6a4f14841b12280c20 |
| SHA1 | 6587164274a1ae7f47bdb9d71d066b83241576f0 |
| SHA256 | 1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409 |
| SHA512 | b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0 |
memory/4560-1475-0x000002497A870000-0x000002497A87E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll
| MD5 | a0bd0d1a66e7c7f1d97aedecdafb933f |
| SHA1 | dd109ac34beb8289030e4ec0a026297b793f64a3 |
| SHA256 | 79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36 |
| SHA512 | 2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50 |
memory/4560-1478-0x00007FF8C3950000-0x00007FF8C433C000-memory.dmp
\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
| MD5 | e31f5136d91bad0fcbce053aac798a30 |
| SHA1 | ee785d2546aec4803bcae08cdebfd5d168c42337 |
| SHA256 | ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671 |
| SHA512 | a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
| MD5 | 75365924730b0b2c1a6ee9028ef07685 |
| SHA1 | a10687c37deb2ce5422140b541a64ac15534250f |
| SHA256 | 945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b |
| SHA512 | c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1 |
\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dll
| MD5 | 7a2b8cfcd543f6e4ebca43162b67d610 |
| SHA1 | c1c45a326249bf0ccd2be2fbd412f1a62fb67024 |
| SHA256 | 7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f |
| SHA512 | e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8 |
memory/4560-1487-0x0000000180000000-0x0000000180E54000-memory.dmp
\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll
| MD5 | 987175c463ec9a5e76bab033cea9d859 |
| SHA1 | ceed36975f4583a34c26150e045a97f5f019e769 |
| SHA256 | 24fca8dd76effd975d230f55eb107e1be6c03d658410274fe6340a2b3ec9075c |
| SHA512 | 9851d254fef3fdfcd7b188893a9a547ed3f08eee82a72c273f13beb7d075beecd32e3c5c51f9e3135d7060fca71a2bf79dbdbb1a136549a9e408a6214feaa000 |
memory/4560-1488-0x0000000180000000-0x0000000180E54000-memory.dmp
memory/4560-1489-0x0000000180000000-0x0000000180E54000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt
| MD5 | 6b09afc61af8884f2fc6204922e970be |
| SHA1 | fe3da40f27e8dc2b8e2392c9590666982fff3398 |
| SHA256 | f99a87a0c9006940f0d9efa1331d253dcf56016c82f4e266b507c303bb8493a6 |
| SHA512 | 69ac27dbd690d1919a5da98e5f427328147c18a338596a0cf7ccb2cd09594da388fc4bb5df660bb4ca5a630f3ffc3ee3783b24c262683d2c5992db2f1abca8ea |
memory/4560-1492-0x000002497CC60000-0x000002497CC68000-memory.dmp
memory/4560-1490-0x0000000180000000-0x0000000180E54000-memory.dmp
memory/4560-1493-0x000002497FAA0000-0x000002497FAD8000-memory.dmp
memory/4560-1494-0x000002497FB30000-0x000002497FB3E000-memory.dmp
memory/4560-1496-0x00007FF8D7D90000-0x00007FF8D7DB4000-memory.dmp
memory/4560-1495-0x0000000180000000-0x0000000180E54000-memory.dmp
memory/4560-1499-0x00007FF8C3953000-0x00007FF8C3954000-memory.dmp
memory/4560-1497-0x0000000180000000-0x0000000180E54000-memory.dmp
memory/4560-1500-0x00007FF8C3950000-0x00007FF8C433C000-memory.dmp
memory/4560-1501-0x00007FF8C3950000-0x00007FF8C433C000-memory.dmp
