Malware Analysis Report

2024-10-10 07:59

Sample ID 240612-pehvjsvalg
Target Solara.Dir (1).zip
SHA256 56c860462f30759c805c66f5154cb2d9b6a292c84bfdd1ec7ecfdfeaa824bf0f
Tags
themida evasion
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

56c860462f30759c805c66f5154cb2d9b6a292c84bfdd1ec7ecfdfeaa824bf0f

Threat Level: Likely malicious

The file Solara.Dir (1).zip was found to be: Likely malicious.

Malicious Activity Summary

themida evasion

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Enumerates system info in registry

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 12:14

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 12:14

Reported

2024-06-12 12:19

Platform

win11-20240611-fr

Max time kernel

208s

Max time network

205s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Solara.Dir (1).zip"

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Solara.Dir(2).zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Solara.Dir(1).zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Solara.Dir.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2732 wrote to memory of 2144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2732 wrote to memory of 2144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2732 wrote to memory of 2144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2732 wrote to memory of 2144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2732 wrote to memory of 2144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2732 wrote to memory of 2144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2732 wrote to memory of 2144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2732 wrote to memory of 2144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2732 wrote to memory of 2144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2732 wrote to memory of 2144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2732 wrote to memory of 2144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2144 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Solara.Dir (1).zip"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.0.667434779\718239990" -parentBuildID 20230214051806 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 22242 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d85a3f77-04b8-4bac-8da2-5b044b54472d} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 1832 1dacf51fe58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.1.1843646324\1538735652" -parentBuildID 20230214051806 -prefsHandle 2328 -prefMapHandle 2324 -prefsLen 22278 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbcd3824-b4b5-4b5b-9655-217ef40dea2f} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 2356 1dac2984d58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.2.1536732820\1622297209" -childID 1 -isForBrowser -prefsHandle 2740 -prefMapHandle 3084 -prefsLen 22316 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd26b65c-6cbe-4a14-8a38-0904c1247ce0} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 2788 1dad2412b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.3.962396788\1089927941" -childID 2 -isForBrowser -prefsHandle 3592 -prefMapHandle 2864 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {691bc04e-5cfc-48b5-81b7-e9e0040be9b3} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 3196 1dad5183e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.4.550246694\214956081" -childID 3 -isForBrowser -prefsHandle 4980 -prefMapHandle 5028 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44899135-4de6-40a5-a450-ebfe904c829e} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 5020 1dad77f7158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.5.1711920353\2042414906" -childID 4 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01e88e14-4ddc-4d98-b34e-138483f4eedd} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 5164 1dad77f8f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.6.906440123\1936202391" -childID 5 -isForBrowser -prefsHandle 5368 -prefMapHandle 5372 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cde412d-391e-4e2c-88b3-e23c85cf71d3} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 5356 1dad77f8058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.7.1471504752\2023691828" -childID 6 -isForBrowser -prefsHandle 5656 -prefMapHandle 3468 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a63c253-c4d9-4acb-9fdf-e4a6896b74b5} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 2964 1dac297d358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.8.1734388454\1902449459" -parentBuildID 20230214051806 -prefsHandle 6016 -prefMapHandle 6000 -prefsLen 27774 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {577eeb74-30dc-4f8f-bb75-7fce74d263a9} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 6024 1dad4c17658 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.9.205392483\1047663049" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 6180 -prefMapHandle 6176 -prefsLen 28039 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {414ba6aa-46be-4291-801d-b618bd6cbef9} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 6192 1dad7661458 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.10.1987860777\477683503" -childID 7 -isForBrowser -prefsHandle 6368 -prefMapHandle 5900 -prefsLen 28039 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {429a43f3-d94e-4ceb-b9ee-a2797aa949e8} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 6400 1dad8c9ea58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.11.1493151554\1495635056" -childID 8 -isForBrowser -prefsHandle 5628 -prefMapHandle 6316 -prefsLen 28039 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be50cd54-9cc4-4485-bf87-7eaeaeb900d8} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 9748 1dad93af358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.12.1145705733\1699305081" -childID 9 -isForBrowser -prefsHandle 10320 -prefMapHandle 4908 -prefsLen 28039 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a244b45-5cfb-46e5-8bee-b7fc808098cf} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 5100 1dad8cbcd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.13.1462177303\1506867032" -childID 10 -isForBrowser -prefsHandle 5560 -prefMapHandle 5340 -prefsLen 28039 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c3d79f1-fb55-4d3a-8e61-668b2aff1c26} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 5852 1dad7a8e358 tab

C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

"C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=1672.3076.17155377948064134127

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x1d0,0x7ffb1ea13cb8,0x7ffb1ea13cc8,0x7ffb1ea13cd8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1996,13739806011482335419,15538985940355672862,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2028 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,13739806011482335419,15538985940355672862,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2368 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,13739806011482335419,15538985940355672862,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2692 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1996,13739806011482335419,15538985940355672862,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1996,13739806011482335419,15538985940355672862,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2524 /prefetch:8

