Malware Analysis Report

2024-10-10 07:59

Sample ID 240612-fmzcts1fnh
Target SolaraBootstrapper.exe
SHA256 a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239
Tags
evasion themida trojan
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239

Threat Level: Likely malicious

The file SolaraBootstrapper.exe was found to be: Likely malicious.

Malicious Activity Summary

evasion themida trojan

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Loads dropped DLL

Checks BIOS information in registry

Themida packer

Executes dropped EXE

Checks whether UAC is enabled

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Enumerates physical storage devices

Unsigned PE

Uses Task Scheduler COM API

Checks processor information in registry

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 05:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 05:00

Reported

2024-06-12 05:02

Platform

win11-20240611-en

Max time kernel

131s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3536 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
PID 3536 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
PID 1072 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 1072 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
PID 768 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=1072.5012.17670316085764636945

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7ff8dc853cb8,0x7ff8dc853cc8,0x7ff8dc853cd8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1856,13061760103345673641,3268625059998064870,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,13061760103345673641,3268625059998064870,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2432 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,13061760103345673641,3268625059998064870,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2680 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1856,13061760103345673641,3268625059998064870,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,13061760103345673641,3268625059998064870,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4656 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.0.2145618311\39689220" -parentBuildID 20230214051806 -prefsHandle 1800 -prefMapHandle 1792 -prefsLen 21996 -prefMapSize 235091 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfbf7d53-1ae6-4b7b-b047-65bbf4392c43} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 1880 1d174a08858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.1.1460790319\1050780642" -parentBuildID 20230214051806 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 22032 -prefMapSize 235091 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {267455e5-24bc-4838-9b60-6a682f656d74} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 2408 1d167c85958 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.2.794879891\1262421301" -childID 1 -isForBrowser -prefsHandle 2748 -prefMapHandle 2908 -prefsLen 22070 -prefMapSize 235091 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {312b46ed-e857-4e54-a462-4c2fd2f6c220} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 3004 1d17398ee58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.3.1721697191\694412786" -childID 2 -isForBrowser -prefsHandle 3436 -prefMapHandle 3452 -prefsLen 27536 -prefMapSize 235091 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0556eb2-0b02-4efc-be40-dee47cd39fb0} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 1288 1d17917eb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.4.1079978478\1956449894" -childID 3 -isForBrowser -prefsHandle 5104 -prefMapHandle 5100 -prefsLen 27536 -prefMapSize 235091 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd602707-62f0-425b-a988-cb3ecdeb7b03} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 5112 1d17bd92058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.5.138834795\1879152736" -childID 4 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 27536 -prefMapSize 235091 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fee8066-d901-4eee-945d-3ef35cf32e62} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 5220 1d17c6ad858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.6.1508650346\1651915735" -childID 5 -isForBrowser -prefsHandle 5420 -prefMapHandle 5424 -prefsLen 27536 -prefMapSize 235091 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0fac887-b045-4fd3-9716-69d15cb81877} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 5412 1d17c6ae158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.7.1666088742\1239772100" -childID 6 -isForBrowser -prefsHandle 8140 -prefMapHandle 8144 -prefsLen 27774 -prefMapSize 235091 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8421d461-80ff-4f09-9717-0d11b8eefbc8} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 9728 1d17b936058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.8.1401011520\1254244787" -parentBuildID 20230214051806 -prefsHandle 9596 -prefMapHandle 9592 -prefsLen 27774 -prefMapSize 235091 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4617a401-3cbf-40d2-bd90-a8f5bd24405b} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 8048 1d17b958b58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.9.799739668\516707839" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 9608 -prefMapHandle 9604 -prefsLen 27774 -prefMapSize 235091 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d362adba-5647-476d-a8b4-78a7c80291a4} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 9620 1d17b959158 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.10.1034501690\2073626183" -childID 7 -isForBrowser -prefsHandle 9300 -prefMapHandle 9252 -prefsLen 27774 -prefMapSize 235091 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {029a21f6-1fbf-44eb-ac51-ea9b5ea215c4} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 9360 1d175010458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.11.955247222\2002117441" -childID 8 -isForBrowser -prefsHandle 9224 -prefMapHandle 9352 -prefsLen 27774 -prefMapSize 235091 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc34d044-7888-47bc-993e-6a3121cabc5e} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 9180 1d175011958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.12.28433570\455969411" -childID 9 -isForBrowser -prefsHandle 9000 -prefMapHandle 8996 -prefsLen 28039 -prefMapSize 235091 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9feb7fd1-a94d-4912-b183-b64b4bfedea6} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 9012 1d175052858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.13.1026507541\920559764" -childID 10 -isForBrowser -prefsHandle 9204 -prefMapHandle 9192 -prefsLen 28039 -prefMapSize 235091 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c66b0df2-9561-4b23-8870-24bcbbc7f69f} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 9032 1d175011958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.14.2074346675\1557032419" -childID 11 -isForBrowser -prefsHandle 5328 -prefMapHandle 5312 -prefsLen 28039 -prefMapSize 235091 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86f6c522-11b1-4539-b85d-9679ece9b934} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 8804 1d175052b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.15.416238193\463355171" -childID 12 -isForBrowser -prefsHandle 4892 -prefMapHandle 4896 -prefsLen 28039 -prefMapSize 235091 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f1392ab-f7ad-45bb-a794-eef2e27eebb0} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 5336 1d17dc3ce58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.16.186951491\537612676" -childID 13 -isForBrowser -prefsHandle 8776 -prefMapHandle 5580 -prefsLen 28039 -prefMapSize 235091 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e2b22b2-3238-4fef-b7fa-f07e41d89273} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 8708 1d17cd4af58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.17.1444259071\1886754089" -childID 14 -isForBrowser -prefsHandle 8108 -prefMapHandle 8224 -prefsLen 28039 -prefMapSize 235091 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e9c7cbc-32b8-4071-880e-0a2d5a3a83c6} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 5328 1d17cd48258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.18.589624799\581239944" -childID 15 -isForBrowser -prefsHandle 7884 -prefMapHandle 9240 -prefsLen 28039 -prefMapSize 235091 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09846460-5b4d-40b5-aa57-f692f302f5c0} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 9388 1d17db5bd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.19.558181002\844597470" -childID 16 -isForBrowser -prefsHandle 8936 -prefMapHandle 8932 -prefsLen 28039 -prefMapSize 235091 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b34ff9ab-c60c-4f98-a89d-d67031d00557} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 9388 1d17db5a858 tab

