44caliber | 65dcaf8699e4d8d8aaa1c177fc49bfe4ff69ad4fd3891d61f68c5239e217cb14

Resubmissions

23-06-2024 10:41

240623-mrc4qaycph 10

23-06-2024 10:36

240623-mm7sjasdlk 10

23-06-2024 10:32

240623-mk1lfascrp 10

23-06-2024 10:26

240623-mgw4vaybre 10

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
23-06-2024 10:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Solara/SolaraB/SolaraBootstrapper.exe
Size

826KB
MD5

886d05ab350457e2ddde2f569dc0668a
SHA1

3448ca0ce7b2f279694f8a360348c0ade71b9322
SHA256

286b6d3aa77caa78854b3648d96d80a1f207d7b94fb54103b44600a6f72839b5
SHA512

31186e5e079389f820a026843340468cf183c31ee18d60537d48e83b4ecb08b86f2e1b41012b4fa25ebbbd33a4fbc833986815e71010b74df3e04fdaf49d7962
SSDEEP

12288:gCQjgAtAHM+vetZxF5EWry8AJGy03eJxZM6gMkIhS:g5ZWs+OZVEWry8AFL06gGS

Score

10^/10

44caliber evasion spyware stealer themida trojan

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/1169713279464120370/GUIw2wEmQMllUHEfRf3MNeS3DBNrZN-RuTQ9QbFfAqIZNVHtIlkj1yiD5QqgrIlv8gQi

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ cd57e4c171d6e8f5ea8b8f824a6a7316.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

SolaraBootstrapper.exeSolaraBootstrapper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	SolaraBootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	SolaraBootstrapper.exe

Executes dropped EXE 3 IoCs

Processes:

SolaraBootstrapper.execd57e4c171d6e8f5ea8b8f824a6a7316.exeInsidious.exe

pid process

1476 SolaraBootstrapper.exe
5688 cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5608 Insidious.exe

Loads dropped DLL 5 IoCs

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.exe

pid	process
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Themida packer 18 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll	themida
behavioral1/memory/5688-1728-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral1/memory/5688-1736-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral1/memory/5688-1747-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral1/memory/5688-1751-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral1/memory/5688-1748-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral1/memory/5688-1779-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral1/memory/5688-1948-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral1/memory/5688-1974-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral1/memory/5688-1978-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral1/memory/5688-1986-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral1/memory/5688-1992-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral1/memory/5688-2013-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral1/memory/5688-2020-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral1/memory/5688-2025-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral1/memory/5688-2074-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral1/memory/5688-2093-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral1/memory/5688-2196-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service
T1102

Processes:

flow ioc

50 raw.githubusercontent.com
51 raw.githubusercontent.com
111 raw.githubusercontent.com
116 raw.githubusercontent.com
158 raw.githubusercontent.com
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

80 freegeoip.app
82 freegeoip.app
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.exe

pid process

5688 cd57e4c171d6e8f5ea8b8f824a6a7316.exe

flow	ioc
50	raw.githubusercontent.com
51	raw.githubusercontent.com
111	raw.githubusercontent.com
116	raw.githubusercontent.com
158	raw.githubusercontent.com

flow	ioc
80	freegeoip.app
82	freegeoip.app

Drops file in Program Files directory 6 IoCs

Processes:

msedgewebview2.exe

description	ioc	process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2120_29702601\protocols.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2120_29702601\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2120_1172266596\crl-set	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2120_1172266596\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2120_1172266596\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2120_29702601\manifest.json	msedgewebview2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedgewebview2.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

SolaraBootstrapper.exeInsidious.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

pid	process
1476	SolaraBootstrapper.exe
1476	SolaraBootstrapper.exe
1476	SolaraBootstrapper.exe
5608	Insidious.exe
5608	Insidious.exe
5608	Insidious.exe
5608	Insidious.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