Network

Country Destination Domain Proto
US 199.232.214.172:80 tcp
US 199.232.210.172:80 tcp
N/A 127.0.0.1:49733 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 52.42.69.239:443 shavar.services.mozilla.com tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.120.5.221:443 prod.pocket.prod.cloudops.mozgcp.net tcp
N/A 127.0.0.1:49740 tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com udp
GB 216.58.204.67:443 id.google.com tcp
GB 216.58.204.67:443 id.google.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com udp
GB 216.58.204.78:443 www.youtube.com tcp
GB 142.250.187.194:443 adservice.google.co.uk tcp
GB 216.58.204.78:443 www.youtube.com udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.112.22:443 glb-db52c2cf8be544.github.com tcp
US 140.82.112.22:443 glb-db52c2cf8be544.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
GB 51.140.244.186:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 172.64.147.188:443 kit-pro.fontawesome.com tcp
IE 2.18.24.24:80 apps.identrust.com tcp
US 8.8.8.8:53 188.147.64.172.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 24.24.18.2.in-addr.arpa udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:51075 tcp
N/A 127.0.0.1:9911 tcp
N/A 127.0.0.1:9911 tcp
N/A 127.0.0.1:9911 tcp
N/A 127.0.0.1:9911 tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
N/A 224.0.0.251:5353 udp

Files

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\activity-stream.discovery_stream.json.tmp

MD5 3b75b340f77fd30f82b2b21d9b73a7f5
SHA1 4b2845734910accfc92dda513a0f3850a09ed9d4
SHA256 45002fb3577a27abf9929ab38901f8c679873d85ef4656cf9b76da4366ff77e8
SHA512 acd369a6cff0b58c2779f25e5bff5b5171cb76958198add8fd7676234a6331a3552c5417f619baff694073b9f5fd63cc882bf9287029f6f56863548bfb578244

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\activity-stream.discovery_stream.json.tmp

MD5 44192dce496f86802953c0070e62b3a4
SHA1 212e5b9bf6f9ca0483388f4899843e91308644de
SHA256 ddf9ed2ef409ed3284a58f8ca343d0a6cf17869fa88b0cdd8c3e6e4734b7d660
SHA512 bd4c4cee8bc7db0b74fa8f5622c8946ba5cea0503144620c320eaa3dfbaccbb2acfeabd73818cb64bc609384d040dfbe1c9e7ef5a738872b09eefe2f8f93bdd1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\prefs-1.js

MD5 16556fb1f83d4d0d3e4dce978589ffa4
SHA1 50c0a7e2ea1ad46e1490f32d3b063fdff7d93d3e
SHA256 a300ccf94cff15db92e9ce19db6ab79d26b236afde038d76f619a946c12e5e6e
SHA512 b5fde7cf526bf0d87ad23320dc2609f5596b3ec1d384ba0a567f06039240524715e714337ef6e64896d2cd8dc78d8333b2f29db162e2d4d052b441c423f80f09

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionstore-backups\recovery.jsonlz4

MD5 149813e3522cccf4cbc039afa2b5dae5
SHA1 802809c7613793bac06541df54192f15751ce4b8
SHA256 17db4b9bbe0d5319fc9c75b438461393e2b4701ffc528488931c8393c2e134de
SHA512 a0f10868f7d3c6ab2fa4a350dbb5b9c71a2e5ef0c4049912055b612027d6b70144a9c9e3bc7c60fb9a625be8d8a64ce354a98c022e6be65d379cef5df10024fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\prefs-1.js

MD5 0278a37b905ae9f481b8b08b76462ddb
SHA1 d62192b10bc9c927858484dc64f429ff725e33c6
SHA256 98b6a0200d47c045291cdd34c26df38ddbe2ed95785837b3066fbd7afac655a9
SHA512 da3fbbc762d80bac67f9d2b98a8631ac17a80428f0f323c9018e831d291ec0496a19fba9a23fdeb285f23a315966f70befe7ae9a14ec24299404485822f869e3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3a888c45d2587cebbac1ba435d2a16f5
SHA1 0d2a6847da5a19ae224abc3a94cbf4f6ca06d902
SHA256 0c11c0c82d9597fa4e9dd8d706a5c7cefabb8c777b0903fd0cdf0bd40b702d57
SHA512 27dabdd22f21a9ce4a6fb0cec44c0a20af6e1482485769e40807fa8f8c1b1bab518474897a9571d578ea909d23f7180b9a4d08c171e79b5ffd8086a18b934e67

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\doomed\11643

MD5 a86c9071444806a4aab2e104285791e7
SHA1 97fd7bfc0fc8d38f5b408c37b8706c6bd34f23d3
SHA256 3b288ff7934594706dc13a2258284cef8690e0a1ef4f5500a21dd29b43d3cbc9
SHA512 04e01ebb44133e3e5e74b0714cc1315031d5a9f6ef50b49bc498c385155d1621be0fd83b9d31835603c6eeb6558998f45c5033acd1013065056c5d23cbf9f856