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1856,13061760103345673641,3268625059998064870,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4820 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1856,13061760103345673641,3268625059998064870,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=5096 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3160.20.1738634591\795120981" -childID 17 -isForBrowser -prefsHandle 8648 -prefMapHandle 8544 -prefsLen 28175 -prefMapSize 235091 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6a98668-5347-4e16-8e08-03d8b939ba67} 3160 "\\.\pipe\gecko-crash-server-pipe.3160" 5600 1d17cd48e58 tab

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1856,13061760103345673641,3268625059998064870,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1856,13061760103345673641,3268625059998064870,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2188 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 204.79.197.237:443 tse1.mm.bing.net tcp
US 204.79.197.237:443 tse1.mm.bing.net tcp
US 204.79.197.237:443 tse1.mm.bing.net tcp
US 204.79.197.237:443 tse1.mm.bing.net tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:51260 tcp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 172.64.147.188:443 kit-pro.fontawesome.com tcp
BE 2.17.107.226:80 apps.identrust.com tcp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 226.107.17.2.in-addr.arpa udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:9911 tcp
N/A 127.0.0.1:9911 tcp
N/A 127.0.0.1:9911 tcp
N/A 127.0.0.1:9911 tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
N/A 224.0.0.251:5353 udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 52.42.69.239:443 shavar.services.mozilla.com tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
N/A 127.0.0.1:51468 tcp
N/A 127.0.0.1:51474 tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
FR 35.181.89.222:80 taduxsasscripts.org tcp
US 104.21.73.121:443 www.taduxsasscripts.org.cdn.cloudflare.net tcp
US 104.21.73.121:443 www.taduxsasscripts.org.cdn.cloudflare.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 images.squarespace-cdn.com udp
US 151.101.0.237:443 assets.squarespace.com tcp
US 151.101.0.237:443 assets.squarespace.com tcp
US 151.101.0.237:443 assets.squarespace.com tcp
US 151.101.0.237:443 assets.squarespace.com tcp
US 151.101.0.237:443 assets.squarespace.com tcp
US 151.101.0.237:443 assets.squarespace.com tcp
US 151.101.0.237:443 assets.squarespace.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 151.101.0.238:443 images.squarespace-cdn.com tcp
US 151.101.0.238:443 images.squarespace-cdn.com tcp
US 151.101.0.238:443 images.squarespace-cdn.com tcp
US 172.67.69.167:443 publisher.linkvertise.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 192.243.59.12:443 pl23426119.highcpmgate.com tcp
US 192.243.59.12:443 pl23426119.highcpmgate.com tcp
US 192.243.59.12:443 pl23426119.highcpmgate.com tcp
US 192.243.59.12:443 pl23426119.highcpmgate.com tcp
US 192.243.59.12:443 pl23426119.highcpmgate.com tcp
US 192.243.59.12:443 pl23426119.highcpmgate.com tcp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 238.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 167.69.67.172.in-addr.arpa udp
