Malware Analysis Report

2024-10-16 07:18

Sample ID 240625-ve6t9s1hnf
Target SolaraV2.83.zip
SHA256 76359f5ec0f6c8916ba4e07df1353b2a47c0979da198876de2348f1bc0ba6d4b
Tags
blankgrabber execution upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

76359f5ec0f6c8916ba4e07df1353b2a47c0979da198876de2348f1bc0ba6d4b

Threat Level: Known bad

The file SolaraV2.83.zip was found to be: Known bad.

Malicious Activity Summary

blankgrabber execution upx

A stealer written in Python and packaged with Pyinstaller

Blankgrabber family

Command and Scripting Interpreter: PowerShell

UPX packed file

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Modifies registry class

Enumerates processes with tasklist

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious behavior: LoadsDriver

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-25 16:55

Signatures

A stealer written in Python and packaged with Pyinstaller

Description Indicator Process Target
N/A N/A N/A N/A

Blankgrabber family

blankgrabber

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 16:55

Reported

2024-06-25 17:00

Platform

win10v2004-20240226-en

Max time kernel

301s

Max time network

305s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe"

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\SolaraV2.83.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2240 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe
PID 2240 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe
PID 1744 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Windows\system32\cmd.exe
PID 1744 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Windows\system32\cmd.exe
PID 1744 wrote to memory of 832 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Windows\system32\cmd.exe
PID 1744 wrote to memory of 832 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Windows\system32\cmd.exe
PID 1744 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Windows\system32\cmd.exe
PID 1744 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Windows\system32\cmd.exe
PID 1744 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Windows\system32\cmd.exe
PID 1744 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Windows\system32\cmd.exe
PID 1008 wrote to memory of 684 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1008 wrote to memory of 684 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 4052 wrote to memory of 4776 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4052 wrote to memory of 4776 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3312 wrote to memory of 5112 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 3312 wrote to memory of 5112 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 832 wrote to memory of 4544 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 832 wrote to memory of 4544 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2364 wrote to memory of 5044 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2364 wrote to memory of 5044 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2364 wrote to memory of 5044 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2364 wrote to memory of 5044 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2364 wrote to memory of 5044 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2364 wrote to memory of 5044 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2364 wrote to memory of 5044 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2364 wrote to memory of 5044 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2364 wrote to memory of 5044 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2364 wrote to memory of 5044 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2364 wrote to memory of 5044 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 2880 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 2880 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5044 wrote to memory of 3092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe"

C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe'

C:\Windows\system32\tasklist.exe

tasklist /FO LIST

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5044.0.1851250224\938334908" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {897e680c-e6bc-4a0d-9859-a4443461ee47} 5044 "\\.\pipe\gecko-crash-server-pipe.5044" 1964 246fecf3b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5044.1.1623329196\136419055" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8b38218-84c1-4937-9302-ba03927e8cda} 5044 "\\.\pipe\gecko-crash-server-pipe.5044" 2152 246fe630558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5044.2.1752801716\22013592" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 3068 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {623bd45b-811c-4538-91b8-525f4cc39c4e} 5044 "\\.\pipe\gecko-crash-server-pipe.5044" 3196 246fec62558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5044.3.1963626269\1611831229" -childID 2 -isForBrowser -prefsHandle 1416 -prefMapHandle 3496 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {922be36f-bd4f-43cf-b7c2-7004cb0fad2d} 5044 "\\.\pipe\gecko-crash-server-pipe.5044" 1408 24683edf458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5044.4.111348090\1727081589" -childID 3 -isForBrowser -prefsHandle 3772 -prefMapHandle 3768 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24468f8e-b682-4272-9a65-9ece1f7df795} 5044 "\\.\pipe\gecko-crash-server-pipe.5044" 3784 2468670e258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5044.5.844878787\2145278873" -childID 4 -isForBrowser -prefsHandle 4884 -prefMapHandle 2744 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d1e3c5d-335e-4994-819a-a390b3e8cee4} 5044 "\\.\pipe\gecko-crash-server-pipe.5044" 4984 24684709e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5044.6.92235693\398157236" -childID 5 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b125d67d-09e3-4a37-b439-10f28d21d79d} 5044 "\\.\pipe\gecko-crash-server-pipe.5044" 5196 24687a60e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5044.7.1156122028\539745039" -childID 6 -isForBrowser -prefsHandle 5180 -prefMapHandle 5184 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7805f634-f022-40e9-930f-13efdac870ff} 5044 "\\.\pipe\gecko-crash-server-pipe.5044" 5288 24687e0e058 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2196 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5044.8.563684934\368173118" -childID 7 -isForBrowser -prefsHandle 6748 -prefMapHandle 6836 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88757418-6675-4ec4-84d7-6780c8efce7f} 5044 "\\.\pipe\gecko-crash-server-pipe.5044" 6824 24685ce0e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5044.9.1337875561\2126813259" -childID 8 -isForBrowser -prefsHandle 3516 -prefMapHandle 408 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fc5cbc2-fee7-4a39-949a-e13876d5a3bf} 5044 "\\.\pipe\gecko-crash-server-pipe.5044" 3560 2468be29458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5044.10.239507254\558212" -parentBuildID 20221007134813 -prefsHandle 3560 -prefMapHandle 4916 -prefsLen 26725 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1c329d5-6db7-4eb1-b45e-9d87a7cde1a4} 5044 "\\.\pipe\gecko-crash-server-pipe.5044" 6920 2468be80258 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5044.11.1281216578\241393" -childID 9 -isForBrowser -prefsHandle 7048 -prefMapHandle 7088 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b29d8495-b34b-4fa0-8c27-7494f8dcf74c} 5044 "\\.\pipe\gecko-crash-server-pipe.5044" 3540 2468d494b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5044.12.67708921\210780761" -childID 10 -isForBrowser -prefsHandle 5384 -prefMapHandle 4988 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91661d82-0098-4ce1-b856-f9c6603a80af} 5044 "\\.\pipe\gecko-crash-server-pipe.5044" 5224 2468bef7658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5044.13.861146809\1242788931" -childID 11 -isForBrowser -prefsHandle 7396 -prefMapHandle 7392 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4259db34-c44e-4d39-8611-251003c7ad56} 5044 "\\.\pipe\gecko-crash-server-pipe.5044" 7404 2468603aa58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5044.14.1898329324\1383721801" -childID 12 -isForBrowser -prefsHandle 7544 -prefMapHandle 7548 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {562f2b97-25e9-4808-9bbc-1788b3bf6794} 5044 "\\.\pipe\gecko-crash-server-pipe.5044" 7536 2468605ee58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5044.15.1798149846\381246828" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 7548 -prefMapHandle 7680 -prefsLen 26725 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5e2712d-a705-49c3-8f23-c1709a63ac65} 5044 "\\.\pipe\gecko-crash-server-pipe.5044" 7764 246862a3658 utility