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\doomed\21283

MD5 f70c2473aa54fa06202a0e7dc7505264
SHA1 b63ddbe801073d0633be539dbce74814498825e4
SHA256 7b74b152a9a7b36769ef445931d2d4ce63a846a61fae0da5533ec1a298d94fbf
SHA512 4f959d6b66c4f9f72cb71bc5a9a20891663ab49efe47ed8cd6827118d30b51f1cdf41ef1ee205ff344c236b2d9687f7bf9d45aa151863441bd1f5db7220d97d9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\doomed\8716

MD5 8cdfd1a580dbea1683f7c2cfbe1acb57
SHA1 74ad18e40d5b454f7ab5fb5ea83a6b4dbc3a40eb
SHA256 5a545569a1c39f77da67041ac0b2fed9b8ae3a4dee73dfc63141b3fcef7f3833
SHA512 734a138ceab71f5b855cd41be2722648a3ab5b576f35a062e9b26818e9431385cd7a3c1b01feba94bebda3b2e7df626de492385b1472f8d4ffd2d260dd9c0b69

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\doomed\21778

MD5 3931115fb3c153a4829cc0da37cbd3f5
SHA1 1e46a4cfa7f821d50802d6e7ec94a57aaf8e1c15
SHA256 d27d6259cb3507dcaaa580d147e142c50496e5cfbc496091a5eba2895385f0a9
SHA512 7e2e743a596509d02265055790f5f418a1b8d4a3a3b91d1304dedbf09f840baa1ed567eb1178df1b6452e376aa4188f610a984d865c8ba4fea24f97f66334379

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\doomed\26339

MD5 a214300d63c24cd181617b4e3f10b5d3
SHA1 04f575d891f1d4f15702b97e0d06feb95088f82e
SHA256 d3d4acaf67967cb469e34a947c3619326e3405956e048e29688470d3cee96b19
SHA512 c799efb17e49cbf34ddcab6347ee0a399973e2a4926413961de986e02ebb15ebf89b5cc902470547e0a079b6b1dd63ca96b7b020824650358de702550d0a55e4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\doomed\6634

MD5 e7b1170843454e6ccabc73227180c498
SHA1 91ef488a45254285577466932cd23d301331dfcb
SHA256 6098acebc37f21905bd7ac55016f112855be7ea7f0da26789ec96361a73f1675
SHA512 5640c8e4acd1ecd0ede77a4729fe339f0f8441c4eb38e7c8844cb245669086381d16b1e695c7c06caa2c71769e5568ad2c3665c8b48678e617440c71b4e53897

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

MD5 86831a1ae73199d1286c8b9855ff1365
SHA1 d01add86159971d4f6dc7736afe91c389a87ef91
SHA256 aa5582dede59934abb1f0b77cafd3ffb3b09aa9d642cab342caf2476b9e50465
SHA512 54359a66b7879953feb7973d4ebeb32739f15ee53ac108e4acc455353d66bd7c0f1eb73655f18af47d1176a1b6ef51ff889e7d13b1834a2a7ea4d6681ce9b23a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\6440C0B35A4A68EC0CB1C1C79C6E06D909B352BB

MD5 c17bb8ed513d2d7a3206da6819d7e485
SHA1 47e997b4b13d4efe4405e9efb379a7c0f7e1e7d3
SHA256 8cacfd3d033b4698bc2d7e4901747fee321c972314cbc9f53e89fa8909d691bd
SHA512 813ccfcf3b12f86160f46823473ebe5b3114a1d4b15fe9d3aa5380afd84e19774d024fd90ca7fc38652116b0bbec5b4fe31adef6d7fc2b4e6c543070f27567b6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\DBD69ECB17DAD0B911C81A5E7D6D290DDEAFBDF8

MD5 63d5c8cbbc309719abf7868207971837
SHA1 550114683545c15d6e2d79f7e19e318bc15ad73c
SHA256 52219fc3525d16fe9c6aadbfc773bc01555de6355963960b9b5875f4a1b8eb33
SHA512 6ecf703ac99a74131236c063e1025e2b95d5cdb25a5fce6aa6a394c0a0c63a58d78ddd0f78e14be8f6f9e3f1331707327a178da9d0b9d3b4ff950126c67b9021

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\doomed\22953

MD5 279293674c833c835edac56e89b51f8c
SHA1 f5e1eb05c2b38e360528c30fab58a67c87b654ba
SHA256 8bde9da8c307323f0f86aa4ee81f742b57ede3591ff364003950019a2839d5b8
SHA512 9ea1c40fad9f2d4ae071697cadda5715532cbafb9e6acacbcc62572d2d0fee924fbcf001f1087f9958d85e6254dad05e5e430b937c338c998c7ce13d18df66c2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\doomed\29148

MD5 984a3a75dcad70a38d82b6e5200bbfb0
SHA1 bd6efe62446ff06fe0a41fdcf96be49ae3ba4b35
SHA256 eedd708da0e49a192ccc6166624e3f4cc849fe35079c97e5a497d1feddfb1864
SHA512 c0d0ae9a1485d28968a251f683e06239944e5582d89b2d7ac95d0e47db741ffa15244bb6101896006d90c43038317b0bbe75821f2da67850b68df15f362501dd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\doomed\22504

