hxxps://github[.]com/PocketN/Solara/releases/download/Solara/Solara[.]ND[.]zip

Analysis

max time kernel
39s
max time network
41s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 04:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/PocketN/Solara/releases/download/Solara/Solara.ND.zip

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
5556	BootstrapperV1.15.exe
5948	BootstrapperV1.15.exe
5652	BootstrapperV1.15.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
129	pastebin.com
71	pastebin.com
72	pastebin.com
75	raw.githubusercontent.com
76	raw.githubusercontent.com
81	pastebin.com

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperV1.11.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Solara.ND.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	1032	BootstrapperV1.11.exe
Token: SeDebugPrivilege	5556	BootstrapperV1.15.exe
Token: SeDebugPrivilege	5948	BootstrapperV1.15.exe
Token: SeDebugPrivilege	5652	BootstrapperV1.15.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 4872	2744	firefox.exe	90
PID 2744 wrote to memory of 4872	2744	firefox.exe	90
PID 2744 wrote to memory of 4872	2744	firefox.exe	90
PID 2744 wrote to memory of 4872	2744	firefox.exe	90
PID 2744 wrote to memory of 4872	2744	firefox.exe	90
PID 2744 wrote to memory of 4872	2744	firefox.exe	90
PID 2744 wrote to memory of 4872	2744	firefox.exe	90
PID 2744 wrote to memory of 4872	2744	firefox.exe	90
PID 2744 wrote to memory of 4872	2744	firefox.exe	90
PID 2744 wrote to memory of 4872	2744	firefox.exe	90
PID 2744 wrote to memory of 4872	2744	firefox.exe	90
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4256	4872	firefox.exe	91
PID 4872 wrote to memory of 4332	4872	firefox.exe	92
PID 4872 wrote to memory of 4332	4872	firefox.exe	92
PID 4872 wrote to memory of 4332	4872	firefox.exe	92
PID 4872 wrote to memory of 4332	4872	firefox.exe	92
PID 4872 wrote to memory of 4332	4872	firefox.exe	92
PID 4872 wrote to memory of 4332	4872	firefox.exe	92
PID 4872 wrote to memory of 4332	4872	firefox.exe	92
PID 4872 wrote to memory of 4332	4872	firefox.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/PocketN/Solara/releases/download/Solara/Solara.ND.zip"
1⤵
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/PocketN/Solara/releases/download/Solara/Solara.ND.zip
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1948 -prefMapHandle 1940 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57b83c1c-6fb3-4068-85a3-7cefaad3f5f5} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" gpu
    3⤵
    PID:4256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2484 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3d2cdde-5b92-4df2-9e98-37509b49985b} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" socket
    3⤵
    PID:4332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3044 -childID 1 -isForBrowser -prefsHandle 2856 -prefMapHandle 2968 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d0aae1b-1848-4499-a584-2f3aa4ed8309} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab
    3⤵
    PID:1324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3716 -childID 2 -isForBrowser -prefsHandle 3712 -prefMapHandle 3708 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43eea82a-5dc3-438b-9e55-7ddacddc85c4} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab
    3⤵
    PID:4640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4692 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4708 -prefMapHandle 4704 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e4eb7ff-9724-4840-aead-187cc885642f} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" utility
    3⤵
    - Checks processor information in registry
    PID:5168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5756 -childID 3 -isForBrowser -prefsHandle 5732 -prefMapHandle 5740 -prefsLen 27171 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00337a8b-7268-49c7-b71f-ff9bb03bcc11} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab
    3⤵
    PID:5932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5916 -childID 4 -isForBrowser -prefsHandle 5872 -prefMapHandle 5868 -prefsLen 27171 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {276d1a3e-7caa-441e-ac1a-77d4834f38b1} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab
    3⤵
    PID:5956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6076 -childID 5 -isForBrowser -prefsHandle 6084 -prefMapHandle 6088 -prefsLen 27171 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49cd1d6a-ad1d-4c02-af89-216d3628d034} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab
    3⤵
    PID:5968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4164,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=4512 /prefetch:8
1⤵
PID:3600