C:\Users\Admin\Desktop\SolaraBootstrapper.exe

"C:\Users\Admin\Desktop\SolaraBootstrapper.exe"

C:\Users\Admin\Desktop\SolaraBootstrapper.exe

"C:\Users\Admin\Desktop\SolaraBootstrapper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\SolaraBootstrapper.exe'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\SolaraBootstrapper.exe'

C:\Windows\system32\tasklist.exe

tasklist /FO LIST

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend

C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe"

C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe'

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\system32\tasklist.exe

tasklist /FO LIST

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe"

C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 blank-ni7ef.in udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 13.107.253.64:443 tcp
N/A 127.0.0.1:49964 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
N/A 127.0.0.1:49973 tcp
US 52.25.179.107:443 shavar.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 107.179.25.52.in-addr.arpa udp
US 8.8.8.8:53 167.57.26.184.in-addr.arpa udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 227.77.117.104.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.213.14:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.213.14:443 consent.google.com udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.179.227:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.179.227:443 id.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com udp
US 8.8.8.8:53 246.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.204.78:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 216.58.201.110:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 216.58.201.110:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 185.199.110.133:443 repository-images.githubusercontent.com tcp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 blank-dbvth.in udp
US 8.8.8.8:53 blank-x77ut.in udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI22402\python311.dll

MD5 5f6fd64ec2d7d73ae49c34dd12cedb23
SHA1 c6e0385a868f3153a6e8879527749db52dce4125
SHA256 ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967
SHA512 c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab

C:\Users\Admin\AppData\Local\Temp\_MEI22402\VCRUNTIME140.dll

MD5 49c96cecda5c6c660a107d378fdfc3d4
SHA1 00149b7a66723e3f0310f139489fe172f818ca8e
SHA256 69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc
SHA512 e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

memory/1744-25-0x00007FFE6E370000-0x00007FFE6E959000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI22402\base_library.zip

MD5 32ede00817b1d74ce945dcd1e8505ad0
SHA1 51b5390db339feeed89bffca925896aff49c63fb
SHA256 4a73d461851b484d213684f0aadf59d537cba6fe7e75497e609d54c9f2ba5d4a
SHA512 a0e070b2ee1347e85f37e9fd589bc8484f206fa9c8f4020de147b815d2041293551e3a14a09a6eb4050cfa1f74843525377e1a99bbdcfb867b61ebddb89f21f7

C:\Users\Admin\AppData\Local\Temp\_MEI22402\_ctypes.pyd

MD5 00f75daaa7f8a897f2a330e00fad78ac
SHA1 44aec43e5f8f1282989b14c4e3bd238c45d6e334
SHA256 9ffadcb2c40ae6b67ab611acc09e050bbe544672cf05e8402a7aa3936326de1f
SHA512 f222f0ebf16a5c6d16aa2fba933034e692e26e81fea4d8b008259aff4102fe8acf3807f3b016c24002daa15bb8778d7fef20f4ae1206d5a6e226f7336d4da5d4

C:\Users\Admin\AppData\Local\Temp\_MEI22402\_ssl.pyd

MD5 f9cc7385b4617df1ddf030f594f37323
SHA1 ebceec12e43bee669f586919a928a1fd93e23a97
SHA256 b093aa2e84a30790abeee82cf32a7c2209978d862451f1e0b0786c4d22833cb6
SHA512 3f362c8a7542212d455f1f187e24f63c6190e564ade0f24561e7e20375a1f15eb36bd8dce9fdaafdab1d6b348a1c6f7cddb9016e4f3535b49136550bc23454fb

C:\Users\Admin\AppData\Local\Temp\_MEI22402\_sqlite3.pyd

MD5 1a8fdc36f7138edcc84ee506c5ec9b92
SHA1 e5e2da357fe50a0927300e05c26a75267429db28
SHA256 8e4b9da9c95915e864c89856e2d7671cd888028578a623e761aeac2feca04882
SHA512 462a8f995afc4cf0e041515f0f68600dfd0b0b1402be7945d60e2157ffd4e476cf2ae9cdc8df9595f0fe876994182e3e43773785f79b20c6df08c8a8c47fffa0

C:\Users\Admin\AppData\Local\Temp\_MEI22402\_socket.pyd

MD5 1a34253aa7c77f9534561dc66ac5cf49
SHA1 fcd5e952f8038a16da6c3092183188d997e32fb9
SHA256 dc03d32f681634e682b02e9a60fdfce420db9f26754aefb9a58654a064dc0f9f
SHA512 ff9eeb4ede4b4dd75c67fab30d0dec462b8af9ca6adc1dcae58f0d169c55a98d85bb610b157f17077b8854ec15af4dfab2f0d47fa9bc463e5b2449979a50293a

C:\Users\Admin\AppData\Local\Temp\_MEI22402\_queue.pyd

MD5 347d6a8c2d48003301032546c140c145
SHA1 1a3eb60ad4f3da882a3fd1e4248662f21bd34193
SHA256 e71803913b57c49f4ce3416ec15dc8a9e5c14f8675209624e76cd71b0319b192
SHA512 b1fdb46b80bb4a39513685781d563a7d55377e43e071901930a13c3e852d0042a5302cd238ddf6ea4d35ceee5a613c96996bffad2da3862673a0d27e60ff2c06

C:\Users\Admin\AppData\Local\Temp\_MEI22402\_lzma.pyd

MD5 542eab18252d569c8abef7c58d303547
SHA1 05eff580466553f4687ae43acba8db3757c08151
SHA256 d2a7111feeaacac8b3a71727482565c46141cc7a5a3d837d8349166bea5054c9
SHA512 b7897b82f1aa9d5aa895c3de810dab1aa335fdf7223e4ff29b32340ad350d9be6b145f95a71c7bc7c88c8df77c3f04853ae4d6f0d5a289721fc1468ecba3f958

C:\Users\Admin\AppData\Local\Temp\_MEI22402\_hashlib.pyd

MD5 b227bf5d9fec25e2b36d416ccd943ca3
SHA1 4fae06f24a1b61e6594747ec934cbf06e7ec3773
SHA256 d42c3550e58b9aa34d58f709dc65dc4ee6eea83b651740822e10b0aa051df1d7
SHA512 c6d7c5a966c229c4c7042ef60015e3333dab86f83c230c97b8b1042231fdb2a581285a5a08c33ad0864c6bd82f5a3298964ab317736af8a43e7caa7669298c3e