Processes:

msedgewebview2.exe

pid process

2120 msedgewebview2.exe

pid	process
2120	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

SolaraBootstrapper.exefirefox.exeInsidious.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

description	pid	process
Token: SeDebugPrivilege	1476	SolaraBootstrapper.exe
Token: SeDebugPrivilege	4280	firefox.exe
Token: SeDebugPrivilege	4280	firefox.exe
Token: SeDebugPrivilege	5608	Insidious.exe
Token: SeDebugPrivilege	5688	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Token: SeDebugPrivilege	4280	firefox.exe
Token: SeDebugPrivilege	4280	firefox.exe
Token: SeDebugPrivilege	4280	firefox.exe

Suspicious use of FindShellTrayWindow 10 IoCs

Processes:

firefox.exe

pid	process
4280	firefox.exe
4280	firefox.exe
4280	firefox.exe
4280	firefox.exe
4280	firefox.exe
4280	firefox.exe
4280	firefox.exe
4280	firefox.exe
4280	firefox.exe
4280	firefox.exe

Suspicious use of SendNotifyMessage 9 IoCs

Processes:

firefox.exe

pid process

4280 firefox.exe
4280 firefox.exe
4280 firefox.exe
4280 firefox.exe
4280 firefox.exe
4280 firefox.exe
4280 firefox.exe
4280 firefox.exe
4280 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4280 firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SolaraBootstrapper.exefirefox.exefirefox.exe

description	pid	process	target process
PID 4032 wrote to memory of 1476	4032	SolaraBootstrapper.exe	SolaraBootstrapper.exe
PID 4032 wrote to memory of 1476	4032	SolaraBootstrapper.exe	SolaraBootstrapper.exe
PID 4032 wrote to memory of 1476	4032	SolaraBootstrapper.exe	SolaraBootstrapper.exe
PID 2368 wrote to memory of 4280	2368	firefox.exe	firefox.exe
PID 2368 wrote to memory of 4280	2368	firefox.exe	firefox.exe
PID 2368 wrote to memory of 4280	2368	firefox.exe	firefox.exe
PID 2368 wrote to memory of 4280	2368	firefox.exe	firefox.exe
PID 2368 wrote to memory of 4280	2368	firefox.exe	firefox.exe
PID 2368 wrote to memory of 4280	2368	firefox.exe	firefox.exe
PID 2368 wrote to memory of 4280	2368	firefox.exe	firefox.exe
PID 2368 wrote to memory of 4280	2368	firefox.exe	firefox.exe
PID 2368 wrote to memory of 4280	2368	firefox.exe	firefox.exe
PID 2368 wrote to memory of 4280	2368	firefox.exe	firefox.exe
PID 2368 wrote to memory of 4280	2368	firefox.exe	firefox.exe
PID 4280 wrote to memory of 4476	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 4476	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe
PID 4280 wrote to memory of 1976	4280	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Solara\SolaraB\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Solara\SolaraB\SolaraBootstrapper.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4032

C:\Users\Admin\AppData\Local\Temp\RarSFX0\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\SolaraBootstrapper.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1476

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5688

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=5688.2140.6445054178167282099
4⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2120

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x178,0x17c,0x180,0x154,0x188,0x7ff88d9a2e98,0x7ff88d9a2ea4,0x7ff88d9a2eb0
5⤵
PID:3252

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1812 --field-trial-handle=1816,i,16561476563858884176,13066071210001977708,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:2
5⤵
PID:320

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=2124 --field-trial-handle=1816,i,16561476563858884176,13066071210001977708,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:3
5⤵
PID:4408

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=2324 --field-trial-handle=1816,i,16561476563858884176,13066071210001977708,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
5⤵
PID:2832

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3648 --field-trial-handle=1816,i,16561476563858884176,13066071210001977708,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:1
5⤵
PID:6364

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=2284 --field-trial-handle=1816,i,16561476563858884176,13066071210001977708,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
5⤵
PID:6780

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=4472 --field-trial-handle=1816,i,16561476563858884176,13066071210001977708,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
5⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Insidious.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Insidious.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5608