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3728

C:\Users\Admin\Downloads\Solara.ND\Solara\BootstrapperV1.11.exe
"C:\Users\Admin\Downloads\Solara.ND\Solara\BootstrapperV1.11.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1032
- C:\Users\Admin\Downloads\Solara.ND\Solara\BootstrapperV1.15.exe
  "C:\Users\Admin\Downloads\Solara.ND\Solara\BootstrapperV1.15.exe" --oldBootstrapper "C:\Users\Admin\Downloads\Solara.ND\Solara\BootstrapperV1.11.exe" --isUpdate true
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5556

C:\Users\Admin\Downloads\Solara.ND\Solara\BootstrapperV1.15.exe
"C:\Users\Admin\Downloads\Solara.ND\Solara\BootstrapperV1.15.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5948

C:\Users\Admin\Downloads\Solara.ND\Solara\BootstrapperV1.15.exe
"C:\Users\Admin\Downloads\Solara.ND\Solara\BootstrapperV1.15.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BootstrapperV1.15.exe.log

Filesize
1KB

MD5
165bccf3bb1841eaf1a73ff52d65f59e

SHA1
8450f78886ff5ee9f0a1590582ed455624ae7eca

SHA256
d063952c091e25214469458e65b33da9ef9b413ede9cc2b8a5c28970bb1a5b69

SHA512
519d9ffd811bea83a16c234e25172ea186932c45b7004a309d536d0b3b465cc9c3409afc0fdf481fa215a395e305bbb5f2e209f6e0139875d710f23ff38fd5a4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
af1e011d30131cf52b6d134f1f46a15b

SHA1
90b75fb4c88c391accf876791d45421f7458a212

SHA256
93f9a8b36ab89f9af1bc38ea14be21376f533a04fd4476f872a806b05eba5a02

SHA512
28008696c12f0a7d042dd4da3688edb30ccc5784289e82b099ae63a6bf0c3e85173926700d66761b258bb54b84dfa3dc397bd6729d0b46f387410893d9ad461e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
5382bac7b94ca4e4aef104897c87fe52

SHA1
cef6d4fd01c8d29f9a7f0e1fd2f19753d0321ac6

SHA256
e8598724ae17721d4cb1342cc00d56625bf57c175ed176e3d3a3024bea376956

SHA512
99baefca538d779eef7ea54ecf09801434f274e64a56959770bbf38c52e1669cc312f1a20a907124bd013234bdcc9c0b0c62e4a15f2fa7b6a08b3af7d9dcc280

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
8KB

MD5
0de5a5e11438c33150cf5340a00fc6e6

SHA1
d891d2e0b5458d1575d686360873a0fd870183cb

SHA256
ff76cfc1113a9a6d230c40d3dac06aa4f619b738ed48b98180ce9015180ee5f4

SHA512
074ffb2355bf96ebd51a231ed7c13deeaeaed2ed369ea913957ed1a50dab8d5b05358858ed460d39cf38ca87b7c8b09d0f6cab6ace3940c0365fd70708c02146

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
170195cb0e1383d3a1286000062f1e4e

SHA1
468ed508b3f47c48fe968b7bf9a24e4cd2c7d542

SHA256
021c126cf3d4422ffc93c71569199f080f3eaab2916e672721d27353160c40e3

SHA512
f2f3bbd24fed212ab24b5a440227a42ffc7c7067408245b899a106e570da6f6a0197cd919e635706e44cf05c0d8b79552f69fa5ce644d543b049231914316000

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\45988471-64b4-4a40-beae-cf2075b9d44a

Filesize
671B

MD5
f94b92856ff677450724ffa6bd0684bf

SHA1
36ef8a416c6093ab4610302a8c7629075450ab69

SHA256
eeb0ca55207c368a8405fd6d9e5fef52a0325af9b6448149f928a94384087403

SHA512
29341144cf426efff4882f89eade81c37eec72f4c4c3b47daf9e63b223c7fcae10d96cc61bb8aaa7753a293fb3512f603b8d9e90f6e8d5d7f744735e7b703b97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\6ead28e4-d2c2-4008-b3ad-3aeb33492c58

Filesize
982B

MD5
f847548d2a6c0ec75269d2e3d43f4769

SHA1
c3b50f3fe42dc7f4fd988fd025d58b4a43e4f0ef

SHA256
75d4b1074615a50ad9eb5d421d4ed4361bc16eef9282392f9f9d6c2d5c7baefc

SHA512
4fb59f0279d197c7a9881686f0e822c893a1d7837725e1a646f40ccf6354f250d4da210f4e552c01ae792225044fe5726cfa81e67d97be2f641cc9ddc7a45b8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\eb9c5450-db57-43dc-9c9c-65a70516cf7c