US 172.67.69.167:443 linkvertise.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 172.240.108.76:443 pl23426119.highcpmgate.com tcp
US 192.243.59.20:443 pl23426119.highcpmgate.com tcp
US 151.101.0.238:443 images.squarespace-cdn.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
FR 15.188.219.54:443 g.ezoic.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:443 dns.google udp
GB 142.250.187.196:443 www.google.com udp
US 204.79.197.239:443 tcp
US 35.186.236.0:443 performance.squarespace.com tcp
US 35.186.236.0:443 performance.squarespace.com udp
GB 23.73.139.43:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 172.67.216.54:443 link-to.net tcp
US 172.67.216.54:443 link-to.net udp
US 172.67.69.167:443 linkvertise.com tcp
US 172.67.69.167:443 linkvertise.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
GB 195.181.164.14:443 maxst.icons8.com tcp
NL 2.18.121.215:443 p.typekit.net tcp
US 3.164.163.15:443 js.chargebee.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 104.18.10.207:443 stackpath.bootstrapcdn.com udp
US 172.67.69.167:443 linkvertise.com tcp
US 172.67.69.167:443 linkvertise.com tcp
US 172.67.69.167:443 linkvertise.com tcp
US 172.67.69.167:443 linkvertise.com tcp
FR 99.86.91.59:443 euob.bizseasky.com tcp
US 172.67.69.167:443 linkvertise.com udp
DE 176.9.175.232:443 www.thinksuggest.org tcp
DE 176.9.175.232:443 www.thinksuggest.org tcp
BE 23.55.96.24:443 contextual.media.net tcp
BE 23.55.96.24:443 contextual.media.net udp
US 104.26.13.205:443 api.ipify.org tcp
US 13.107.246.64:443 www.clarity.ms tcp
IE 3.248.162.96:443 obseu.bizseasky.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 20.114.190.119:443 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 151.101.1.44:443 api.taboola.com tcp
US 172.67.69.167:443 linkvertise.com udp
IE 68.219.88.97:443 c.clarity.ms tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com tcp
US 204.79.197.237:443 c.bing.com tcp
GB 142.250.187.196:443 www.google.com udp
US 151.101.1.44:443 api.taboola.com tcp
US 151.101.1.44:443 api.taboola.com tcp
US 151.101.1.44:443 api.taboola.com tcp
US 151.101.1.44:443 api.taboola.com tcp
US 104.18.3.36:443 imagedelivery.net tcp
US 104.18.3.36:443 imagedelivery.net tcp
US 104.18.3.36:443 imagedelivery.net tcp
US 104.18.3.36:443 imagedelivery.net tcp
US 104.18.3.36:443 imagedelivery.net tcp
US 104.18.3.36:443 imagedelivery.net tcp
GB 216.58.204.78:443 ytimg.l.google.com tcp
GB 216.58.204.78:443 ytimg.l.google.com tcp
GB 216.58.204.78:443 ytimg.l.google.com tcp
GB 216.58.204.78:443 ytimg.l.google.com tcp
US 104.18.3.36:443 imagedelivery.net udp
GB 216.58.204.78:443 ytimg.l.google.com udp
US 151.101.1.44:443 api.taboola.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com udp
DE 91.228.74.200:443 pixel.quantserve.com tcp
FR 18.244.28.2:443 rules.quantcount.com tcp
DE 91.228.74.244:443 pixel.quantserve.com tcp
US 104.20.3.235:443 pastebin.com tcp
US 34.120.195.249:443 o1051356.ingest.sentry.io tcp
US 34.120.195.249:443 o1051356.ingest.sentry.io udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 20.114.190.119:443 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com tcp
N/A 127.0.0.1:9911 tcp
N/A 127.0.0.1:9911 tcp
N/A 127.0.0.1:9911 tcp
N/A 127.0.0.1:9911 tcp
N/A 127.0.0.1:9911 tcp
N/A 127.0.0.1:9911 tcp