MD5 07b0ebd75b53d9ca4c3131593ac33c53
SHA1 aaa44fdec4d0fab2abc66c1e531e6be7f9b1ef75
SHA256 619d2919b96e47ade41b61088bdc58f0aa0e05b9142e9345f1e849882c5ce6ca
SHA512 1f6ed2e59b9950e899c868c3ffe39835981226157f3948ddbb1aacb3660c5abc1e8069da15ca48209b1cdc315a71ea9f86753e3e3ed1c9a7676acbae51b14021

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\754E954A5087932D8E8670242CA2E87114EA26D9

MD5 e8bedd2a7a7afd6de96f50e754f36473
SHA1 fe478fc47478a2c15f48b1fbbb3bba50945c5165
SHA256 13357a773c2796970bd2c58888a8bfceffc96fb1a68cbad6979ed5d356bd7a4d
SHA512 dbab20053beb6a3710cfd0942cab3c2b9c1f60c3d0c17a9af75b3ae1a650a5243af0d281a06635e42e8755f357418fa826a36d81a9fe18d6ed9cd82383a84bc0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\doomed\6896

MD5 d401b847d139056d44edea2217445bd8
SHA1 98f2e7edaf10a6f0816ab3649b56a134706a4820
SHA256 c14f123fbe2b4c29dbbcb24cc850c38eabfd0d7afae3d4636015553bad1fbcc7
SHA512 15ca104fb5795d46947da21d1b00aa3e093499883fa2c2c6e8dc4ad30e11e9b87e61e631d16c7aa88a51507a92c0cfc5be991cbb9c9c31e74484675d94f76b86

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\doomed\19846

MD5 fc0d57dd9fd7c0a9005b997b085a0a71
SHA1 3d15155e39752ced1e9874b0a2727b98290d4884
SHA256 aeb5ae21ad83f86521316429c0fb328778375da934c22006239d29e14d2e1ed8
SHA512 c7bee64e82c28f307e5effc01f3196fd5829106cc5bd745c3f941cef8566a25bf01f2b8b5c5b8dee9fc464e3b6bf04a45ad49cda8dfad197452ca3d4ba7d3bd5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\doomed\1084

MD5 3eb74022d649d22e3cf1a051d16ab47f
SHA1 0c3b084d03df66450304718190597aa621211f46
SHA256 d850f5bb821015caf5b20f17acf1bb65efaccec7d8798da2b8c3434715800fb7
SHA512 ff2f7ff24dce09c2c612c0e5762c6ac425c3db1729768eeb51ca2995cf4359c96c262f607e8a1701f97c693b4331928941b52b3477a6d595bccda40e86c35191

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\doomed\14147

MD5 0343f43403e7290e5679dce1efe6bcc2
SHA1 2c24e75499e5137c3b531a15d96407140204b1aa
SHA256 1647d92aaf260d833ba93b3a5bdf527349b2d51e3ad9c5009fecb425746f8c46
SHA512 5752d8380d58e60d0e6ffd201a3c1e5c1d0c1c70f798ee5b4214fdaeae1fc352ffaf68e95202a94ebefef4345726dc8604c9489c297c7a185363b65b7b24fa90

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionstore-backups\recovery.jsonlz4

MD5 55f765e91b3a46395a375affa539cfc9
SHA1 8edca77ee8809391443d17ce7cdb56af77c3b2e3
SHA256 05c9ca372de80cba618702489125f0df211d3f523c8012f4395c640ee31ed40d
SHA512 894ecdab703846d7ff359589f8e6c6f02e1ffb36062c61e0ec94b38505c73417c657b3fa532fd22acc6b2c64d590cd25469ca4f71d0e4a34b871e521c102f77f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1a494f5a5a82d20cb771edb772bb677a
SHA1 42faae1325137295ac158a9fb7819dc1414d5041
SHA256 e4592ff5df9a8b40eb6afe1500fcbdfd200475b6edc4f7e3ba7d858e8d302d6a
SHA512 2ae1121214921b95d29bea6b4396f503fb9c9e5dea8fdd7ef96b1650e4acd18c0828901c9d9b441083794989c38a74b9d3bdb01c4f142c6e4305890fcd733724

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\88D2DD145122466A8C6F39785D5A392BF5E86A0D

MD5 b3e0f79701fe001d4cf49fdbe657278e
SHA1 95e59782ac128406cf3530f3c32cc30bb38d13e9
SHA256 413d6735cb47c25bd96a8ff8adee54476de030aae04f17a2363a0304ca58f777
SHA512 f438b9d9036ef48f6b6897f0624cf669abea533a613dcf2b862091c69e3c6f42b3b84034299a0feec6e5c6c35239abc9f4a8d55fdccbbb7fdc85eb70003d5ddf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\E9BEC073147047EA8C760B036BF12413005CB4C3

MD5 082b865780993a9354296318a270e143
SHA1 fb4a3d9148afa50ec08b0a4897b7448b151c8303
SHA256 3cc762d72c21c80226a3af7ee4d3a418a54cbd412c25757480c92c85e1e36c99
SHA512 dc5965b282b417a514f6b5d428abb0d62af0d642195e6e04e4540c64f6f1562e276cc4fa83600302dc6cb82f3dad25e0861a1e32736da4b6230909f11fb8807b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\D35C09500437DD22D7C72D16F29F6C78D8E3C45D