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4280

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.0.1473473294\1148731389" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d76d0c5-ee8f-4dfb-9fd8-ee2a2e96f349} 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 1964 1bcc36d7858 gpu
3⤵
PID:4476

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.1.2067112558\48785026" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2340 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc4e52b6-f1bb-4eca-b50c-f1c18559b6e5} 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 2364 1bcaf971658 socket
3⤵
PID:1976

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.2.1127263553\36145029" -childID 1 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37102c61-a554-40c5-a57d-20b35dbae6b9} 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 3208 1bcc7596858 tab
3⤵
PID:5064

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.3.1501526964\223253150" -childID 2 -isForBrowser -prefsHandle 3740 -prefMapHandle 3736 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dfe1c5e-b750-40be-98d2-d9ca96f2e9c4} 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 3752 1bcaf95b258 tab
3⤵
PID:456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.4.1494904602\1467942125" -childID 3 -isForBrowser -prefsHandle 4144 -prefMapHandle 4140 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3eb2503f-44d7-4fa9-8a4a-e996bee004ad} 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 4156 1bcc8ca0458 tab
3⤵
PID:1824

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.5.1111413582\773305420" -childID 4 -isForBrowser -prefsHandle 5096 -prefMapHandle 4724 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f210ebb1-a1a8-4313-93f5-1abaab228e5c} 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 5104 1bcc888ee58 tab
3⤵
PID:4908

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.6.274705685\1784167166" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e9b788c-08d7-458e-9bbc-558e237bf468} 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 5176 1bcc9d40758 tab
3⤵
PID:4356

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.7.1716532742\1476655430" -childID 6 -isForBrowser -prefsHandle 5460 -prefMapHandle 5456 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0dd9f5e0-9546-4683-8d0e-51f20601f1b4} 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 5468 1bcca6f7258 tab
3⤵
PID:1624

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.8.1860488451\349378504" -childID 7 -isForBrowser -prefsHandle 5804 -prefMapHandle 5744 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7873154-fc8a-4bac-9892-5553fb8cb9bb} 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 5800 1bccba04a58 tab
3⤵
PID:5448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4424 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:2256

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2120_1172266596\crl-set
Filesize
21KB

MD5
d246e8dc614619ad838c649e09969503

SHA1
70b7cf937136e17d8cf325b7212f58cba5975b53

SHA256
9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1

SHA512
736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2120_1172266596\manifest.json
Filesize
113B

MD5
b6911958067e8d96526537faed1bb9ef

SHA1
a47b5be4fe5bc13948f891d8f92917e3a11ebb6e

SHA256
341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648

SHA512
62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\16910
Filesize
9KB

MD5
7f2b53e1f06bdfb71307e28d1403e505

SHA1
b7ab13489960ec3923a2b7b282185c2527bb5776

SHA256
8125d0d805caa978b23f0667a7d2a8d1f77a4c0b0d968ccda7a145770eb13fae

SHA512
fad4e8e3ff8a8d4773cfa349e506e6debce28d95b94db910d37e2451bc085554370011fe6f71a41ede7b131d54927123942a13d4d442b7a85eeb0153d3b10d64

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\BC0DEF32A0157EF46FE3978BA10BDBC89D00D071
Filesize
213KB

MD5
b51b22cf788349f42da0314c8d407265

SHA1
77fd781a2f87e1c5b9786e19d7d29e1d62e505a5

SHA256
eb206899feccd32ad2eaa4e0da709128a9b40a4bf3b7319965098aee4485c050

SHA512
e4ae546aa4aa3ba9b327990ed6c7ab892b149dfe81ff16d78305a85b631f78c04128e311a1c95083b9bb335ab554543a04df1db3d5d945684f2a33e3e7735507

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\C6A6389A9162CEB2E1F41436B370871FECA58F75
Filesize
60KB

MD5
48a3d32789c32a42b93358a936d95b92

SHA1
256567290cc82da75188ba2c378dd29e923cd301

SHA256
366dd2e991f7a7f44983020de2025ea0024460209e0e68ffeb5fb7949492273a

SHA512
92d9f6134776cfc511abc3db64211531c9aaea798cac413647a95ae907a7b9830389d238bcfb39ba2857a90b27c572867c0ca8e064a23c757cc33dd7ccced046