memory/4560-1502-0x0000000180000000-0x0000000180E54000-memory.dmp
memory/4560-1503-0x0000000180000000-0x0000000180E54000-memory.dmp
memory/4560-1505-0x0000000180000000-0x0000000180E54000-memory.dmp
memory/4560-1512-0x0000000180000000-0x0000000180E54000-memory.dmp
memory/4560-1514-0x0000000180000000-0x0000000180E54000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\cedcae32-7fe0-4407-a67f-3e2dc98b1dc1
| MD5 | 94bca676658a6a1a6d9686c5e6fd569e |
| SHA1 | 9d3056b8ff700e712b3b108fec7685c0ed823051 |
| SHA256 | d8d5a485052742937c191c35896f092bc644b6921f8e0fa8a8acbc2797ed654a |
| SHA512 | 7600f643b19f2cf129ba7aaaa69ee02179d8244387e56a8ea4a3e1c1ba4d7fbf45e720f4206f239b5fe971ef16498595ace28c11b63880106c819ce5edddbc7a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\a8f811da-77ad-4d01-8f1c-6ff625b2ba3e
| MD5 | f14731d92cee1151608c628ca5cd5240 |
| SHA1 | 702028a91691048e6bcb72e6e01fc737e9cd672f |
| SHA256 | 84840942c89ff4d2fb762a905aa7e0dbe4a64e7c562ab3d0aa1cec2529218e57 |
| SHA512 | 39663bf358dfcb2aa860cacd0c7d548f053283263801ac5ccbe1426deb233b037c5edd78439966ee3838d53876c66334e37b83f9ecf6d463fe5d84b42fbcda2a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | c49c1bb9f4f1481fe91c06448a887972 |
| SHA1 | 85ecb839ceb1b23f9874c22b2618ba8214e52f11 |
| SHA256 | f2feeec495656609d1a1235b27d7562bcee3f0e45c13c68b1a50d170eb4ffd68 |
| SHA512 | 571054286df756ab53dac316041521e0f19c5205c8146d0b6b040fa84b6c301cbc244370bb5b3cb021f1cf561026872b8471760d5b0a5cc8b2dd9f25e3b7ed73 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | 2e40a6e00a6791f6c903d32a5acc51ed |
| SHA1 | 1f3bda4d446a1a5ce9c5ac8158f1540f41776838 |
| SHA256 | c6d493d89d007ebcd911db729911abe7788e6654554b777e7f9c02ff59da66ef |
| SHA512 | 34bdb1a7c8446367e4956801bf7776e67da35472b25d6a3ccb9b3166f89725dd874698d181b8898fbeb664a3ce9239933afe7d0baaf69027bd04f2bc3977e7f5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 826a7fcca29502aacc574f883bc58a5b |
| SHA1 | 25f6f8b78cb98206a7fe8a664c1101e52e621151 |
| SHA256 | 91849075e2e5f5a42ccd675181683a1d49d0edd64944cb8b3410ca2aedd38b6e |
| SHA512 | 475c66767c2e207fc3358aa3ad5853b5af3535527b00884212f3daf6100e7b7d1a0128925b9d89b7ccc981ccb5007bf1074b3e14b0791a5e64bf57ac8638c574 |
memory/4560-1610-0x0000000180000000-0x0000000180E54000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | e7d901ad03d22078f4c42ecc83c3bd45 |
| SHA1 | 13ffe2ced2026e6b99c39a96d006c7832a72ba17 |
| SHA256 | fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17 |
| SHA512 | 8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9 |
memory/4560-1625-0x0000000180000000-0x0000000180E54000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 049c5740a2957db7887334626161a9d4 |
| SHA1 | 82de79ad5427756eae942bcf01da16ca8c4036c4 |
| SHA256 | 3f5f46f95c04c7e30620562556e724282fc74ac6039c881638b51e933a1a7679 |
| SHA512 | 702d1138262c2d2cffd9345ee7072118a7fd56c7a0837c347debab7822f21da1ec7485856dcce171c128633438f6035a540d4d8ac2ba1d9262e37caf2412b98d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\24695