Files

memory/3536-0-0x0000000074D2E000-0x0000000074D2F000-memory.dmp

memory/3536-1-0x0000000000160000-0x000000000016A000-memory.dmp

memory/3536-2-0x00000000025A0000-0x00000000025AA000-memory.dmp

memory/3536-3-0x0000000074D20000-0x00000000754D1000-memory.dmp

memory/3536-5-0x0000000005740000-0x0000000005752000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc

MD5 d0104f79f0b4f03bbcd3b287fa04cf8c
SHA1 54f9d7adf8943cb07f821435bb269eb4ba40ccc2
SHA256 997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a
SHA512 daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc

MD5 c2ab942102236f987048d0d84d73d960
SHA1 95462172699187ac02eaec6074024b26e6d71cff
SHA256 948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a
SHA512 e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc

MD5 c28b0fe9be6e306cc2ad30fe00e3db10
SHA1 af79c81bd61c9a937fca18425dd84cdf8317c8b9
SHA256 0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641
SHA512 e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE

MD5 13babc4f212ce635d68da544339c962b
SHA1 4881ad2ec8eb2470a7049421047c6d076f48f1de
SHA256 bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400
SHA512 40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

MD5 15cdabcecc4ae0ec3253b1625156b0a7
SHA1 fa1b2c6a2be53578ef278706cdee6f725e00b003
SHA256 6dbcc562d627628e45187afbd2421be88797e20e36910393a883e361973da553
SHA512 c9a1740bf5fed7cbc6d91ab92222b178fe4a8ab2d75dd8f18d827046bab88d7632b0751e953e77e29aaf9a9bf390697e94f23e172cfe034a4263bcf7c7149106

memory/1072-1471-0x00007FF8E31B3000-0x00007FF8E31B5000-memory.dmp

memory/1072-1472-0x0000023A909E0000-0x0000023A909FA000-memory.dmp

memory/3536-1473-0x0000000074D20000-0x00000000754D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll

MD5 aead90ab96e2853f59be27c4ec1e4853
SHA1 43cdedde26488d3209e17efff9a51e1f944eb35f
SHA256 46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512 f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

memory/1072-1475-0x00007FF8E31B0000-0x00007FF8E3C72000-memory.dmp

memory/1072-1476-0x0000023AAB4F0000-0x0000023AABA2C000-memory.dmp

memory/1072-1477-0x0000023AAB260000-0x0000023AAB31A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll

MD5 34ec990ed346ec6a4f14841b12280c20
SHA1 6587164274a1ae7f47bdb9d71d066b83241576f0
SHA256 1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
SHA512 b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

memory/1072-1479-0x0000023A92720000-0x0000023A9272E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll

MD5 851fee9a41856b588847cf8272645f58
SHA1 ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA256 5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512 cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

memory/1072-1481-0x0000023AAB1A0000-0x0000023AAB21E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll

MD5 a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1 dd109ac34beb8289030e4ec0a026297b793f64a3
SHA256 79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA512 2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll