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Insidious.exe
Filesize
303KB

MD5
cf6fbbd85d69ed42107a937576028fc9

SHA1
d8f2ca741a8f0beb8e89a68407241c5332759303

SHA256
644455284cd1e2188564dcea09cc0d09448423c9bfdeb9d05a834600d593ec1a

SHA512
562f8004f6d406ed596ff2ad7487f616f1abb98d415d70d87c18f11f364b35a40b959800085966b1680737e6bc7e3793d3b8c60046ea680dc87a673badeab94e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\SolaraBootstrapper.exe
Filesize
13KB

MD5
6557bd5240397f026e675afb78544a26

SHA1
839e683bf68703d373b6eac246f19386bb181713

SHA256
a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239

SHA512
f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
Filesize
488KB

MD5
851fee9a41856b588847cf8272645f58

SHA1
ee185a1ff257c86eb19d30a191bf0695d5ac72a1

SHA256
5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

SHA512
cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dll
Filesize
37KB

MD5
4cf94ffa50fd9bdc0bb93cceaede0629

SHA1
3e30eca720f4c2a708ec53fd7f1ba9e778b4f95f

SHA256
50b2e46c99076f6fa9c33e0a98f0fe3a2809a7c647bb509066e58f4c7685d7e6

SHA512
dc400518ef2f68920d90f1ce66fbb8f4dde2294e0efeecd3d9329aa7a66e1ab53487b120e13e15f227ea51784f90208c72d7fbfa9330d9b71dd9a1a727d11f98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
Filesize
43KB

MD5
34ec990ed346ec6a4f14841b12280c20

SHA1
6587164274a1ae7f47bdb9d71d066b83241576f0

SHA256
1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

SHA512
b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
Filesize
139B

MD5
d0104f79f0b4f03bbcd3b287fa04cf8c

SHA1
54f9d7adf8943cb07f821435bb269eb4ba40ccc2

SHA256
997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

SHA512
daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
Filesize
43B

MD5
c28b0fe9be6e306cc2ad30fe00e3db10

SHA1
af79c81bd61c9a937fca18425dd84cdf8317c8b9

SHA256
0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

SHA512
e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
Filesize
1KB

MD5
13babc4f212ce635d68da544339c962b

SHA1
4881ad2ec8eb2470a7049421047c6d076f48f1de

SHA256
bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

SHA512
40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\index.html
Filesize
20KB

MD5
08d9ac1e35385587b0c3c8a73ea97234

SHA1
d1db15b5e97152be999339d90630f68ed06a6b78

SHA256
016cadaa9a8494b15efea920a5ea9c02b441e90dbc7c444e73db3b307f93a741

SHA512
8061a5a92f828642ea2fcb319571efa406ed67a75b4d4da1aeb3da96391a72fcde670e3e52efef62d37ddc17f7eca5afa0d35aa02bfd1bcadd8e86240cb802a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\basic-languages\lua\lua.js
Filesize
5KB

MD5
8706d861294e09a1f2f7e63d19e5fcb7

SHA1
fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23

SHA256
fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42

SHA512
1f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.css
Filesize
171KB

MD5
233217455a3ef3604bf4942024b94f98

SHA1
95cd3ce46f4ca65708ec25d59dddbfa3fc44e143

SHA256
2ec118616a1370e7c37342da85834ca1819400c28f83abfcbbb1ef50b51f7701

SHA512
6f4cb7b88673666b7dc1beab3ec2aec4d7d353e6da9f6f14ed2fee8848c7da34ee5060d9eb34ecbb5db71b5b98e3f8582c09ef3efe4f2d9d3135dea87d497455

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.js
Filesize
2.0MB

MD5
9399a8eaa741d04b0ae6566a5ebb8106

SHA1
5646a9d35b773d784ad914417ed861c5cba45e31

SHA256
93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18

SHA512
d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.nls.js
Filesize
31KB