MD5 8dfa629b63baa2d57e673318b0d97f76
SHA1 a768a97a6712855bd9bc55f64697325949ef2398
SHA256 d9e85983c292f3f030a68c0d1e888c7f8f29f5f9c8c0d59bc5414bfd4b460c4c
SHA512 d922c9125c6895d44bde87bee35dc0a4a8476df99979a6d590e833445a3265b903f82d8eff913c99c2157e52bce3e6b34ef39e03932157e96a418a25b0383e42

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\A298FFB5E12774DA032B837DCD86B8C3E7698377

MD5 fe6770fbde7ee4a7d3c5701fa9aede00
SHA1 50eecec1077f81366c1dada6e3f952f043fd3734
SHA256 820fe1c3afa069499cba1fb555b201ff283e2a654423556470764b8e6f5b914d
SHA512 e52296f67fe87ec10b58c198e43a5e9061a8b377bac67b76c6e37e7501630c8d0a41d2d7964ff5e7b6f7676bf2ac5f5059d9eff394d1831163cc77c587806fa2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\F63C822E7AAFC0ED25190A22B0F0D8103B08D6BD

MD5 f8fd4bb0df2b93e1c285e5bb4c4f7ec0
SHA1 62b819f1d4a44b8fe242dc414e03bf308377c9ad
SHA256 961b96bfacebab54ae1471a954ce479d0c27fc2c7f51bf55cc24bd8075869fc5
SHA512 9ab1cecaee1e2aca903f05a0f9fea8432e90f96d6e060be5b6786eb01c6dc7909bc52cd01a171b01fe6cfaacfcf6c1cd4a7521972f749997322b176fc41e658f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\14021B4F90C64F8926972A07525D347801137726

MD5 cdc7fefc40616ee394aa1846d1701034
SHA1 7ca90aeb44adc69527d9394f6d1467aeb122a2ed
SHA256 015152bd0e22bd8130b90f13e6e4f5eb0aadd9dd90ffe06249aaa7ad61f5903d
SHA512 7bdd1edca56417df654eaaa23596ac6ae01bef5fc45200418ebab970c06bb64e53019f347467f7272e1cfef6f8309759b2f605ea1327a45bba5c9219c580a74b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\D964636302D374DC68C4DCA2362B6B75D9DB1ADD

MD5 028bd60a9409e8bc9f5a433f96eb8366
SHA1 aa0d6da4d42976db387e832fbb846f36ff70d9b9
SHA256 83ed65d10ecccf9d02872c3eb05a35407d99224dccc56dd67f571a83aad4b513
SHA512 8b2e3ccaa939d3717be21c5a2379a41bd4858fa95649166d4fafc1241ea029b002626bcd42da88d14c12e989056f83971f9b6e1d234773bf8c02bcb9c859d7dd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\91F31F756AA32DC0823EC30502996894D0DBC749

MD5 27fadbfd6d1f3ea05ec60f2484ca0f2f
SHA1 639dd3bd5eed999bba2787cfcc3595955d3d1f67
SHA256 54676f681a39d2dfc878fff00a988d9409912b316a2d79c48d9b7ff18377054b
SHA512 0fb1ba72bc003e6454496b7dfbafaf3ff9e49a3dcbcb063d79d2e4f5b8cfe7342964e56f3b6dfb9ce259365460e1578199848944f3c14245f0279ebc26d7fb13

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\44836238049E96471D6554497813EF38374771D5

MD5 edc306908ef3a3a5903bf01061525066
SHA1 f1385a22e470ba5ab0f866765d9481cefb320c33
SHA256 d9af62e81ed9d02bb143454622e5dd7fbb317e7a80b49e4fe91969fb051aac33
SHA512 c5872e5f9de65d31e8edc0d3a4b53780e6b5dbcd1faaf873e42ae54d71918966c19a20c2cfdb314b88c404f6949e00991a1b4ae259a207d14d55819c21e98023

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\A0D91930D3248D88263AC1A5FE6FAC60DE487747

MD5 45a01526bbee3fb6653dee161ee5c0a0
SHA1 d7d82eb2512a9806fe7aef4c52d408a53873958e
SHA256 b8d7a53120efc3fd637c24cb2cb60a35ceebfa1aef2d2983e3862e326b0b2575
SHA512 bd891fd289c9eb315a7514192f68a84f8f1e319cf78567723d4b62c02420ba5050bd21073f7cec67e2ca0d6d4a0105bdf68f4bf797faca109d53ddaa33f18866

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\28B5B398AF5E092C36280331E747E81C303C496A

MD5 8d81eee9d15b9e9749725bb47778bea5
SHA1 bcfd08a5508fcde54ca782f14262e681d115b7c9
SHA256 e709f249b9e83062ca23b98486bb5209fafa99272a1307d41386da16a12d8f59
SHA512 567ccc9bc49cd43e02f68d8306b949a09356079b6034f400d78d58f09ec9990f60dcd171eb16341b73fa0ef3d4edb7c542603914bc1fa8a6b68543c5a159619f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\FC203364168F9FF14CF0C1FC2B6DB6E2BCC85D70