C:\Users\Admin\AppData\Local\Temp\_MEI22402\_decimal.pyd

MD5 e3fb8bf23d857b1eb860923ccc47baa5
SHA1 46e9d5f746c047e1b2fefaaf8d3ec0f2c56c42f0
SHA256 7da13df1f416d3ffd32843c895948e460af4dc02cf05c521909555061ed108e3
SHA512 7b0a1fc00c14575b8f415fadc2078bebd157830887dc5b0c4414c8edfaf9fc4a65f58e5cceced11252ade4e627bf17979db397f4f0def9a908efb2eb68cd645c

C:\Users\Admin\AppData\Local\Temp\_MEI22402\_bz2.pyd

MD5 c413931b63def8c71374d7826fbf3ab4
SHA1 8b93087be080734db3399dc415cc5c875de857e2
SHA256 17bfa656cabf7ef75741003497a1c315b10237805ff171d44625a04c16532293
SHA512 7dc45e7e5ed35cc182de11a1b08c066918920a6879ff8e37b6bfbdd7d40bffa39ea4aca778aa8afb99c81a365c51187db046bceb938ce9ace0596f1cf746474f

C:\Users\Admin\AppData\Local\Temp\_MEI22402\unicodedata.pyd

MD5 8c42fcc013a1820f82667188e77be22d
SHA1 fba7e4e0f86619aaf2868cedd72149e56a5a87d4
SHA256 0e00b0e896457ecdc6ef85a8989888ccfbf05ebd8d8a1c493946a2f224b880c2
SHA512 3a028443747d04d05fdd3982bb18c52d1afee2915a90275264bf5db201bd4612090914c7568f870f0af7dfee850c554b3fec9d387334d53d03da6426601942b4

C:\Users\Admin\AppData\Local\Temp\_MEI22402\sqlite3.dll

MD5 dbc64142944210671cca9d449dab62e6
SHA1 a2a2098b04b1205ba221244be43b88d90688334c
SHA256 6e6b6f7df961c119692f6c1810fbfb7d40219ea4e5b2a98c413424cf02dce16c
SHA512 3bff546482b87190bb2a499204ab691532aa6f4b4463ab5c462574fc3583f9fc023c1147d84d76663e47292c2ffc1ed1cb11bdb03190e13b6aa432a1cef85c4b

C:\Users\Admin\AppData\Local\Temp\_MEI22402\select.pyd

MD5 45d5a749e3cd3c2de26a855b582373f6
SHA1 90bb8ac4495f239c07ec2090b935628a320b31fc
SHA256 2d15c2f311528440aa29934920fb0b015eaf8cbe3b3c9ad08a282a2d6ba68876
SHA512 c7a641d475a26712652a84b8423155ca347e0ec0155bd257c200225a64752453e4763b8885d8fb043b30e92ae023a501fff04777ba5cfe54da9a68071f25fbea

C:\Users\Admin\AppData\Local\Temp\_MEI22402\rarreg.key

MD5 4531984cad7dacf24c086830068c4abe
SHA1 fa7c8c46677af01a83cf652ef30ba39b2aae14c3
SHA256 58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211
SHA512 00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122

C:\Users\Admin\AppData\Local\Temp\_MEI22402\rar.exe

MD5 9c223575ae5b9544bc3d69ac6364f75e
SHA1 8a1cb5ee02c742e937febc57609ac312247ba386
SHA256 90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213
SHA512 57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09

C:\Users\Admin\AppData\Local\Temp\_MEI22402\libssl-3.dll

MD5 bf4a722ae2eae985bacc9d2117d90a6f
SHA1 3e29de32176d695d49c6b227ffd19b54abb521ef
SHA256 827fdb184fdcde9223d09274be780fe4fe8518c15c8fc217748ad5fd5ea0f147
SHA512 dd83b95967582152c7b5581121e6b69a07073e7a76fe87975742bb0fd7ecef7494ec940dba914364034cc4e3f623be98cc887677b65c208f14a2a9fc7497ca73

C:\Users\Admin\AppData\Local\Temp\_MEI22402\libcrypto-3.dll

MD5 78ebd9cb6709d939e4e0f2a6bbb80da9
SHA1 ea5d7307e781bc1fa0a2d098472e6ea639d87b73
SHA256 6a8c458e3d96f8dd3bf6d3cacc035e38edf7f127eee5563b51f8c8790ced0b3e
SHA512 b752769b3de4b78905b0326b5270091642ac89ff204e9e4d78670791a1fa211a54d777aeef59776c21f854c263add163adaef6a81b166190518cfaaf4e2e4122

C:\Users\Admin\AppData\Local\Temp\_MEI22402\blank.aes

MD5 922f95da5e45795ae8b28221654f26f6
SHA1 dfa0928ff66234e5eba44d08ea6e136596da1230
SHA256 e65f60d3db6f6ad652a81fb149be04b1c7a17f00777b33350e52a8810db68841
SHA512 3d58810228cab0d70a757f1b52d786938dcfab6cc281bf1a2b2cbe52af27b85f07578ac8830b42a77a227541e2a4d42f8c4bae7e83effe3cfc4a243b219823b1

memory/1744-48-0x00007FFE7F850000-0x00007FFE7F85F000-memory.dmp

memory/1744-47-0x00007FFE7F260000-0x00007FFE7F283000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI22402\libffi-8.dll

MD5 08b000c3d990bc018fcb91a1e175e06e
SHA1 bd0ce09bb3414d11c91316113c2becfff0862d0d
SHA256 135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece
SHA512 8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf

memory/1744-54-0x00007FFE7EA90000-0x00007FFE7EABD000-memory.dmp

memory/1744-56-0x00007FFE7F4D0000-0x00007FFE7F4E9000-memory.dmp

memory/1744-58-0x00007FFE7EA60000-0x00007FFE7EA83000-memory.dmp

memory/1744-60-0x00007FFE6E1F0000-0x00007FFE6E367000-memory.dmp

memory/1744-64-0x00007FFE7F840000-0x00007FFE7F84D000-memory.dmp

memory/1744-63-0x00007FFE7F030000-0x00007FFE7F049000-memory.dmp

memory/1744-66-0x00007FFE75220000-0x00007FFE75253000-memory.dmp

memory/1744-68-0x00007FFE6E120000-0x00007FFE6E1ED000-memory.dmp

memory/1744-71-0x00007FFE6E370000-0x00007FFE6E959000-memory.dmp

memory/1744-72-0x00007FFE6D670000-0x00007FFE6DB90000-memory.dmp

memory/1744-73-0x00000278B7C90000-0x00000278B81B0000-memory.dmp

memory/1744-76-0x00007FFE7EB50000-0x00007FFE7EB64000-memory.dmp

memory/1744-78-0x00007FFE7F250000-0x00007FFE7F25D000-memory.dmp

memory/1744-75-0x00007FFE7F260000-0x00007FFE7F283000-memory.dmp

memory/1744-81-0x00007FFE7EA60000-0x00007FFE7EA83000-memory.dmp

memory/1744-82-0x00007FFE6E000000-0x00007FFE6E11C000-memory.dmp

memory/1744-80-0x00007FFE7F4D0000-0x00007FFE7F4E9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_c3vp3pct.j1s.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4776-95-0x000001BC09650000-0x000001BC09672000-memory.dmp