MD5 e31f5136d91bad0fcbce053aac798a30
SHA1 ee785d2546aec4803bcae08cdebfd5d168c42337
SHA256 ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
SHA512 a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dll

MD5 7a2b8cfcd543f6e4ebca43162b67d610
SHA1 c1c45a326249bf0ccd2be2fbd412f1a62fb67024
SHA256 7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f
SHA512 e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll

MD5 75365924730b0b2c1a6ee9028ef07685
SHA1 a10687c37deb2ce5422140b541a64ac15534250f
SHA256 945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b
SHA512 c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll

MD5 8518e81caa4b5a961656b687300b64f3
SHA1 3079b0a84cca1f8b270a331c68cf0c134f42aedf
SHA256 4179c99032b9698a74a0b395541b8a7124531ecc053428fae0916a02b78364e1
SHA512 20a99e88e1657ca41ba7ecf31e4a1fff56b721dfa55b7a10531715bb674ab11abfa08c5e7d53ce9cef78cf63bcc3248e8131ca5674d8169d7ac4ac8f0a1385bf

memory/1072-1492-0x00007FF8E31B0000-0x00007FF8E3C72000-memory.dmp

memory/1072-1494-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/1072-1493-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/1072-1496-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt

MD5 0e2184f1c7464b6617329fb18f107b4f
SHA1 6f22f98471e33c9db10d6f6f1728e98852e25b8f
SHA256 dbf5f44e1b84a298dbbcad3c31a617d2f6cfa08eb5d16e05a5c28726c574d4eb
SHA512 8e745c0215d52e15702551f29efb882a5eba97b5f279ccc29293b1a9b1b8661bf71b548569f9a99fa35c35a15d1b6b288d3c381c1292418c36dc89e2fa0b3a37

memory/1072-1495-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/1072-1498-0x0000023AAB460000-0x0000023AAB468000-memory.dmp

memory/1072-1500-0x0000023AAEE40000-0x0000023AAEE4E000-memory.dmp

memory/1072-1499-0x0000023AAEE80000-0x0000023AAEEB8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

MD5 9e4e94633b73f4a7680240a0ffd6cd2c
SHA1 e68e02453ce22736169a56fdb59043d33668368f
SHA256 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

MD5 13208db6d09a2baaf5ed266c562fc01c
SHA1 66efc933e0c85c75764e0afe71e418ca25d46a77
SHA256 d5b166517d78a9790f1d44e3045f6015fce00047a5f1dead14ecc30577a1afb4
SHA512 08702074a8fed07a880656ee8b1c386c70f862af9b3e8b761d6b936c0094a3c017fa569e40fac68a557b25e1d58c9ef5020264974d96c279fc77900e86a6b85d

memory/2884-1521-0x00007FF902C20000-0x00007FF902C21000-memory.dmp

\??\pipe\LOCAL\crashpad_768_MPNUVOWBPDFPGJVR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

MD5 df6e192eb816861a0d311fa9640cb10a
SHA1 3ef807aaa94dee0bb0275c155be5141581877251
SHA256 4add2ee0d01544060a2cce20cdfd27b0a5cad9fb3388a719c09a75bace6d573c
SHA512 4fb71d0a750b76d1350ec0bce67e6def80b8d9a233eb53a25f343c098b693849319b8ca7aa4c3642327db406fddc399a174ed257a196e0c0fe5f996c15ccae35

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\index.html

MD5 08d9ac1e35385587b0c3c8a73ea97234
SHA1 d1db15b5e97152be999339d90630f68ed06a6b78
SHA256 016cadaa9a8494b15efea920a5ea9c02b441e90dbc7c444e73db3b307f93a741
SHA512 8061a5a92f828642ea2fcb319571efa406ed67a75b4d4da1aeb3da96391a72fcde670e3e52efef62d37ddc17f7eca5afa0d35aa02bfd1bcadd8e86240cb802a6

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\loader.js

MD5 8a3086f6c6298f986bda09080dd003b1
SHA1 8c7d41c586bfa015fb5cc50a2fdc547711b57c3c
SHA256 0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9
SHA512 9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.js