MD5 97c0bcb7eb9dc99b688ae10ace230996
SHA1 19adf63b7b94cb109da001458da14e646ec3817f
SHA256 51dc832525f941155dd7a2a32b8f0eb3c2d6e741d44f029e64340bb347ffa2d1
SHA512 a6b52946f0977690057526eca7577ec955780724198555cd51ddef83a0a078aa00b2a3f08913520aaba5bbef462e8e2571663babaaf8c552fb9cef6fc6ab166c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\doomed\17261

MD5 59c59a0b898815bb5261503dee303580
SHA1 e3e6ffc4e0b6ea9236bc0dd7b1474e3167f67990
SHA256 1235619c220ef43f5577dc3e6c42f7cac24f7fb4e2a67ef71d35d815172e354d
SHA512 674609cca3b29be38030ba14d5c383d52ec80a8c6355d7c0add5c279c50cc0d3133ddd7d0eddb516b87efb9b6706e03457c4499b246da76e5b0948353c3e1f04

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\doomed\24518

MD5 7253522a5e8b5d20bc549c2b54d50081
SHA1 08f52368979f3658fc9e6f0999319bad7bbd5493
SHA256 ce66e98b3319da2acd99f67efb2686d0edf67661a63d5f4acdf83240a82f2bd5
SHA512 15f5e127410b708fa31170018e374054daf94699cdccf13770fc3b26f411a3f4e7576a0f1d1866a9777654f545190438655a67ed27be800b8765ef26fa8733b3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2cb66d52059b42e914521814de85136e
SHA1 8fe65df6c31ea39df177fb5b775fc8fab0e3d182
SHA256 7dc52e4b8c6a04cb9358306f248b03432c6fa2f04326c868478090f582086e2f
SHA512 499bcc91bc9a01c9f1d698b9a4b4f3413fbd7671cf1b10097cfba924d6f9667b50b20fb56d8adf7a5d674d34548b6ace7c9181eb64d821aa902f38875eeed851

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\doomed\10507

MD5 911274ec9e5ba5b1974e72509f2489ce
SHA1 21af9a1c2025359e1f70e6f44071de6859e2d3b9
SHA256 8b34eb7e65d0fce10ff9104999162570f28b00c6439af1d0da1ffd05943851dd
SHA512 75819b1c63a2f33bbd70693de2a3f6dc6ecbef858aa1c88825281a9a58b3374ae35b3eacf53426e93385e9822bb35ad1a92ef5e65055376f6caa8d1ac399437a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\F9C099F161C0CC6899610322E3ACF9223FDE2B3B

MD5 60a09311a849aa637987ae046f7e904f
SHA1 dae38e00ed1ed183ee0d1f7ce35734356b2e65ff
SHA256 4a95da5577cc69aa5a63ec6799ce71db1c6ebd78880ec175e291265ec3e9ce76
SHA512 9d3643824739043e6563c64e218c62bcb4091e971db7d98808c85dfdbec482a2a092ad85561ccc2f7f14f49bb7fb732a1d9ebbaea92a54d6e4724f408bb7da42

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\2F3C4B2B8EEE63E659E2FAACF3FC155F3C8CC28D

MD5 b2e80a0894404b98b480ce0687246757
SHA1 4b88644ee705468e70f5fd600c44230736c36853
SHA256 ef61eba5cad7db7f56c4c73d1c478b12372daa5129d84c0a8c135c6739d60181
SHA512 0b643f8dccd2a4d242b83e4709509e784e7eb0518c569b19e972d980b913986347e98c7173b52adbcc68d670d1f1d03ec0e7a0eee0ef59613feea607caf86903

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\B86B02EAB8400C58B2F4F42B69E218D9C5FB9327

MD5 7357172fe069535a7ff240ff8fef4d56
SHA1 53d86cc2ecfad546c0bc5a230a80978e398f7603
SHA256 b4061615b00ab8ed745884c9c168cec8929c617ddfa2062cfb46812e572e01ac
SHA512 d8c170989b27f068584e23029f7dc060e978f717ab94c2dec80d3e218e6e115d1032aaa6d96141f73cbc7704ec21a1633580a5ed15e49ea1b0ee41b8c27ba8b7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\F4DB32A33BA8ABD54C2F4557A74CAE91E42459CE

MD5 147ee39d5f61905ac3da5844586da5c4
SHA1 7540ce5c7c0cc25005810b22dcf04db193586b74
SHA256 40e844db35a22b50d90fdd1b9a077f6e27e3f70b4c35f0a81d1d45b4b9f4155d
SHA512 a6712f58b0cb11aa8d5831a8bddd68531c2ac88add0431baba4813caa34563119175c25160122efd44342e5a2cb5223211449e909c38fac71f023b66d5e596ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\15B3D98D082AFFB95B1E0037D95C196D102BB227