MD5
74dd2381ddbb5af80ce28aefed3068fc

SHA1
0996dc91842ab20387e08a46f3807a3f77958902

SHA256
fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48

SHA512
8841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\loader.js
Filesize
27KB

MD5
8a3086f6c6298f986bda09080dd003b1

SHA1
8c7d41c586bfa015fb5cc50a2fdc547711b57c3c

SHA256
0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9

SHA512
9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Newtonsoft.Json.dll
Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\VCRUNTIME140.dll
Filesize
99KB

MD5
7a2b8cfcd543f6e4ebca43162b67d610

SHA1
c1c45a326249bf0ccd2be2fbd412f1a62fb67024

SHA256
7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

SHA512
e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll
Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt
Filesize
33B

MD5
7207978deac3d2df817c0efb6de01f45

SHA1
1b547cb35c2e709dcf4132452cdb5b6ccd66044f

SHA256
14056051c638d943e3f6cd8ae99b7b8b8b4419f6e6193861081e519eeb4dc808

SHA512
d38226a5eb755aafe7e8e3d707b00841aea985bd8dedf20556800f1bb7ac7c807fa195bdd1e21014087f89b319ab278bec922951b7c682e9edd3fbee147834ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll
Filesize
3.9MB

MD5
a4e469b250ddd6b7bf49530074eb58d6

SHA1
b453b13beef7d25bc0675fe68177e5bd2a3b3a22

SHA256
d0123ecdd83962566e620da8f4dbb3a254ed614370d67a07f6c26c3ebbd12c06

SHA512
af21f10ed6ce8b1e98be439f05786dee2dbbe4d5930853ec383f607a9c03b94609d35234bc793422768c1eda342376ca8bb87d6f3a02f30af9fcf37a0cff1bea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Filesize
90KB

MD5
d84e7f79f4f0d7074802d2d6e6f3579e

SHA1
494937256229ef022ff05855c3d410ac3e7df721

SHA256
dcfc2b4fa3185df415855ec54395d9c36612f68100d046d8c69659da01f7d227

SHA512
ed7b0ac098c8184b611b83158eaa86619001e74dba079d398b34ac694ce404ba133c2baf43051840132d6a3a089a375550072543b9fab2549d57320d13502260

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize
280B

MD5
be14bbaf2da5d8dc11b8d93a2e934dab

SHA1
c19acaafde4e5e3117700aa705d1fe66838fe075

SHA256
cc0993fc2e80864f9d75a5123e8433a44ed8c2a310892f1b4f9a0337e561621d

SHA512
7f1275231cb84b6e19faab4370ac7a04db9c5a97642f873fbd7cbc0973909d9164d86521c3a0d7df15bf10f53d44f2206e69adeb77ac68c4bdb75e23eeaadc43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\throttle_store.dat
Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\10617442-7c50-4e35-b255-7d7f8cfb91c4.tmp
Filesize
5KB

MD5
b8a4d09242d6ff500d1811a6c1291ee2

SHA1
17e4dad7b02d3f9a3fe3c1050f286b09601aa21f

SHA256
2e18239c2b90ad84c64dd6978ca517a81108cfb770a5b5c9a0a7332d92dd12de

SHA512
e9f02395128f5c031be3a520151cbaa6e9e335153eb4ca5a5126b20b3862f8cae3edffaea4e3e908f19c00b5b8d655ea654590edeb2203a23f504e50dfd039b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnCache\data_1
Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\Network Persistent State
Filesize
1KB

MD5
2245e17a00e5d00b5db0840098726904

SHA1
45a1da730274da78df5086cc3331bae43db177fd

SHA256
cb115c157967f21db4afca318ad09400184d567fc5353a33ff17e04fc8e69b48

SHA512
bd07f3803f11063edb91ffd04474f7c38d05faaa2e88bf9394f0373cb65bb12efe6aee80212662364fc2b6b9aa4567582a9499d699586c185c2959dee4dc1121

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe59e063.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Site Characteristics Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize
2KB