| MD5 | 81d49b64dce5305e7a10c72856260569 |
| SHA1 | 0cedff87c911a48be61bbbeeccccba6903e7db9c |
| SHA256 | c3c75b57486391ef19e2bb6dbdc9c5a3ed0dbf99262d028208c05a30a92b2266 |
| SHA512 | d6f97f56b9050b91672acde49288641eecfe3059d96eb04c160c4478fc8ba24a52ad95e55dfc0bbd9c7def5b924c5a56224694c129da6fed9555e40c46356dca |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\12463
| MD5 | 07882d26e765699e4ea46b5322286eed |
| SHA1 | c6841c8384b0b64435835321a1664a8b4ce44693 |
| SHA256 | 732a1ecec76e186e495410d22b169960ff5ac4cffe9313af3110ddbfc76363c3 |
| SHA512 | cf392d32352544615c2fbc2baa1a345681244dd9436e0f7edd98e01eb7f44a5453dde873aea674c4d489a1b8737f7a6e4be14f267adf314161e21631bf73db59 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\16246
| MD5 | 4629b3cd134fb8431a2fb7facf5cff2f |
| SHA1 | eed35e459792f54f87871dadcd1618109a8b2329 |
| SHA256 | ea72faeb674278230ba1f062321687416d1339f7d54c376a0d29a8416ae3547f |
| SHA512 | 211259b246c56b7fbf562e7202a28d2307f0dbac0ae6a2ea9a1d6bde66b5ade34ced4d7ce5764c2358fbbc27198bb648d23a1e15ef380943f1e1bbea85b101ac |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\6764
| MD5 | f179c7daf0fd4cd7caaf1f7634a90c70 |
| SHA1 | 02ac1076753ed8f69644ffe556c8e47c7a05c6ca |
| SHA256 | f64f7426aa494686adbafab860b20c319da13a696eda188302e5e0cff0060342 |
| SHA512 | 6405a49e40d66e764a89a54bfbfbf19cb8858971b7f8f10dd4964fece6191bfd85e87d832cc14f48f12b50d5d318acbb2f6b21cdd2ecc0be9d78e4de68954140 |
memory/4560-1759-0x0000000180000000-0x0000000180E54000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\25725
| MD5 | 43b7b3fa2b17dad7b9414005686d85a6 |
| SHA1 | 32c3939f60c055fba8154688e6f1f11b33ad1aae |
| SHA256 | b17eab482878de12762167d338371ba6fbdb3d22ab0e7134679b6f1a41422596 |
| SHA512 | 2a62a64cf541c9ae23bc4f188ba9dd2933d32602bc7989621ae7e3838960d5dac735f264dac3ecc2332a8f74e2df84756a7a0709c49ff8895e79cbfb4d94ea79 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\32257
| MD5 | 5c87cee4e5b9da1219499dcead125ac7 |
| SHA1 | 88bc2b3a9054d1396de8cdbdc3286949b3e2e379 |
| SHA256 | c1d812de9a3c6d0d228f9b3d04cb467c61dc07ce29ffd16132a47a4dd6581b7a |
| SHA512 | 3137e9ec7eb6bca5d979a013137064d75a2f403e2f7d0c517347f1f672c8610163123bdf6b229b2422be9513b1416509e2bf8e529a46b94a6f38687afa56f019 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\7116
| MD5 | 0845c58fc72b95647fb3597559610118 |
| SHA1 | ea22a4613f4928624ab442033510132bebd4d2ea |
| SHA256 | 13a688c7e8537b3d9c3150690b36f2bebdd3a282bad6449539224e2c0e4191ce |
| SHA512 | 3bc3b0f1e0c0e6c6d40b59cb58a2bfbcd75231dfb2cd505cc8c93f7e48bfebd6003807fde0c7724b3d101a03dee85296751db184b823add0ff52a1abb9b73fd5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\29823
| MD5 | 7a1e60170e6ea8966b5fc2b1d5381d88 |
| SHA1 | c6870877bbbe949c11063eacac4240a2c67df1da |
| SHA256 | 9abf3985073f03a52bd22d6e69ef0b8d71eb98d51c53375bb9b8bc598ac22026 |
