8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Analysis

max time kernel
269s
max time network
265s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
30-11-2024 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

9^/10

discovery evasion phishing themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Executes dropped EXE 4 IoCs

pid	Process
240	Solara.exe
4500	node.exe
3768	Solara.exe
800	node.exe

Loads dropped DLL 13 IoCs

pid	Process
4272	MsiExec.exe
4272	MsiExec.exe
1912	MsiExec.exe
1912	MsiExec.exe
1912	MsiExec.exe
1912	MsiExec.exe
1912	MsiExec.exe
3928	MsiExec.exe
3928	MsiExec.exe
3928	MsiExec.exe
4272	MsiExec.exe
3768	Solara.exe
3768	Solara.exe

Themida packer 22 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x000d00000002b938-2920.dat	themida
behavioral1/memory/3768-2924-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-2944-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-2945-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-2946-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-3068-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-3121-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-3155-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-3165-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-3182-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-3517-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-3620-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-3919-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-3949-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-3974-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-4082-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-4204-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-4225-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-4237-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-4256-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-4257-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/3768-4295-0x0000000180000000-0x0000000181168000-memory.dmp	themida

Unexpected DNS network traffic destination 30 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 2 IoCs

flow	pid	Process
44	3424	msiexec.exe
45	3424	msiexec.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
43	pastebin.com
50	pastebin.com
56	pastebin.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
3768	Solara.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\diff\base.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\vuln.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\yarnpkg	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\selectors\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\rebuild.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\corepack.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\just-diff\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-flush\node_modules\minipass\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ansi-regex\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ms\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cidr-regex\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-install-test.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\clone\clone.iml	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\env-paths\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\get-write-flag.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\envelope.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\has-unicode\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\are-we-there-yet\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\isexe\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\node.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\run-script\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-docs.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\utf7.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\is-windows.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\safer-buffer\Porting-Buffer.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-docs.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\query\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\clean-stack\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-profile\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-stars.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\make-fetch-happen\lib\cache\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\once\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\tokenTypes.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\identity\provider.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\jsonparse\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\unique-slug\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\humanize-ms\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\lib\abort-error.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\fs\lib\cp\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_etw_provider.man	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\parse-conflict-json\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\lib\get.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\.travis.yml	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmversion\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\relpath.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\lib\fetch-error.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cli-columns\test.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\lru-cache\index.mjs	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\utils\signer.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\npmlog\lib\log.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\minipass-fetch\lib\fetch-error.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\API.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man5\folders.5	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\dist\npx.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\configure.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\link-gently.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\selectors\types.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\promzard\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\aproba\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\stop.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\node_modules\lru-cache\LICENSE	msiexec.exe

Drops file in Windows directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFB562DB81841EBD08.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9C06.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\e5871d0.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI76D3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA02E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7DAC.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8148.tmp	msiexec.exe
File created	C:\Windows\Installer\e5871d4.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA6FEC2DC1CF86627.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF74E7491377334B14.TMP	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Installer\MSI76B3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7C62.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7644.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8128.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7D6C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9B68.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9D9D.tmp	msiexec.exe
File created	C:\Windows\Installer\e5871d0.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File created	C:\Windows\SystemTemp\~DF4A51A453EA389A6C.TMP	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 10 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4928	msedgewebview2.exe
5696	msedgewebview2.exe
5824	msedgewebview2.exe
5760	msedgewebview2.exe
2564	msedgewebview2.exe
2060	msedgewebview2.exe
3156	msedgewebview2.exe
3088	msedgewebview2.exe
5464	msedgewebview2.exe
3044	msedgewebview2.exe