MD5
3cdc246a6b85b040da42a901ffa73fec

SHA1
9faa572e8e9084ce1b50ddcee0e37a01c4ebebcf

SHA256
41428dd2328148f82f135aff72654a98468ba9eead8f6c2df6021bed4761b852

SHA512
6707951ced7c989480d598f50a99e1998bf03a7fa666d5735b1e2c0854c69aa901f209a5bd60f86e4b2dbbd77f0388e4964c5fb6f5c274c5bfd2ab6484b05ca3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize
3KB

MD5
e531bb5e76119dd6666b00095fa56c73

SHA1
326c6b7b8c2a58d6afd7db5e66c8c23b3a660b8d

SHA256
fa9128e8d151f57ec78f63e582afb0b4bf8ce64002d610eb5f92cfae005fe5e4

SHA512
15b72677be83d5f84dbefbc6c639c7f63bbc5eeb28aa893a3d1b455bc96b726f3917f2440cf0bf1930455156eecbd7fc635cc3a4b31891c633c7fd5b84dbc784

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize
16KB

MD5
464b98d41a1e47a33b180ccdbe5b40c6

SHA1
9eba9fcd4f911b61679fcbea019e4d9750cc8ec3

SHA256
a4dfc2350067d2f05aa334d0489928a57c608bf2ca4b71416080cc1316e8acaa

SHA512
22b73ab13e15c970904638cb7fd4a3a2a380f900dd05a525cbcf9d7445f769aa354f27f1295bbefb796a46a1e72807e2564c01f2533b85f4c402ed0f4682b3ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe58c147.TMP
Filesize
1KB

MD5
1004d2a2b712ca2179e67e50e868f40e

SHA1
d96fe20c61cbc40554b53c2d651db09a8cb6c86c

SHA256
de480bd5bbe31e9ab60c74efe37500e3a882d467ca74fca3ef74e91c351a8c5b

SHA512
c910bf7f7a55f429989bc2e6f6fd3d2dd4abfd61a4ef40ffba59f660e091ba4b2246a1f7bef4a5022075f5d0800f776265758c09a26343be1495adceb83bac49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
Filesize
522KB

MD5
e31f5136d91bad0fcbce053aac798a30

SHA1
ee785d2546aec4803bcae08cdebfd5d168c42337

SHA256
ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

SHA512
a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
Filesize
113KB

MD5
75365924730b0b2c1a6ee9028ef07685

SHA1
a10687c37deb2ce5422140b541a64ac15534250f

SHA256
945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

SHA512
c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\cert9.db
Filesize
224KB

MD5
a237409feaea8eff9ab5993ad5ecf33c

SHA1
eddcf27ffda68c68b5de49a7e3b192e1591cfb10

SHA256
81146e74739a0e1baa9d1ebb90dcafab6e1c1d4830d114d6b782b0aa5353422c

SHA512
33bdb4f9e90a1c521896a81ac7e257a5213eb34ccbca9571c6fb7b07c7302a169707801c519c8814d492a8feb9015218ed35283861e80eeafff4d33993e863f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
9ba0101c71f17986297f0af7dcf947ca

SHA1
77ea1ee487608a02392f4df2bb268ec981b3e33f

SHA256
5f5af1395313c22b4ec15a5bd0316362a26329fc0d8558b725c1c335e5c8e274

SHA512
12dad311b5ecfa595920bb956bd1cdffc10857adbff3fd565fa95edc5cd7ea01d635e7f7dcf71d38a0213f14bc7c1aa95e8a8c6a59b7070cf68a779de428a377

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\a0413692-beaf-432d-80b4-ef018a240db9
Filesize
11KB

MD5
791c8334cf305df0e6696bd8af724ef9

SHA1
33b4836a6cbc6b25f9ae769752419d14f2b75db5

SHA256
5da9a246bc38905bb7b9eff721cff6be15aa5dd8d296e95809afc12401e6dec0

SHA512
c4beb5cfd65218b084cd9b412e7ebadd229571b98159a50e189b70db0e77f14add9ee91f6e9fcb7cef9730bf6b97305a75bab01b7b3d544dfdd0b6c6b2334d25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\b9c03089-5bbf-407b-bcdd-71f2a69b8bb6
Filesize
746B