Filesize
27KB

MD5
50d074b61c358703964807e9dad617ae

SHA1
074ac507a6c8f0350e36cf7f84c81f3fb410850a

SHA256
a62ff78d8d0bb6318023f32d31dcbaaba12bc803ed87a4d3c53ce36531a84271

SHA512
b8df17a2687d3affc87f45c586407cba8498b93b6cec577dd05755e0f057221f5d7b9cd6c01b9a29863a2ae953e6ae1895f2ea5c3cba5b17462b17b376654379

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
11KB

MD5
78825fe651b3e64be07f358a4c0921ac

SHA1
7514493924f039baea90f71a6965448717bbd604

SHA256
5121da28a43be684d608ca07ed68774c71e090227330a8d346e583eb512c4ac7

SHA512
9ed1377269bc19dad74d4ad741c3596aa18fbac9bfd189e603ca401bd9eec99272504a44debc54f9e662738441713eed28197bd8467124971ba235e321dab1ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
580cbfcd295127a7389e671bd57205cd

SHA1
be2128b38ae471b59da53bbf5a5808ae2e00ac9b

SHA256
84f5a2d9543fe1839aa11d860d45e1c5b0dc5ef116a70846b4fa6ab1a7caaee7

SHA512
9047a34ef5ceb33be98c22e4cef9b12ac8282152a7918990b98dc90744767c952007e48fb64ef4c3a9cdab385121084fdcc5c64ce7382794344544579513b6a0

Download Submit
C:\Users\Admin\Downloads\Solara.ND\Solara\BootstrapperV1.15.exe

Filesize
796KB

MD5
653c07b9b5f1b22c84f72c03b0083d18

SHA1
54c25b876736011d016dc0ea06a1533365555cc4

SHA256
c9d04a3a87fee318ba65f837f40bd2dd2428f25e78bf271207f8b2b02aaa8a06

SHA512
b605773fc4fa244f354bb8f51621225e6482751d19bddf747f03f624581bc7ae896ca0e40be91b667aea7a7978a291497a362f9bd65449682e1948938af684f8

Download Submit
C:\Users\Admin\Downloads\Solara.lBJDsGgT.ND.zip.part

Filesize
281KB

MD5
0c48ff4836b44ec6503852cf6a80bee8

SHA1
96c1c3a9fecca388989f4650486a38061a4aebad

SHA256
9b7098731285fde2c84de952f6074d4f4c77332d8ce0b784790e8ce5ebc3e013

SHA512
aba90dd9641545bfb7d4a7575ffae9df6e77f1338e525db227b44b5e860eebe64acbc58306f6f7fa9344473e865022ccadaf83445eb9058f266dffb0a9958ead

Download Submit
memory/1032-346-0x0000000074480000-0x0000000074C30000-memory.dmp

Filesize
7.7MB

Download
memory/1032-334-0x0000000005BD0000-0x0000000005F24000-memory.dmp

Filesize
3.3MB

Download
memory/1032-333-0x0000000005BA0000-0x0000000005BC2000-memory.dmp

Filesize
136KB

Download
memory/1032-332-0x0000000074480000-0x0000000074C30000-memory.dmp

Filesize
7.7MB

Download
memory/1032-331-0x00000000008B0000-0x000000000097E000-memory.dmp

Filesize
824KB

Download
memory/1032-330-0x000000007448E000-0x000000007448F000-memory.dmp

Filesize
4KB

Download
memory/5556-350-0x00007FF9609E0000-0x00007FF9614A1000-memory.dmp

Filesize
10.8MB

Download
memory/5556-351-0x00007FF9609E0000-0x00007FF9614A1000-memory.dmp

Filesize
10.8MB

Download
memory/5556-348-0x00007FF9609E3000-0x00007FF9609E5000-memory.dmp

Filesize
8KB

Download
memory/5556-349-0x0000018F9CF00000-0x0000018F9CFCE000-memory.dmp

Filesize
824KB

Download
memory/5948-355-0x000001FCCE530000-0x000001FCCE552000-memory.dmp

Filesize
136KB

Download