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Gathers network information 2 TTPs 3 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
4404	ipconfig.exe
1800	ipconfig.exe
2116	ipconfig.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133774449254697642"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\1\NodeSlot = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0 = 780031000000000047597d611100557365727300640009000400efbec5522d607e59e1662e0000006c0500000000010000000000000000003a000000000059a5500055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0	Solara.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Solara.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 = 19002f433a5c000000000000000000000000000000000000000000	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	OpenWith.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0\0\MRUListEx = ffffffff	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0\0 = 56003100000000007e59fc6610007363726970747300400009000400efbe7e59fc667e59fc662e000000daab020000001c0000000000000000000000000000005bdbb4007300630072006900700074007300000016000000	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Solara.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0 = 50003100000000004759b169100041646d696e003c0009000400efbe47597d617e59e1662e000000355702000000010000000000000000000000000000005c936100410064006d0069006e00000014000000	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0 = 4a003100000000007e59fc661000736f6c00380009000400efbe7e59f7667e59fc662e000000e4a402000000060000000000000000000000000000005bdbb40073006f006c00000012000000	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\1	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2300	chrome.exe
2300	chrome.exe
3196	Bootstrapper.exe
3196	Bootstrapper.exe
3196	Bootstrapper.exe
3424	msiexec.exe
3424	msiexec.exe
240	Solara.exe
240	Solara.exe
760	Bootstrapper.exe
760	Bootstrapper.exe
760	Bootstrapper.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
2984	msedgewebview2.exe
2984	msedgewebview2.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
5696	msedgewebview2.exe
5696	msedgewebview2.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
5224	OpenWith.exe
3696	OpenWith.exe
7104	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2216	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeIncreaseQuotaPrivilege	1156	WMIC.exe
Token: SeSecurityPrivilege	1156	WMIC.exe
Token: SeTakeOwnershipPrivilege	1156	WMIC.exe
Token: SeLoadDriverPrivilege	1156	WMIC.exe
Token: SeSystemProfilePrivilege	1156	WMIC.exe
Token: SeSystemtimePrivilege	1156	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2216	msedgewebview2.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
6164	firefox.exe
6164	firefox.exe
6164	firefox.exe
6164	firefox.exe
6164	firefox.exe
6164	firefox.exe
6164	firefox.exe
6164	firefox.exe
6164	firefox.exe
6164	firefox.exe
6164	firefox.exe
6164	firefox.exe
6164	firefox.exe
6164	firefox.exe
6164	firefox.exe
6164	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
800	node.exe
3768	Solara.exe
3768	Solara.exe
3768	Solara.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
3696	OpenWith.exe
5820	firefox.exe
7104	OpenWith.exe
7104	OpenWith.exe
7104	OpenWith.exe
7104	OpenWith.exe
7104	OpenWith.exe
7104	OpenWith.exe
7104	OpenWith.exe
7104	OpenWith.exe
7104	OpenWith.exe
7104	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 3920	2536	Bootstrapper.exe	78
PID 2536 wrote to memory of 3920	2536	Bootstrapper.exe	78
PID 3920 wrote to memory of 4404	3920	cmd.exe	80
PID 3920 wrote to memory of 4404	3920	cmd.exe	80
PID 2300 wrote to memory of 3780	2300	chrome.exe	85
PID 2300 wrote to memory of 3780	2300	chrome.exe	85
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 4004	2300	chrome.exe	86
PID 2300 wrote to memory of 3592	2300	chrome.exe	87
PID 2300 wrote to memory of 3592	2300	chrome.exe	87
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88
PID 2300 wrote to memory of 4508	2300	chrome.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3920
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:4404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fe6dcc40,0x7ff8fe6dcc4c,0x7ff8fe6dcc58
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,16682497461277768250,793514683336752078,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,16682497461277768250,793514683336752078,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,16682497461277768250,793514683336752078,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2352 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,16682497461277768250,793514683336752078,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,16682497461277768250,793514683336752078,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4416,i,16682497461277768250,793514683336752078,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4380 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,16682497461277768250,793514683336752078,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4996,i,16682497461277768250,793514683336752078,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=868,i,16682497461277768250,793514683336752078,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:8
  2⤵
  PID:5464

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1996

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3932

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:4680

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2484

C:\Users\Admin\Desktop\sol\Bootstrapper.exe
"C:\Users\Admin\Desktop\sol\Bootstrapper.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3196
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  PID:2216
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:1800
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  PID:2152
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1156
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  PID:5000
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:240