MD5 9399a8eaa741d04b0ae6566a5ebb8106
SHA1 5646a9d35b773d784ad914417ed861c5cba45e31
SHA256 93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18
SHA512 d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.css

MD5 233217455a3ef3604bf4942024b94f98
SHA1 95cd3ce46f4ca65708ec25d59dddbfa3fc44e143
SHA256 2ec118616a1370e7c37342da85834ca1819400c28f83abfcbbb1ef50b51f7701
SHA512 6f4cb7b88673666b7dc1beab3ec2aec4d7d353e6da9f6f14ed2fee8848c7da34ee5060d9eb34ecbb5db71b5b98e3f8582c09ef3efe4f2d9d3135dea87d497455

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.nls.js

MD5 74dd2381ddbb5af80ce28aefed3068fc
SHA1 0996dc91842ab20387e08a46f3807a3f77958902
SHA256 fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48
SHA512 8841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\basic-languages\lua\lua.js

MD5 8706d861294e09a1f2f7e63d19e5fcb7
SHA1 fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23
SHA256 fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42
SHA512 1f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f

memory/1072-1613-0x00007FF8F5A40000-0x00007FF8F5A64000-memory.dmp

memory/1072-1612-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

memory/1072-1654-0x00007FF8E31B3000-0x00007FF8E31B5000-memory.dmp

memory/1072-1655-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/1072-1657-0x00007FF8E31B0000-0x00007FF8E3C72000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

MD5 96bb43ce9641e9c55e9417d8c08d77c9
SHA1 64bb8975565ca28fe4cfdc4594ed9edb60e9c866
SHA256 dbb7261c22ebbfc4e55a1224d686b19040d4b81c1ae1b67022b747d0ab9b58c1
SHA512 c6d85b45bd1b9aced8fd01a2bcfe3a5aff81febe82503b2d178ac2587c350562db422d0ea97613c47509455d32938bb91171aca913e375132865adc0bbd8e2f7

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe57a8c3.TMP

MD5 6e88739e6dafc578e5558225b85a23fb
SHA1 c0b8db3390eb266363e9890819c64aa04120733e
SHA256 a5b65725ed630651272561e357df644a2c358c401d0f412a9280597737efa5ae
SHA512 f07f45fd9a7fa4ec30c129a4af4f9158636594bcbab76e93314b68251bd7dff06e8183b3b0f151c0bc99859fd464ebaf0168cb0ec2631a6ddc4c8916889d9a27

memory/1072-1667-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/1072-1668-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\activity-stream.discovery_stream.json.tmp

MD5 b6cf6dd48116781a1d548ede731c4e68
SHA1 941bc3de6f9eeb88e4da3e23b6c7091d8893b4c6
SHA256 66c52f79b078be8de105d4444b6c14b9c6bf5f4544330fb4b60ad3a75e137f6f
SHA512 0086ccf8d6f4a9d2f2366f6a98931f957b37e18260d9876faa09c037f186161dd178ff2ebf484850d397b16322f2fddb017d97412d7501b7a3183a635d342454

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\prefs-1.js

MD5 6b13cde3927b80ae4362594b47a2c102
SHA1 6e46871e4a4652e89aedaa69b0283807ee7f965f
SHA256 b422837d84f72a82148c46ba642025c48dacc6fff4356d249692ca588cfc5700
SHA512 8c3f470b630868358c8768b77a1822fc9c496652797ca9580a5da0ae96f8117fb1b31dc1e324ac98fdb7552d515f3992649f4e53e53ae92c2b1cea1d5d5de851

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\activity-stream.discovery_stream.json.tmp