memory/1744-115-0x00007FFE7F250000-0x00007FFE7F25D000-memory.dmp

memory/1744-114-0x00007FFE7EB50000-0x00007FFE7EB64000-memory.dmp

memory/1744-113-0x00007FFE6D670000-0x00007FFE6DB90000-memory.dmp

memory/1744-106-0x00007FFE7F4D0000-0x00007FFE7F4E9000-memory.dmp

memory/1744-104-0x00007FFE7F850000-0x00007FFE7F85F000-memory.dmp

memory/1744-112-0x00007FFE6E120000-0x00007FFE6E1ED000-memory.dmp

memory/1744-116-0x00007FFE6E000000-0x00007FFE6E11C000-memory.dmp

memory/1744-111-0x00007FFE75220000-0x00007FFE75253000-memory.dmp

memory/1744-110-0x00007FFE7F840000-0x00007FFE7F84D000-memory.dmp

memory/1744-109-0x00007FFE7F030000-0x00007FFE7F049000-memory.dmp

memory/1744-108-0x00007FFE6E1F0000-0x00007FFE6E367000-memory.dmp

memory/1744-107-0x00007FFE7EA60000-0x00007FFE7EA83000-memory.dmp

memory/1744-105-0x00007FFE7EA90000-0x00007FFE7EABD000-memory.dmp

memory/1744-103-0x00007FFE7F260000-0x00007FFE7F283000-memory.dmp

memory/1744-102-0x00007FFE6E370000-0x00007FFE6E959000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI22402\blank.aes

MD5 fbddc72cdbf613e60c76025389aad128
SHA1 be8ddda6f6285f5fed049763493426f189646e28
SHA256 c35c8529040c1a7356a8eb5c235f0f39107e74285d957d2d03f47e0dfbcbe88c
SHA512 d4f2e5989a7709eb265c2194d431cd507431da76587127688c8c0e2a184841743a909a2728d7c3d4368133b2d40566125d9e8bde23d859d6e16358329c28fd28

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 d85ba6ff808d9e5444a4b369f5bc2730
SHA1 31aa9d96590fff6981b315e0b391b575e4c0804a
SHA256 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA512 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 62623d22bd9e037191765d5083ce16a3
SHA1 4a07da6872672f715a4780513d95ed8ddeefd259
SHA256 95d79fd575bbd21540e378fcbc1cd00d16f51af62ce15bae7080bb72c24e2010
SHA512 9a448b7a0d867466c2ea04ab84d2a9485d5fd20ab53b2b854f491831ee3f1d781b94d2635f7b0b35cb9f2d373cd52c67570879a56a42ed66bc9db06962ed4992

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

MD5 7a0fa32b474481809b39feaa74167e33
SHA1 ab4fe53d978ac0e9d6ea9ee5ae14ffe62286de75
SHA256 bf5e4c24a8179f7ea831f3c32349a84f1d4d97c64b58c107796be15662349ef1
SHA512 809aac0bcaa71ed1b085b76b74a75971478e25ffacfc622ccf1ac08b8fffee8f9ded50d52366ba0ba1c2058cfe31a01c70207b7407e206308c86fcb68e5dec0b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\838859c7-d5c0-410c-a04b-41215d7e13d9

MD5 552e88de63ef8e333d882e222119af7d
SHA1 43d3d4253b00a07ec31ebaa820de482a55e81992
SHA256 6888b87201b815dd0b70753267de22ef22ce56fc6268949c707d6d643334fcae
SHA512 2d7c6be8f1398263f51cd3fcca2d839db2b2b6e474881ec1eecbf397b99373f9aae5f7a041d69419d8c76f83df38cf28112dd66697fbcce44f4cbeb6e6cf2986

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\26a3d0c1-c5fe-4587-a227-40ff5a7f04a3

MD5 085a54f22d096e6b52f63ce2112888cb
SHA1 054aeabdb917c52e766e41045ee99fa950aa5c2b
SHA256 a6a01487472432c2b0151c89461872efb58acfe6cb48416a822b97c60fef7b5d
SHA512 a296f3eb8e4041ba1171e25be32b092e4de173daf12aa37a563b2238f516b8361f7d2aba8b1a1ea828e9fe4276917e60fab81d70a67440c41b84b6ecafc67d6c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 b1b4edfb1cda65a29a509678162ddb77
SHA1 477c5ac1dfb59926d98e70dde3811a1359478642
SHA256 f281dfbd6d852b027a64fd6dba43c5af40260b834da9cf53b3c9e5cd46780795
SHA512 6b11edcfe32133e1a1f816dd30cab940b5516e5a96310ebb72ea745c2666a3c5474817e466a2615e0d1a5d57a2de01fbe735a35777b4f065f08670f5a29f56f3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 7665b1a6ac20ba612521c092f26739fc
SHA1 42f6885388bec4434fc26af7da24bb4f364bfa08
SHA256 95fe34a4aa494485e232958d027a31e4619e6ac9e5d1f7dee282d0ae92c88b79
SHA512 9c97fb6a8a0e10eae0d7b2c55feb5fd9a226d510977e48a6d224e7f3368859818b94cb6a1c51fbb301a359ef2643e79c713d4b33eb6f4173ffde73e437bb1105

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 03994b88bdc9e598d88f9273dfec8e0e
SHA1 9c4d73dc30e024c6884167494d36edc072a59cc6
SHA256 51f2123c825c0e1071fa87a6d9e6cf057b9829be2092ba1277681ce095dd270e
SHA512 17741d2e38e8a695c7b10ad67bf390d5ce515136ccf2e7445aa705d427c2f05213ce83cfa333651971759e49bebd2d70b3fd3535b17008328f69cf3a04c407a0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3d61398b25cfbd0cf2ef197a52665699
SHA1 4738ae19a7f6f29972d0056c7995aaf4d65ad9b7
SHA256 fed0ab616419bffecf3e478b0da70674cd3d0d266f15a8e4c46c298257ab5a7e
SHA512 d866b1caf7698d80fdb1e8b5d8519f892a5ae2e404d100d481ae87ac81ea4f45f9de0cba19764d6ad4af81ab9ce4f0d9b05c3571fede867bb3a5791a11b60191