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3424
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding E1E7AFC18F4B374D5C302755347A8D7E
  2⤵
  - Loads dropped DLL
  PID:4272
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A67A07170157C8ECBDBF02A5DE750623
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1912
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9129FD9BF408C3F32547742A0AE19FDE E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3928
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2128
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:2308

C:\Users\Admin\Desktop\sol\Bootstrapper.exe
"C:\Users\Admin\Desktop\sol\Bootstrapper.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:760
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  PID:2316
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:2116
- C:\Program Files\nodejs\node.exe
  "node" -v
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3768
- - C:\Program Files\nodejs\node.exe
    "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 2faf7d99725f4d59
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:800
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3768.336.13362464857250922469
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:2216
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x1c0,0x7ff8deba3cb8,0x7ff8deba3cc8,0x7ff8deba3cd8
      4⤵
      PID:2316
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1924,17181087564159732532,17385196726748789396,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4928
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,17181087564159732532,17385196726748789396,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2260 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2984
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,17181087564159732532,17385196726748789396,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2516 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:2564
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1924,17181087564159732532,17385196726748789396,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:2060
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,17181087564159732532,17385196726748789396,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4460 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:5696
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1924,17181087564159732532,17385196726748789396,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3180 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3156
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1924,17181087564159732532,17385196726748789396,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=5104 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3088
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1924,17181087564159732532,17385196726748789396,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=5080 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:5824
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1924,17181087564159732532,17385196726748789396,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5124 /prefetch:2
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:5464
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1924,17181087564159732532,17385196726748789396,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=5056 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:5760
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1924,17181087564159732532,17385196726748789396,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3736 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2988

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5224

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3696
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\sol\DISCORD"
  2⤵
  PID:1384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Desktop\sol\DISCORD
    3⤵
    - Checks processor information in registry
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:5820
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1904 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0528ea6f-44e9-422c-9efc-c15087521a10} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" gpu
      4⤵
      PID:6096
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd6a4e2f-8660-4d4f-b8ac-6eaca101c973} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" socket
      4⤵
      Checks processor information in registry
      PID:1496
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3008 -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 3012 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be5c9fe7-5ec3-4137-978a-f0a6dd371374} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" tab
      4⤵
      PID:748
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3500 -childID 2 -isForBrowser -prefsHandle 1484 -prefMapHandle 2716 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d08aba2d-a1d2-434e-b48b-87328ee2d477} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" tab
      4⤵
      PID:5676
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4944 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4936 -prefMapHandle 4932 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6b8d8b2-2634-4c9e-a1f9-661e9842646f} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" utility
      4⤵
      Checks processor information in registry
      PID:6664
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 3 -isForBrowser -prefsHandle 5384 -prefMapHandle 5332 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4ccf2e9-200b-4cee-a444-9725e0ba4527} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" tab
      4⤵
      PID:5872
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 4 -isForBrowser -prefsHandle 5404 -prefMapHandle 5324 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac24eef0-2c23-4a9a-8241-cf6c6f83fb7d} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" tab
      4⤵
      PID:1384
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 5 -isForBrowser -prefsHandle 5820 -prefMapHandle 5816 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6da64434-61d3-42a2-bfc7-b1d076eb0906} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" tab
      4⤵
      PID:4216