MD5 77777df3a53141bfd364ccc62d2d1a00
SHA1 d4c6c1ec5c6163b05f9960580b68e4fd4cd4562f
SHA256 40570e521337d932fc075c0ba949c2e96467b9cb3461f1428429c79f1a2953dd
SHA512 da692ce405a16cdbeab3365692aaf044bb4d0bbe8a8a464ce8990f7ab1fb6426646d90463b7fd08359fccddd431c75f94bb91d7a75863e91d2dac14c07a5cb86

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\3C33189BA733074ACA905988636FF4EB0BB48393

MD5 763124b40ec7719656d809f00b4ac18d
SHA1 633e45f59726100931c615b0939c19d1f3ba2b8d
SHA256 b2648ea6ec18b27e91d8b8222b09f13f0615b0714aafd55190600c7982e7cfdf
SHA512 2e60cb5b99cf4ef8f1ae3cc73273e102bc1a059da07b0ca068c8d8057d4bbc38d61afb48ad7657fe577c6991f21d9dca589e741bda8a402eace6e3512dd5eed5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\BB04852D9B72AC455777FA4C7AE1EBA1B8F17164

MD5 70faed29b3564246c6d69a08f54fd692
SHA1 41abc64b99969b6fde1b2d6d844b139a8b6913d8
SHA256 5619d03d484d1c96108d7786f85f8e299ea58976671e726740105857f38a019b
SHA512 90a5c1faaca1b5273d933102eef2a54b316794d50a22a9da38d30dec74c8237917361e0b9b2f2fbe3752465c0d6809676fcc500ddfddbb3642d4f408bf71e585

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\70F0B9124F9D2E9A281491D47E26BA14A7946749

MD5 435b580e94a7a4f8f089aa731d76d758
SHA1 5f29baea6373f9919c347c3a4a2ed0a839e6db8f
SHA256 46bb839618e66e3c008c088d2f0ca6bd91a920b8583481083d5640bb5704168c
SHA512 6c44b6462e6c3e0ea3b049b65aefcc7d4990f1fd6e2018a50aad41d733795ce4e309cbce96be9959d1445a89a7edb6f52c8d3856c921330fbd6b36a0bfb8c421

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\B873B3C7DDAE91939513F735B2050BE0FA092BC3

MD5 5a205eaa2f6d72613846141601c0b47e
SHA1 b2bc83e05bc010113f476a6f03a83f88c9566a31
SHA256 48338c96365b8d1e5b9fc31db5f3697b6a26ab6cc8e07e2e02bae3bc2acb18b7
SHA512 fe7c6c5fe09de9b8785e3f36e05c9dd14222a8603a7e587ae3a3182d1dbeb9e8d608df523db9df873b12c69e067373d7824c5d694d388213e0941e42ae7a05a2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\5C778B064A4A9E66650E0A0DB3FA61FDC266204D

MD5 cac077338eb3b125c89042392608f267
SHA1 b4b105e5619d40f21c6370ef3032cd23dcb94c97
SHA256 074f303dc7a945b6d73cbe4a14e872b77c0493a24d4b606719e8fe7c7124f741
SHA512 94d93a657fd42a06edb3d75f71111f6e79b968d4c44fe3c5e0717927d35908a06b12d17f7a54d302b9d31a24886d4c5384a974fd059410a6aad835078c3247bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bf6a39ea726abd7040ea7e523237c4c4
SHA1 0ca4e9487eb7dcab4c698ca1b7faa671ed21ebfd
SHA256 2a6f5c4da694e3feed12c4e9631065254c39f3d1bd9b04398060fb202f55e699
SHA512 764b6e441525f4d3ba5dd7d86e10ca910ed5ea73cf74ea53ff2819baead9bad322e3dc33e184bc02962a59d5cb8bb7d961fdaf1ca5c5f564913b9e4929b2b3c9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\doomed\12717

MD5 4867e45cf1888a3d58b3d6b5bc18a2de
SHA1 34143732de5b2f3b834d9481bf91da96242d53bc
SHA256 955fa3746c6c6ab264597ce82fa914122a2d43ecd7cef9c3d1ec88b52792816f
SHA512 33e7b1c94ea3fd841f25f581c9051c5e3bc8620f33e5785291bc376ee814455e3f23949b49aeb8da625aec1ff669283015452a804735ff8d08a7502150e28224

C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

MD5 0ef2803e51d7a855a25615095fb3c3d6
SHA1 6a611a7e5351cb9a9217aedeb7eaf90e12f0f88a
SHA256 56c860462f30759c805c66f5154cb2d9b6a292c84bfdd1ec7ecfdfeaa824bf0f
SHA512 3a08f74233fdacc5a7e2fe635a2745aa798ab81dff5a8e4fa81e4e8003ead66f8c6133d4d927b768cd84a023a274e4964fa6b7970cb5991e688bd62396884208