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7f827df82c0cedccde7ac233b9d4f956
SHA1 5a7b77f2ab23ff16c09ad515c297cc972e1e5e89
SHA256 6ed026fbc000719805b83c9a90bafaa519d2b308dcdae878a8fa127d21300210
SHA512 f444027262e7ccfda7732a34571595d14bf077ccb76b61caff4e7e6557f043f964cffb28525424109b3271b74de1775925cd679d0dfcef30469132b665dfb306

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 83a27231dd6ef6bfdd600c5b00436abc
SHA1 0f1e43a2389d90080eff68301b99014140693da1
SHA256 fffcf57c88c0f1a4f3ae0410f286a338eda17bb015d2118b36e32bf9a2142794
SHA512 bf8e734c6e34e7dae0216a14f0179127c43782bf5ed59925edd4e64be0063db86ed434ff1b975143a5f5dadfce999dfff3185024faea7efa68625a841c166411

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 82d86e97facdb9d9c11dc990ea65da9d
SHA1 71af5f1cee51f315c33c904ab7de9056b5093dea
SHA256 bafe1b7ae8213c24ab734a25fb305ec4f2729e3c16e4448561605216d2621787
SHA512 d5a48af671c1b8fa1d65099ca44890849e6bf813e3a6db88fbd06fa21c081d647d5903c2fdaa969c1d0c8cddf6c8ab60827ab61276de1d8f6464b5663dd712a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 57b291c8f0c010df4bcffda6e92de2b0
SHA1 6c3383a59328985c467c9cd709d7c2b106a5455d
SHA256 f08c0f5e3645690bc7c55a3570b14187123ff3e67a7f20ed3c4f2d9ce5c987ad
SHA512 e7cfc20a63586da31127b9aedc1bba657e424cc8b224a7b283b0f5c3815e282eb8b780f34e37fd5d6314a09c302e46bdb2f12890d65c95358c8e873f384ad893

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\29641

MD5 cf8a619d4c242e29eac6a1160c4dcb3e
SHA1 f435cc783e18454a9ad498d086314474e8ed2e7b
SHA256 1f5715bb141358243035a2e9800b0e178b912a8e13e9f22de319410ea04d8737
SHA512 0545da1ca2c7d506300a9caee091eaed80d252a7d355174e4dc95a0ba94ca3dbb1c2ff1800dd6bebe6c29d2203ca794c3cdb7e6be15ee2618df863f644a01326

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0f8c46abcc9c9a20c000c751cde0f4be
SHA1 f316965411918fbbdb9fd9943f983f3715d78056
SHA256 c7c1a79c374106d77ed4f807fd4a22f78b36e3fbe38eaee93d02b90f1d02966a
SHA512 ff7726d58fde88a381d046e1c7c6b32e18960112e05488a777a0061a7d815fb32be06e010be55b665fc9a8cd1737ea980f7910d7cfc6241046dbcc9beda7ba28

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 431e362fc8e31d58c0a1ce9c6cbf7fad
SHA1 ab4e0a386e0ada2be8f8eb924aa182aa02381227
SHA256 82adb5f135ff73fc83e368023b7b8f8b27e03a20dd9e65d3cb784e0f96928e29
SHA512 d2f2b5052317bdc8c42ab315c8627f0ca08cf3774bc87a44d97cf5b9618d9603d9bab4561fe63e6b3c1271595d3dfeb63e6410b80b4316199d4da3f5dd1e0fad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\29945

MD5 5b14f577e1a1e9afa5745b83512fcfac
SHA1 5a4dc86796e6734d03764ab7625834c52dd90b42
SHA256 e18c22855b6dcae1d470fd05ca19364050b8c64ecbb67ea79a5aaacd1d9a6395
SHA512 94619bf8f96c3fbef37a93fa541945fb05ba4c6b0b891f346d3b7f57dd82bc124e30654c35eda4c2624b088ac194dd6461593eabe92dbe92379b053fbe8d24c8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\26613

MD5 2f721ab9f2d972479aeb2144f7512fa6
SHA1 0b9fd6bab476ece1782fbc54ecd210b59f151e2c
SHA256 d2322d37de7ed5fb2a7750e8739eb6337a2e2926ba5247d3e58f83ff3045cb55
SHA512 062b0b4943e068713f82f6ac01b4356c5c85a2e58b0e89c00937fa155e31b5c86a912a4ffd552be721d10a4a680641ae15708c5ccdcfa5cdeb9328b420bfaf57

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 84efd7af04ce9f2895e35c4c828ef524
SHA1 8aea08848544623ca636c95228e91813989ba9ad
SHA256 258d1eac7cce5665808ab179cdb6e2720c5e7efa9ebde5010e21e6c9b0bc3938
SHA512 279f06224640db980a04dbf9a7fe9b30a289f784f97e129cdb1f03cb920e6e260aac04af9ca6897c893e4d6c3982bfc0d9fca2f014c59a8573c8092a3e1ee371

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7e69f1b294be1834865d5d9d467c7b1b
SHA1 0f7010dd1d92a899ec499afbc8233ae78c9ed6fb
SHA256 a28a36e3fcbb98a5adcfdb266fe9e14b8d4ce81aee96036c175c7d3f454c025a
SHA512 70de78ac5ef3dcf59d8e3c50215d009a7c1a1d55dc1356f25282b7dcabf1f287ef0b0db9e398e249f4dc4cd2ae8637478091849e779b26da399b3bbc4a66dd70

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

MD5 1fa29e9aa1904679b174692adc4f3027
SHA1 f2c1cba424a6bc1b0f474d398aa29ff90a6c87ad
SHA256 b3cfb03bc163aa23696e673e9bdbd97864277715b522efc88f9313275cfe99d9
SHA512 a830003b6f0c6aebde1e017caf8670628e6c6eb77dcd903274f010800b74d2927ea406775cc0bb4892a5f49196f01c1f4e2d3f009ba9dabdb9593ac567e0474f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\F7CB1A1471C551B15E6459B8B52A34B2CB1A2CEC

MD5 455b9025243260d87b829120c2676a74
SHA1 011794fcf022afecdaa918fb3a10d4ae962ec4e6
SHA256 ddad848db28d887ad20cb24f3b9049c4a8fc260318c0cbbae0b5f256f43f9692
SHA512 88082314b8e21f1438a693077534960bdd00dd8cc24f825083a4d368b70989bf7be30754fb0ea7edb0abcbfdc554925e80c795b63cf8f27ac9e5731dc2db8818

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\1931

MD5 ead9d6fc61d2fa9fcfa03e07b7ec98df
SHA1 b3474722b46f6e6cd9e6f8686da8cc48d8239e23
SHA256 28a3518b464835eff70ab95631db84de1cf86f4de4f7208d5682aa736ca7bcd4
SHA512 31b0e998f8b8bb396d31ca6576ea5a61116c387c9f0da9eeaab226ccc4bd6c91920aa31b71bceab9b220ac49b3a742bdff19235bff8e7f03897e5b6ecaaaad9e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\13871