MD5
045ea55e2d10dcc878a9f88c294aed91

SHA1
28d932c6be83bf949580ef90287816b49e2dc082

SHA256
d54e4893557b6b45d070bface81ff22b0ae6f8e307c2788062d10dc2e6d6ef76

SHA512
0d5a2831caba6d865eaa09106e4fb9ebfd94069cf5e71a615862cd46f87bdf7fce7c54e480ac51bb48507f73d4b142c820d834c4bc2291956ab75d04ba40309e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
Filesize
6KB

MD5
74ab686f972d679cac02ebb88182072b

SHA1
d44988490206ec4eeab847292e781d1a4b5c35fb

SHA256
32ddb809db72061c25993281114dcb673940ca892091fd9b5dc45f41772bfb18

SHA512
d9b6c4fe482d34f263beba0411b49e0998fa17003d45169305ac2fae92b14fb9b4fd9803afb3d31a3a7f786c5193e4b42c8259a462caf6f3c6ae822390504cdc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
Filesize
6KB

MD5
99422b4fff4ba9c87c35cd0246431ff2

SHA1
63985dcf6402d02a47ed9c83e91c996a24211e1f

SHA256
6e94aa2bc7ea113f90e5e8ee91a4c2cb227a87c53e0b6158b0f64c9d67fbaf26

SHA512
03158de2e55e35d208982cc4bcd00bbde0d2ca71986540dc6e409bb510f3a5bb9027956d848ca848c09c987f346209bb6d80cd144efc013061aeb8352b9f06cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
Filesize
6KB

MD5
d7efa1fddcb951868076efc9e426d11d

SHA1
34ea58f3b2e7d0977fca1024217acdeb7cc5a54b

SHA256
b04ae20ba0812025b21d659dfae43eba3c016ea800c0369b550c85c831dbb8e3

SHA512
3c3cda2a03ba8435df96b43338c57b013be320a95ef0f4a0ce7749d80515ca43f82188eb3fa4cef5e58a92ee8fc6b8f0a100ef97c61fe4d13e75d124fe37ac1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
1c6b0f45dfa5f41c2f3ba9c5d1282570

SHA1
72ec2e316e7f7393f859294109060495944d4e3f

SHA256
92336737e80ccbf26b14f328c3b9d25fbb9f8e4d12a694205eec8525ec5649b0

SHA512
ce99fbc6465a0c21fe8775614e8aab3f7103557fcea6bf7b2e953c20ffe96f0854731185d481529482fda64d18ae21ed357229e6d138998cdc8ee22732471140

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
3ec7fcf8e9cdf8236a6ebc54112ab02a

SHA1
e26d8b8a60e4f55bf13f2c68933295ae9dd9e62e

SHA256
c6cd3017c67b7d63b3b1fd8ecfa1b63f2cef161ccc60473b573294f00a0c9bca

SHA512
3014b18ffa1804e47a7ac935d198977fa0834fa70965c4dd3539d6bbae7583a8b0d284931fc9cc49c691becc2fe1ee85261aa1e09f369541b5cd58af50a4ac22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
d6e72e9e72707622cc6bebf491615c9e

SHA1
f0d1d29fea79cc68bbea28460898822d89f1367a

SHA256
a46eddeb5e8e78ea4be3eae6aefdb064e33dc83c6bae68da198809b539e336be

SHA512
a31c1b15785316d3821a513f34e791f74766c397cb385ca5dd80a8192b9b22c4d222b20f778513ec527dfc608d5cde74a6ba6109f999886afa5b0f51760e46da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
0b9180408badd2897d0d22ed2d39724d