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f07e6db6332b9011aa99a9fa02c07fe0
SHA1 2dbab6e1259dd60b3e0dd20ccb9b98eef76e9e7f
SHA256 9d73096943e63a5788e4678ae9af5103127c591a9551d31dde58879a4a889782
SHA512 36b7bfd56937c2aa8f64fc6394a13cb659a9b872001a977bbd48278d6bd15db9fe06bb2dfd5dda87ac2229b134b41f2380bde3bb55edb0e6d8782a6b8e132514

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\jumpListCache\YMUyzBCjztShDUkZG_FY1A==.ico

MD5 6b120367fa9e50d6f91f30601ee58bb3
SHA1 9a32726e2496f78ef54f91954836b31b9a0faa50
SHA256 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0
SHA512 c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

memory/1672-1278-0x00007FFB27193000-0x00007FFB27195000-memory.dmp

memory/1672-1277-0x000002CA63B30000-0x000002CA63B4A000-memory.dmp

memory/1672-1279-0x000002CA7E720000-0x000002CA7EC5C000-memory.dmp

memory/1672-1280-0x00007FFB27190000-0x00007FFB27C52000-memory.dmp

memory/1672-1281-0x000002CA7E390000-0x000002CA7E44A000-memory.dmp

memory/1672-1282-0x000002CA7E030000-0x000002CA7E03E000-memory.dmp

memory/1672-1283-0x000002CA7E2D0000-0x000002CA7E34E000-memory.dmp

memory/1672-1286-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/1672-1284-0x00007FFB27190000-0x00007FFB27C52000-memory.dmp

memory/1672-1285-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/1672-1287-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/1672-1288-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/1672-1290-0x000002CA7E6B0000-0x000002CA7E6B8000-memory.dmp

memory/1672-1292-0x000002CA7E710000-0x000002CA7E71E000-memory.dmp

memory/1672-1291-0x000002CA7FFE0000-0x000002CA80018000-memory.dmp

C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

MD5 9e4e94633b73f4a7680240a0ffd6cd2c
SHA1 e68e02453ce22736169a56fdb59043d33668368f
SHA256 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

MD5 e8e0b356778be2f5406f8f4963476f26
SHA1 19c9122120adfe11f18aefda54d1a3316737ef1b
SHA256 54593782bc50db38f0ce592ce16616e3aaa60ee6509404b4731c809c6ad38360
SHA512 a296bd40b46061dc2a4d44a1a31d88fe5bc3a831fdb45fd787f22a6cfc9534e1da6d7a1496d9ac59b0c99be7593e3bd99738d7369d931ac9e7ceae67b7a7f167

memory/5152-1308-0x00007FFB48BC0000-0x00007FFB48BC1000-memory.dmp

\??\pipe\LOCAL\crashpad_1448_DQPVOYUICMAWEFWD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

MD5 d90c34ab5536d99a2257cbb85fed8f99
SHA1 87d9ed6076eed24b9efa1fe2539c1224ea3818bf
SHA256 8b8c90fd5693d9f277d82745dcf171c09f32182e3530f0fb3e0b78e508ff5674
SHA512 20a04823ed113eaa31dadaab643744f68be006a088263277bc32fc56f726dca2aa2a730a3eaf8ad6c9c913bcef0f8ba7290858b06b885933b1d7a168ddd5eb62

memory/1672-1402-0x00007FFB2A1D0000-0x00007FFB2A1F4000-memory.dmp

memory/1672-1401-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

memory/5152-1441-0x000002854B950000-0x000002854B9F3000-memory.dmp

memory/5680-1443-0x0000011E28F30000-0x0000011E28FD3000-memory.dmp

memory/5304-1442-0x00000271EA6D0000-0x00000271EA773000-memory.dmp

memory/1672-1445-0x00007FFB27193000-0x00007FFB27195000-memory.dmp

memory/1672-1446-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/1672-1448-0x00007FFB27190000-0x00007FFB27C52000-memory.dmp

C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

MD5 7c3c9f10492e0fa62699d68a232ea02f
SHA1 3cfd34be66fb0e7cb8a076ef1a759fc164521094
SHA256 51596f4e736c551e530bc5ae8c8c53597ea7dc50fb1f2a094b64da56af3296ad
SHA512 db758cd6f4c4abfc29ac0a89e025c48224cebd051bea50c0fd5b6abbf75f988bdb8a4d44c384cc718e97e5c4ec1617fc4b0a92c3919e65378dc59869bd0ca33b

C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe5abdd3.TMP

MD5 ef485325223c2926101716dfa4d1e83f
SHA1 c8e3763b857ca7e415e6d5301770bd73528ceae0
SHA256 99f7650094928dbfc40bf5d9759c0c677ba94bd0b511933bf66b27ecac6a2c3c
SHA512 3cbf1728bea0fdf846489e8c6d1299c2ae205fd8f42386c705bc9e484ed03281afba4fa4c57b534a3189f2216651b3e281acf1f8fa52cb7f8988b052cca36566

memory/1672-1461-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/1672-1466-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/5152-1468-0x000002854B950000-0x000002854B9F3000-memory.dmp

memory/1672-1471-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/5304-1474-0x00000271EA6D0000-0x00000271EA773000-memory.dmp

memory/5680-1475-0x0000011E28F30000-0x0000011E28FD3000-memory.dmp