MD5 8fb659496f4195f95f6a32a1fc85b19c
SHA1 770e11c363d205dc06459639da4f66e16b5878ba
SHA256 e068470d8dca027b355611bc35f4a1cccf7f84b0c3050cd048b5d65831e26dfd
SHA512 50c97baa79a12374fd449bb0086e38ca83efd6a72e60f7e28f888398d8c0ff5e776905250ae9b4151956a37d985743b086e458c8598cda57ca401a907c67e2b7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\32006

MD5 69407ebaa98c5143f91aa1136f4fad56
SHA1 ba11f2420d5c1c89f420bf8892250421012e1baa
SHA256 a09a4b57b68e4cf386276a6a60986a48b0a89699e2b19712429c2261237c9bae
SHA512 8867130048dcd141e60ef35b7a66846ddab558feaf68833ceee2b604afff02271946ab01d5d2915a9c5acc858aa95b09bd78d85ceef6b8df2cc3a4a3e2546022

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2171031483YattIedMb.sqlite

MD5 dd2073599dffeafc2eb363e3e5c65de5
SHA1 eb5dbd5929577c8ab6e121bb0c3ec8076d883f21
SHA256 ec08edf1b1e5b544369229ce0dcde1dfda05b63f06e0b47a0a7f2c93b02f530a
SHA512 f15bb5fc2695e9059bcfc6dc8cd5b18fedbf91b8bf7d0ae61916b7465cb9d6320f459662965a984c0ec14359058d9b2d95e17d4b47a31edbf824bbe47b2cb345

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e656a71e143e23c6ab8dfdc4aa50b3e8
SHA1 145da86e45ff402782780c9b05a19da275dad829
SHA256 8bfa74b1bca8a20cb36767d616d533eda62775bf0126dc6c2042f179437ab7ac
SHA512 56ca35ff9ef8e34f7bc28583b8143e2e1847038751f691000fd4cf55b3999ed13b64aa2eb515d1475f375ee12aa15aa7f325f4eda633e035a9b651a538fc303d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\E9BEC073147047EA8C760B036BF12413005CB4C3

MD5 e050a099918db15ee7267d6370e61d18
SHA1 c2dddb2d3ff2ad1944ae3334e8d53a2398dda4c8
SHA256 7ba57e13fa9d3ce0aa822544860f98f1d9d37beffaa713ae19c389a98b52ced5
SHA512 202bb7644d122ce9c28253279832e913ebc80366b79666739523de64cd132ba793c1f0eeef714c5eb5d71321621d51ff745f0dbf64f4b7acb036e0dce872fb18

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\88D2DD145122466A8C6F39785D5A392BF5E86A0D

MD5 5fe090518e57532da398e1b4558bd56a
SHA1 10313bbfae0c77c2f4cf148dfa77c72700819850
SHA256 51d738978627157b107a4cd1d64aa2cce43774b62fae5dce4ba7b5882373fb89
SHA512 f4de41e1a1fe841e9d2da59d56ccee0ff30bd573c49bc517c15a968167cba8dfcd4ebdfd46d7d9d37d070cda68f960c458a21af08bd22c2fc549733e27988c22

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\14021B4F90C64F8926972A07525D347801137726

MD5 b98e405446f1a13ad79aa0798b8f9c7b
SHA1 24722e967098a0b968a6453aa75067b05302c28d
SHA256 f1782c1a853bccb8d1421a53c3410c475981ffea45994c2a12249b25c6a67ab2
SHA512 7a594cd2af67c91e40af3ebedac655b210f86ec5adf5d074f1f0d598ab14e7e8ef33dd837462acea2dbf007e0ee703f8e11cf7b1288c875bc4a97085bd7bd1e0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\1995068FCC2F18290C959877CE6C5870F9D99980

MD5 4ac496c56d086e91a141167f5a5320b1
SHA1 3a4ae7619a0b9fa6e71b42c11643d68a84face99
SHA256 49cc1f69eb8be2805ff7685aa86eae7dedc8f873f777b5e2f3b7f1d6c4ddc042
SHA512 470209dbf726b245f288aea61d9901b6e7a769db927f16bd124f8940d736737548d06258652d395d0d23791f292ae79c85ca1591950de2290a12b4e04a9f1df5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\A0D91930D3248D88263AC1A5FE6FAC60DE487747

MD5 535f2ffd32403e00fddedbb6cc3eadb9
SHA1 b5e3a3dc2542c0945d8adb81cf1c6c71f2c3a1b8
SHA256 eee4c9a9c8b74ccb20aed2a76b0499713f33aa68ecc5029598bbec4a57d20b37
SHA512 787046c5536a9d5033bc5f95c3d4e9e4d08c149084cd0eb078b15614ee152d2b376ea15ffd438a0a64a03d04ae84d5de552db0e0768d07d378d930ed3b0289c8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\D35C09500437DD22D7C72D16F29F6C78D8E3C45D

MD5 60651efd9881f23e0105467eb7f42770
SHA1 e1ef4149453b362f970a0d5538153b90d9eee0ee
SHA256 9bccf71d27fc756f52aff14155faf759c6910b11db986fd677698743b0edeb7e
SHA512 62be9bf7fa7c54520610274e3494c3cb9b8a96084a9f555b3fb70c4da734b45baa668235e9f07966630641a8fa755e9a730c9e685cb6efed271c3ae891dcb597

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\6892374BB272FCC776A8FA75D87ACF2F24428FFF

MD5 630d1495e88e5d88a4c5715852fa5526
SHA1 da3f5d9eb29f4458684d1a320efafb7389ad84e0
SHA256 45e537ed3d127a77bc911b3ab26af8d36225b7a156ef495da6dbf3a8c0740025
SHA512 409cf0bcf2e79ee96825cf86d3ea6e6e32740c172b068c76e0afddcdf60136ed06460ee5dfe7e52107e0b7b48f363ab2ec061f6af8493de0eb145dc2e51cb48e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\F63C822E7AAFC0ED25190A22B0F0D8103B08D6BD

MD5 6ec23a83bac5766cec611ca3d1539432
SHA1 c834a1583fc4e1933f734f66103be677c6c9d530
SHA256 4ee037c900cf70f99f9637012fdb3bfb1b6cbfd1207f30e9fb3bcfb2d646b11e
SHA512 11895560c3d728139fb54eb80930077ad08fc43aa363ce07e9855d43095e66ac06c11e0955371fc8820561f4be4a3f5e1a83d5807cff1cc3b8032aff719bd4bf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\D964636302D374DC68C4DCA2362B6B75D9DB1ADD