MD5 cfcfcd9aae1da5f1c31425a1db3644c8
SHA1 5907419b404368793fc9c30d0d89a7fdef517246
SHA256 92dda46fff117a4dd234fba24c40b7b75e69cf40cdf99b1fc80ff7760f8a0925
SHA512 536c1a90af43fc9acf6b90041ce28a717b106a0cd2bbe548eb88a8ff3fce6252ce8429f9331fc2811a7ff729f999a91238a5aedf966191fb79b7b16bb9762d0c

memory/1072-1750-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/1072-1754-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 46247ab7bdb1a115aafdd95e64891e58
SHA1 3eabecb8d954ef69ac248c1b64976309ed12bc98
SHA256 b6f50fcf64a81c8c9469cfca4c8bf6737bf94d85b6dd49c13e2d03e9b006aa21
SHA512 5f3ffb9bda2e7d335ce6a4967ab91c77ace75bf32092eaa3165510613d667c891e5ae6f173814856b7d45092edea4cef6e6d77df524321d1fe22d245bbd5cc2c

memory/1072-1851-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\prefs.js

MD5 4ecf59c1b0c26393d9f613c0f3c9f622
SHA1 6b31deb7bc75d4eb9a28dc8a9f73ad25f13aa1f7
SHA256 5762a4e9ba24e89170b19738bee401f071242ff06e93540a1a7134f3215df0b4
SHA512 40c8d930ca5d7067178191fb3902980776a1b04472590efb1cfb7770d9f47995927b4c70912721a475955848c834de64661d84129c7c9ee58124462b335b1252

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\prefs-1.js

MD5 dddbb28a855594927c621f75f6397504
SHA1 d72e309d49008bb5c9a1792f54d21967e8600f2c
SHA256 464ed9d50b6738d09ba1dd67224e0c76df47de95029e2b84b29e0643f0514e77
SHA512 343a5e46ee2a8cfd0333e2ec2aa4b0987c3cbe86adfc19b7853408a0d30223e9278384ec4822769017018f3f37219e418f5fe021e361768bbd3f0849fe5a5d32

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\cache2\doomed\5967

MD5 03bdfdac866309ba838280ab1dc76146
SHA1 ccc38fd7510cd2df49679580094188688f3aed56
SHA256 c2c37bcd5b0bf99d2b9f48ef38990152910ee91b0ef63d9dc8eeab9f2cb55f12
SHA512 a14e955ac0c79795119caef67a8b48f00bd6c3ba85cf667015d72cab72bc9ef68344fef249539acc856ea8962d2a69c2f5e7846d3cee2914ea0773904c45b1c0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 af78d410a5ea9ef6b9a4402c63d02564
SHA1 eff80a189cf14d4de46d91f88840b3c32cbd4e21
SHA256 b20c2d3ee25d82b7a214bc7583ce47f50f2fba860bad9da87a9abd7e7fab3e7d
SHA512 b15d15d5ea647a3155d19ece9102ecd54825e1d64146f86cabd06ec277e23db7a0c200648428e2d90f326125b635f9f005f71f658bab0b985d7aa8f7f469fcda

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\cache2\doomed\27406

MD5 f44cb26920741b0ca67ca47445cba38f
SHA1 d913a6cd963869d637e42f494142a7dbc2cd488f
SHA256 ff55c5429f082b899142654313c8e6eb9f1c56964c3d4f996e7f61eaa15ed303
SHA512 2465e9ae7388faec2b9572a05f67bebb963351bc01cc39cd15adf03abd0b881e1ac1c6a1d64b672e1673bdb9021102c370688846d84a1690e85d03027fb2fc3a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\cache2\doomed\31580

MD5 b56a9e3d9b41b03d8e94b92477c6c3c4
SHA1 b6a02b54e8826237387087fcd7ed58295fbb9288
SHA256 38ecfb6d2c796dcfc4af03b9cf43d3d56932ef04e5522f809162d2fcbe9500bb
SHA512 634b643c2b7e554ab5f60e03c6164ef8d3212fb3b9c08a625f7b3570813a0f3cf086f58020eacce10435b062353b45315a9629f010a75f82061cd00947fd3ea5

memory/1072-2197-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences

MD5 6e27c7e12e134719ce859cfc865ce0c8
SHA1 946c5a1b74b1e26531772b7c8c75ad5f4ef7fd25
SHA256 d1ed7266dc4f00a72c86a9582a7e5ecf71ce1e0181a2466b1a3c605ea8cc2b3e
SHA512 eca791d273df5a10663a58cc32d57348747bb2fe5a4f39b4e9e59060a22b934af19449e3bc5ada6a76e93228155243673f901c85bd76cd3758098ec098e4fe39