| SHA512 | 61bb454f93e96d8f4df0530aada847f3421f32f7bae8aac725515e10d1a36cc05c6a132a27fac3a43ee8eecc7591a550356e34e124527d50b46cf8ff117ae3d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 8f2e6b6f7d45c1b58706ea0986cb5a32 |
| SHA1 | 553e002c4728eca578d480a731ae94258766a391 |
| SHA256 | fa00879e10e2708b5b409054ba4baeac140b16eddfdf8699d8e2ac12324e77cb |
| SHA512 | 4e70678341eb4c4b26815be2b7618bbf9cf1dc592e853ad49e1cf8c6b8b9f5883a35a9370b894df490175d39dcb77c2a056f87ab4e3094f2d1cb4aa8e9d21f76 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d16c632636e6804fba4d066be163ac44 |
| SHA1 | b0fdbf95a2ad8c718daeb564311b770176a541a1 |
| SHA256 | 69f761720665b2fca24dc8a44bd3a9b3322e218e487eb32174051fef54c0a17e |
| SHA512 | 1aea0bac663d993d1a50f18cfdb941bc9e54ea58f0dc6eb04a8bf23ea15a29dfa3e11ec8754174471a554f8d6117ad7fdd8f718af23ad2e2bdd7f4186a5b8d8d |
memory/4560-1902-0x0000000180000000-0x0000000180E54000-memory.dmp
memory/4560-1935-0x0000000180000000-0x0000000180E54000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7a7f112bbc1c3d099592e922ece48adc |
| SHA1 | 5cd918a9cd9ea777db49183d92192d880bb0be75 |
| SHA256 | b47e612bfb851051f0492588212e8df1d65bdfa1126695531a2f612d71c4b70c |
| SHA512 | dbf3d89aa755405fbe2d7d0a5da665d6adaa737df822ddfa65fdb88028b24a3710112350eb5ae3bcce99d361e6de081e712c7ac1d8f50b0f2b257fd3bd2562ec |
memory/4560-1952-0x0000000180000000-0x0000000180E54000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1fe156271920089c73c03d06fe2f29a3 |
| SHA1 | af419b8e729e50884ca038d11a20c242d2480d28 |
| SHA256 | 06814656e7253686ac15c6986b800ef36720bf1d3c34abaa81393dcf01e98b0a |
| SHA512 | 8669a578b9cc95b4d125203a666a9282ff3e8150e878ae6e0ad30a013d308870d2f6f292e054f64d8f82ab7313d8b171a86e7019e46117eb12cbf8a27d7a684d |
memory/4560-2067-0x0000000180000000-0x0000000180E54000-memory.dmp
memory/4560-2139-0x0000000180000000-0x0000000180E54000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++mail.google.com\cache\morgue\165\{fda25c0d-f669-42fe-8573-fe5a2712cda5}.final
| MD5 | 050a756f169442c2ca8fd88d7ccd85e8 |
| SHA1 | cbc04825ec22b88249e72aa81df24d2bc64710ff |
| SHA256 | 575c027c8f512d94bcf6f8399f7a305d83f0139b63b96fa451f7c7aa0baa32a6 |
| SHA512 | 8f07cf5985eda5d427c88a977f09ef783e0e70fc1ed59f78728101e4a1ae317d3859f09c7777a4a455584cffe180a9cea959ab17943adcd3cee00be1233d9e07 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++mail.google.com\idb\953658429glmaaviyle-ks-w.sqlite
| MD5 | 571a5e405c4fcc6cd48509b515c8d164 |
| SHA1 | 63ebd2c0066f5c13d615289c09c18527c119d9ac |
| SHA256 | e22ae5992f0cda13d7ec4f97ba8068ded367c270b598dda75a7e4f34cb599682 |
| SHA512 | 2d9e2c363eeae6a32b838d828681b454eac3fa92c4900ce17fe08846e08f606b2a1bea7218e2eb3a1a060e095b70a99ed584d4461dd165bf804f88d29f1a3e55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 72167474e490c71ffa31bd0e1a33eba0 |
| SHA1 | 5e4a33e42d547c80df877a8c734753c66252ca0b |
| SHA256 | c8602fb7ea322998d955ed32e1b83ffdfb68518a1a6fe9fdc2c48d8f0b93335e |
| SHA512 | 4d6e38306b73910bd5c66245a2036ac98b628d9c1e580c99b51722d4b4dd3816fb5edde0e9f85f67d4ed0cbde2db207c014b44b90e222e49d8c5617d1f773720 |