MD5 bc7255c916403483260b428a76453f0c
SHA1 b445fd68c049f9518c8651e7c551d30701c011aa
SHA256 99f9b6e39fd7941a56f8a45ae1e90e0b9b548c96a487ac905040b8391ae7022a
SHA512 430c0b93325a156056daa300fc65d33c21112763b6f7d49399f0ffb6b23f3561237d0d3a6ebbf823afff4cf9e958559447007cdec64f744bb28c0a0611c4f1e7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\91F31F756AA32DC0823EC30502996894D0DBC749

MD5 59cc9bfdd357b588814a149dd78c5b10
SHA1 9128fad0f283ff70e5d610223de5aa70d3a0d286
SHA256 a656183e0c4cc5f41db3eddfaee2c4916e1e5d2ceb86d90583bd62134c26eafb
SHA512 b68a05d267dccb8bf923b2858cb9d21ab89aa9e3354d4c4b28e4cd195eea35a2c06764e5c2bd62f2c4f0d8c4890dcd6a7b645840878d13d53cb97d193ed74665

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\44836238049E96471D6554497813EF38374771D5

MD5 e5200888928aa0641f6a07caf439fea4
SHA1 cf08f06b142431b2642a81c72da3b8fe1f77aa52
SHA256 669819bfbdd33274e54426cce841286238a4cf58adc511e170066eace5fae6b8
SHA512 b6ce7fa16a76c077f09c4c5e6ef5d9d424ab00e648b9ccd9931202a38f6c4d0fbacf2d340e44557024080a91f37306dceb40e582a6d2c2c6b8081a0cfe778bae

C:\Users\Admin\Downloads\SolaraV2.VwBFZ47Y.83.zip.part

MD5 d355febbfef826b3eb49d2594dc4bb59
SHA1 4796a132b59210acfa5a2eaeb93478a006da6e46
SHA256 76359f5ec0f6c8916ba4e07df1353b2a47c0979da198876de2348f1bc0ba6d4b
SHA512 fdb8dc664598862c85380b2def030b800ff153afff1138bad121cb8f8c3512849ad24c4e2098ec18a85b47caf5321ce289a557c871df195238891241d32c9492

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

MD5 f5d4bfe05c8e556c1f58c68f771c2157
SHA1 4a34989b062f9312b106431564fcefb3b2747c8a
SHA256 1caa000f40382a96b01634749d58cb3f84bc8f62ea106516272c947694734bb6
SHA512 ed0bfae4388b3e0d4f52aa07537dcea731f7dbb18d4f8646ef0eb5fd98a57fbee06af55b94d98561c9c889b02efa9277c01bbb910e6c13b6c024e59e637753f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1799ce79f194ab68369a5a96de730870
SHA1 8e8833cbf1c27701fbacd279bb26ebd71ed51f11
SHA256 5476daa51e37625951b06e924d834ac4875cb3ef3f6aa780fcd92b5d0199ac24
SHA512 8301121b1262b1a1db6692538e95e7d934ef10b0b653c1f4bd38eef22918a22ff2e414a809a2a72e7a49f85155bd0332cfbcb46699dcf80e791c9569160bf1aa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 3dbc095d0b01c912710b3591ec9bf60d
SHA1 21560a1949d1c62eb0d7ce473a5297e8069e51cb
SHA256 fc7c34e48cbd577ae9a8bd82993d627f13f2154605237bbd1e2c41ed53b7541c
SHA512 d61411c7e49bab2b4888722de8121098003c4760671e990144e25141f142e4c104d45a5aeb136f33afd3d9659a09730549d931ba3b00771d2035a8c52ac24b4e