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences~RFe586ea3.TMP

MD5 574fced8e176c0923ab78673022c7650
SHA1 3d184f3f512f17d22757095984a7b97271b8f8cd
SHA256 ddf77af699412a175421678b2fcfc81f61d42e3c852b123e7b28c146ca8da2b8
SHA512 4dd0c0ff935dad749fd38522f14b1c703cdc1306ef5debf54cef5b3483c14688561854f31672427c29173fbed03c10a28be3897f6c1e107bb39e26f1a8bd0841

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State

MD5 2d19e10a4e3fbaf3d570b2876e5f697c
SHA1 a3f8358ae2fb7f5d2bcca3d68c5f8fa566641c7d
SHA256 f8205db10a5cab0f35a7f250647a0c0cf5fcae4bc88b10b894497dea439986a5
SHA512 4a3c3a8bc637901130d1e0177d4346b4a888f71ca02f9fed8d81eeb671273f63aef4d68e0f2f3f3a918bf12300a1b3e0a87fef1a0105ae4862d93d8b9f9ea44e

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State~RFe5871c0.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\cache2\entries\E3DED1F7FD674DB79FCCA447F0F072E8D443133E

MD5 f21938243e6b98fab89c73c4088afa52
SHA1 991818350a9f9594152656bfcb2193b01df651a9
SHA256 d10addfb9cc4608d3e6f6d74486752b084ff1923db13366b39aebace4dc7bf33
SHA512 cf419bc6adb7a23a4f45efdc40a1e4ddcc2918ab5b54f7f03c739f1a07f0051472b33602259e4efdbc0860723f36c9d0af1f97b6e71d2cecf6f9bfe52cb80ee9

memory/1072-2413-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c25d9cf14b7ca3f682cd2fd6f3c89546
SHA1 0eb72e5d60e387b62248d8b4b417007ce09a2513
SHA256 7917f91235f3878ee48a4b1895e84079f858c507d5dc04f0a0bc5fddf81fc5e0
SHA512 bca0a8e4ebbd5676e9d5ebb03e74fcce239813935ca11576c660d30c696d12582c60840df89a84da5589880b8e731036a08546954a749bcbfe1e6ccfd53c6862

memory/1072-2464-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2a2f81a8aaf26ecaa9be7185da4ad1a3
SHA1 261ed33ae867973509930a17b4b8dafe8674e886
SHA256 4a92fcb2aea042c15266997860cc6e1660ed5db5164ba19c6ffd0da1f7bbdd86
SHA512 ba749fd1e082f0f9f2a733c43897539bef7a47c41fa7d71fb98c57cb24414de9c0e850240ac2a53a20a832e58c941b4c0c92a912674c30866269306bf7447642

memory/1072-2507-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 037d164a48f900e052ffc77509d62cdf
SHA1 a765d4ca81e1eb2441a43b6ac5aa34ab5c5d6549
SHA256 b98f6aa241e2c69de91fb398291db3aeaa7b2a6a4bb1343237fa050a3d8576c5
SHA512 bc092e2ebda668f2e6bace658c7e1c394f190705e2a55df6bc7c9de5c43ba60392dbe1d3746cadbba4e410953f88ecad536ce368801b4d197988374102e63fa3

memory/1072-2555-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Newtonsoft.Json.dll

MD5 195ffb7167db3219b217c4fd439eedd6
SHA1 1e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256 e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA512 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

memory/1072-2558-0x0000023AAFCB0000-0x0000023AAFD62000-memory.dmp

memory/1072-2559-0x0000023AAF220000-0x0000023AAF242000-memory.dmp

memory/1072-2560-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

MD5 b675905d896899a46a759b2715c0a8f1
SHA1 fa2c6f8664a663707bfe949bbfb9f0c07786ad10
SHA256 95c4fa073eb99d1dea9b7cf36850fd3ba3df7bb5d8caef5c3036ac17d866a6db
SHA512 449d17abc847f96def4393baa6b2e1aeae684fdf652e3b390adc85a5e322a519e0888bb36597899e8e21d64b272744f5d43fdb46dd97a413d02bb2b0a7c86df3