SHA1
f1590f0a9f6d7c8e4d15daa7599e6f9baec3a543

SHA256
06ccc5c0073e00ca61710952e0fbfaa94a6e361ae3150ae1f46a65ba54e1f2bb

SHA512
545aed731dfa9d81bdd1990205efb22ab415d723aeaa74b88f9952a04373677fdecb7e108bc5fec5bbbd95f25024b36b38ee634183f4615f847a7701423df0bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
ac106fc90c6a6ca33643cbd2e5366755

SHA1
0c866493efdfdb501f9dea5bc1b1f548f6668496

SHA256
228092e90af259012ab00e1207e4e7de882aa81e26b7f757d5cd90b967937a42

SHA512
c1d11e4304805f03bf17444f22784263e775910e71fc3219b2f10b2db25af2ef6a609892b1ed64e21696372ebb3c47bf7e3adfc9d3c5f4137331bed267c16362

Download Submit
\??\pipe\crashpad_2120_MGFXGQNZHWYDKABH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/320-1795-0x00007FF8B2390000-0x00007FF8B2391000-memory.dmp

Filesize
4KB

Download
memory/1476-19-0x0000000074CBE000-0x0000000074CBF000-memory.dmp

Filesize
4KB

Download
memory/1476-22-0x00000000006A0000-0x00000000006AA000-memory.dmp

Filesize
40KB

Download
memory/1476-101-0x0000000002B20000-0x0000000002B2A000-memory.dmp

Filesize
40KB

Download
memory/1476-110-0x0000000074CB0000-0x0000000075460000-memory.dmp

Filesize
7.7MB

Download
memory/1476-161-0x0000000005CC0000-0x0000000005CD2000-memory.dmp

Filesize
72KB

Download
memory/1476-1643-0x0000000074CB0000-0x0000000075460000-memory.dmp

Filesize
7.7MB

Download
memory/2832-1815-0x00007FF8B1D80000-0x00007FF8B1D81000-memory.dmp

Filesize
4KB

Download
memory/2832-1816-0x00007FF8B1470000-0x00007FF8B1471000-memory.dmp

Filesize
4KB

Download
memory/5608-1654-0x0000020B127D0000-0x0000020B12822000-memory.dmp

Filesize
328KB

Download
memory/5688-1701-0x000001E7DBD90000-0x000001E7DBE4A000-memory.dmp

Filesize
744KB

Download
memory/5688-2013-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/5688-1728-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/5688-1715-0x000001E7DC110000-0x000001E7DC18E000-memory.dmp

Filesize
504KB

Download
memory/5688-1707-0x000001E7DBC00000-0x000001E7DBC0E000-memory.dmp

Filesize
56KB

Download
memory/5688-1705-0x000001E7DBC20000-0x000001E7DBC42000-memory.dmp

Filesize
136KB

Download
memory/5688-1703-0x000001E7DBF10000-0x000001E7DBFC2000-memory.dmp

Filesize
712KB

Download
memory/5688-1948-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/5688-1747-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/5688-1974-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/5688-1978-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/5688-1986-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/5688-1992-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/5688-1700-0x000001E7DC1E0000-0x000001E7DC71C000-memory.dmp

Filesize
5.2MB

Download
memory/5688-1751-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/5688-1736-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/5688-1748-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/5688-2020-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/5688-2025-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/5688-2196-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/5688-1642-0x000001E7C15B0000-0x000001E7C15CA000-memory.dmp

Filesize
104KB

Download
memory/5688-1762-0x000001E7DBEB0000-0x000001E7DBEB8000-memory.dmp

Filesize
32KB

Download
memory/5688-2074-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/5688-2093-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/5688-1766-0x000001E7DC1C0000-0x000001E7DC1CE000-memory.dmp

Filesize
56KB

Download
memory/5688-1765-0x000001E7DFC60000-0x000001E7DFC98000-memory.dmp

Filesize
224KB

Download
memory/5688-1780-0x00007FF89B7D0000-0x00007FF89B7F4000-memory.dmp

Filesize
144KB

Download
memory/5688-1779-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/6364-1905-0x00007FF8B2390000-0x00007FF8B2391000-memory.dmp

Filesize
4KB

Download