memory/1216-1201-0x00007FFE6E0C0000-0x00007FFE6E6A9000-memory.dmp

memory/1216-1207-0x00007FFE7EB50000-0x00007FFE7EB73000-memory.dmp

memory/1216-1222-0x00007FFE7F4D0000-0x00007FFE7F4DF000-memory.dmp

memory/1216-1227-0x00007FFE86700000-0x00007FFE8672D000-memory.dmp

memory/1216-1228-0x00007FFE866E0000-0x00007FFE866F9000-memory.dmp

memory/1216-1229-0x00007FFE866B0000-0x00007FFE866D3000-memory.dmp

memory/1216-1230-0x00007FFE6B3F0000-0x00007FFE6B567000-memory.dmp

memory/1216-1231-0x00007FFE86690000-0x00007FFE866A9000-memory.dmp

memory/1216-1232-0x00007FFE86680000-0x00007FFE8668D000-memory.dmp

memory/1216-1233-0x00007FFE7E180000-0x00007FFE7E1B3000-memory.dmp

memory/1216-1234-0x00007FFE6B320000-0x00007FFE6B3ED000-memory.dmp

memory/1216-1235-0x00007FFE6E0C0000-0x00007FFE6E6A9000-memory.dmp

memory/1216-1236-0x0000022D4C7F0000-0x0000022D4CD10000-memory.dmp

memory/1216-1237-0x00007FFE6AE00000-0x00007FFE6B320000-memory.dmp

memory/1216-1239-0x00007FFE7EA40000-0x00007FFE7EA54000-memory.dmp

memory/1216-1238-0x00007FFE7EB50000-0x00007FFE7EB73000-memory.dmp

memory/1216-1241-0x00007FFE6ACE0000-0x00007FFE6ADFC000-memory.dmp

memory/1216-1240-0x00007FFE7F230000-0x00007FFE7F23D000-memory.dmp

memory/1216-1276-0x00007FFE6ACE0000-0x00007FFE6ADFC000-memory.dmp

memory/1216-1273-0x00007FFE6AE00000-0x00007FFE6B320000-memory.dmp

memory/1216-1262-0x00007FFE6E0C0000-0x00007FFE6E6A9000-memory.dmp

memory/1216-1275-0x00007FFE7F230000-0x00007FFE7F23D000-memory.dmp

memory/1216-1274-0x00007FFE7EA40000-0x00007FFE7EA54000-memory.dmp

memory/1216-1268-0x00007FFE6B3F0000-0x00007FFE6B567000-memory.dmp

memory/1216-1272-0x00007FFE6B320000-0x00007FFE6B3ED000-memory.dmp

memory/1216-1271-0x00007FFE7E180000-0x00007FFE7E1B3000-memory.dmp

memory/1216-1270-0x00007FFE86680000-0x00007FFE8668D000-memory.dmp

memory/1216-1269-0x00007FFE86690000-0x00007FFE866A9000-memory.dmp

memory/1216-1267-0x00007FFE866B0000-0x00007FFE866D3000-memory.dmp

memory/1216-1265-0x00007FFE86700000-0x00007FFE8672D000-memory.dmp

memory/1216-1266-0x00007FFE866E0000-0x00007FFE866F9000-memory.dmp

memory/1216-1264-0x00007FFE7F4D0000-0x00007FFE7F4DF000-memory.dmp

memory/1216-1263-0x00007FFE7EB50000-0x00007FFE7EB73000-memory.dmp

memory/3668-1301-0x00007FFE6E0C0000-0x00007FFE6E6A9000-memory.dmp

memory/3668-1302-0x00007FFE866E0000-0x00007FFE86703000-memory.dmp

memory/3668-1303-0x00007FFE866D0000-0x00007FFE866DF000-memory.dmp

memory/3668-1308-0x00007FFE866A0000-0x00007FFE866CD000-memory.dmp

memory/3668-1309-0x00007FFE86680000-0x00007FFE86699000-memory.dmp

memory/3668-1310-0x00007FFE7EB50000-0x00007FFE7EB73000-memory.dmp

memory/3668-1311-0x00007FFE6B3F0000-0x00007FFE6B567000-memory.dmp

memory/3668-1312-0x00007FFE7F030000-0x00007FFE7F049000-memory.dmp

memory/3668-1313-0x00007FFE7F4D0000-0x00007FFE7F4DD000-memory.dmp

memory/3668-1314-0x00007FFE6E0C0000-0x00007FFE6E6A9000-memory.dmp

memory/3668-1316-0x00000230CE510000-0x00000230CEA30000-memory.dmp

memory/3668-1315-0x00007FFE866E0000-0x00007FFE86703000-memory.dmp

memory/3668-1317-0x00007FFE6AE00000-0x00007FFE6B320000-memory.dmp

memory/3668-1318-0x00007FFE7EA40000-0x00007FFE7EA54000-memory.dmp

memory/3668-1320-0x00007FFE7F230000-0x00007FFE7F23D000-memory.dmp

memory/3668-1319-0x00007FFE86680000-0x00007FFE86699000-memory.dmp

memory/3668-1322-0x00007FFE6ACE0000-0x00007FFE6ADFC000-memory.dmp

memory/3668-1321-0x00007FFE7EB50000-0x00007FFE7EB73000-memory.dmp

memory/3668-1352-0x00007FFE6AE00000-0x00007FFE6B320000-memory.dmp

memory/3668-1356-0x00007FFE6E0C0000-0x00007FFE6E6A9000-memory.dmp

memory/3668-1355-0x00007FFE6ACE0000-0x00007FFE6ADFC000-memory.dmp

memory/3668-1354-0x00007FFE7F230000-0x00007FFE7F23D000-memory.dmp

memory/3668-1353-0x00007FFE7EA40000-0x00007FFE7EA54000-memory.dmp

memory/3668-1351-0x00007FFE6B320000-0x00007FFE6B3ED000-memory.dmp

memory/3668-1350-0x00007FFE7E180000-0x00007FFE7E1B3000-memory.dmp

memory/3668-1349-0x00007FFE7F4D0000-0x00007FFE7F4DD000-memory.dmp

memory/3668-1348-0x00007FFE7F030000-0x00007FFE7F049000-memory.dmp

memory/3668-1347-0x00007FFE6B3F0000-0x00007FFE6B567000-memory.dmp

memory/3668-1346-0x00007FFE7EB50000-0x00007FFE7EB73000-memory.dmp

memory/3668-1345-0x00007FFE86680000-0x00007FFE86699000-memory.dmp

memory/3668-1344-0x00007FFE866A0000-0x00007FFE866CD000-memory.dmp

memory/3668-1343-0x00007FFE866D0000-0x00007FFE866DF000-memory.dmp

memory/3668-1342-0x00007FFE866E0000-0x00007FFE86703000-memory.dmp

memory/4484-1359-0x000002093B930000-0x000002093B931000-memory.dmp

memory/4484-1361-0x000002093B930000-0x000002093B931000-memory.dmp

memory/4484-1360-0x000002093B930000-0x000002093B931000-memory.dmp

memory/4484-1369-0x000002093B930000-0x000002093B931000-memory.dmp

memory/4484-1371-0x000002093B930000-0x000002093B931000-memory.dmp

memory/4484-1370-0x000002093B930000-0x000002093B931000-memory.dmp

memory/4484-1368-0x000002093B930000-0x000002093B931000-memory.dmp

memory/4484-1367-0x000002093B930000-0x000002093B931000-memory.dmp

memory/4484-1366-0x000002093B930000-0x000002093B931000-memory.dmp

memory/4484-1365-0x000002093B930000-0x000002093B931000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 7b5ec26320ea4fd70fe995e5d135e3bc
SHA1 b270744a84c4ca48eade454e8bbf99bd259f01b6
SHA256 4efe1b3f7d99d21a5a6dde4a1f8c9054ce86d9f4dcaf79352b2a6c636a70df55
SHA512 646652183b763166abc15d3e43511b9091e3d139858cf31d6279f3c319b2fd01c019c32e13a49570723205255d09201dc59af2725d8508771bd3e5e5fa5903d3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 43835bad18f3719d7842f4f0e874e931
SHA1 f6488b0cc576bb304272a00d0020d1ee7a69e6d9
SHA256 081678d2ee2bc08364cc4c492dea7693d3b47c4247645e06c82e355d69d9545f
SHA512 d2fa580b69af3856de8641d83886ba76b6d00b39ad5ea2588213d7798533a573e8fdf5bd28f07124422b0af89dbaa7e133598662f195bf5ed897ebd4091f1c6f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\jumpListCache\KIzaIdOTzwmHGz5T2V_mQQ==.ico

MD5 6b120367fa9e50d6f91f30601ee58bb3
SHA1 9a32726e2496f78ef54f91954836b31b9a0faa50
SHA256 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0
SHA512 c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

memory/700-1407-0x00007FFE6AF80000-0x00007FFE6B569000-memory.dmp

memory/700-1409-0x00007FFE86690000-0x00007FFE8669F000-memory.dmp

memory/700-1408-0x00007FFE7EB50000-0x00007FFE7EB73000-memory.dmp

memory/700-1414-0x00007FFE7EA30000-0x00007FFE7EA5D000-memory.dmp

memory/700-1415-0x00007FFE7F030000-0x00007FFE7F049000-memory.dmp

memory/700-1416-0x00007FFE7E190000-0x00007FFE7E1B3000-memory.dmp

memory/700-1417-0x00007FFE6E190000-0x00007FFE6E307000-memory.dmp

memory/700-1418-0x00007FFE7E170000-0x00007FFE7E189000-memory.dmp

memory/700-1419-0x00007FFE86680000-0x00007FFE8668D000-memory.dmp