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:7104
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\sol\DISCORD"
  2⤵
  PID:2200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Desktop\sol\DISCORD
    3⤵
    - Checks processor information in registry
    - Suspicious use of FindShellTrayWindow
    PID:6164
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1628 -prefsLen 23735 -prefMapSize 244710 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23aaa2da-2e68-44e3-8db0-3d50123e74cc} 6164 "\\.\pipe\gecko-crash-server-pipe.6164" gpu
      4⤵
      PID:7048
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 24655 -prefMapSize 244710 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bade987-c14c-4940-a00c-c4d1b8164940} 6164 "\\.\pipe\gecko-crash-server-pipe.6164" socket
      4⤵
      Checks processor information in registry
      PID:6280
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3060 -childID 1 -isForBrowser -prefsHandle 1592 -prefMapHandle 3024 -prefsLen 24796 -prefMapSize 244710 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e2a95f6-5cff-4504-b197-679f25572287} 6164 "\\.\pipe\gecko-crash-server-pipe.6164" tab
      4⤵
      PID:5412
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3532 -childID 2 -isForBrowser -prefsHandle 3324 -prefMapHandle 3096 -prefsLen 29088 -prefMapSize 244710 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2139b45-518e-4f0e-b9cf-c8c1fb9bc8f2} 6164 "\\.\pipe\gecko-crash-server-pipe.6164" tab
      4⤵
      PID:6692
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4596 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4612 -prefMapHandle 1132 -prefsLen 29142 -prefMapSize 244710 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff0b4ed2-4045-4678-8e5e-ad099444125c} 6164 "\\.\pipe\gecko-crash-server-pipe.6164" utility
      4⤵
      Checks processor information in registry
      PID:1104
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5128 -childID 3 -isForBrowser -prefsHandle 5088 -prefMapHandle 5100 -prefsLen 26998 -prefMapSize 244710 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3f61b36-8cd9-41e3-972c-a597e35c5b93} 6164 "\\.\pipe\gecko-crash-server-pipe.6164" tab
      4⤵
      PID:6612
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5284 -childID 4 -isForBrowser -prefsHandle 5156 -prefMapHandle 5152 -prefsLen 26998 -prefMapSize 244710 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d653bdb3-fe91-439e-bd9b-dbc523eefdb2} 6164 "\\.\pipe\gecko-crash-server-pipe.6164" tab
      4⤵
      PID:6632
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -childID 5 -isForBrowser -prefsHandle 5548 -prefMapHandle 5544 -prefsLen 26998 -prefMapSize 244710 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bda4ffc3-61b6-4582-b990-711d6274fb21} 6164 "\\.\pipe\gecko-crash-server-pipe.6164" tab
      4⤵
      PID:5840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5871d3.rbs

Filesize
1.0MB

MD5
05e7757e70901dd631d0af174535f96b

SHA1
20b587d1312ba1f2a724002e186bb2ee055b0823

SHA256
6111024e8591fceae807a15d9c646441cf6cd46dfa71304acb48251d15371bc1

SHA512
77fe292ba129d3565df25d41d6d3d2ef5eb8f6bc307807ab7b4da2b526a9ae6df07f3aeb9336e9eda40a9985d64922fdd6196df4f6a027ccf6cc40e5183c6856

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\index.js

Filesize
6KB

MD5
0e709bfb5675ff0531c925b909b58008

SHA1
25a8634dd21c082d74a7dead157568b6a8fc9825

SHA256
ed94fd8980c043bad99599102291e3285323b99ce0eb5d424c00e3dea1a34e67

SHA512
35968412e6ed11ef5cd890520946167bcef2dc6166489759af8bb699f08256355708b1ab949cce034d6cc22ed79b242600c623121f2c572b396f0e96372740cd

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\body-parser\index.js

Filesize
2KB

MD5
b9e991c0e57c4d5adde68a2f4f063bc7

SHA1
0cb6b9eb7b310c37e5950bbcaf672943657c94b5

SHA256
9c6c900e7e85fb599c62d9b9e4dfd2ea2f61d119dce5ed69ac3a8da828819241

SHA512
3bbd31eed55c32435b01fe7356d39749e95f8f49222115ada841e751ad36227e6f427efdc4e8bad36d8ccd37c2e92c01fa67c24c23f52023df8c1e1be1a3b4f6

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\body-parser\package.json

Filesize
1KB

MD5
826bd4315438573ba1a6d88ae2a2aa65

SHA1
3e27986a947e7d10488739c9afb75f96b646c4c5

SHA256
0fd31ad69fdcf1e2a94530f9db9c93e96709b690393a14711643123f678ee956

SHA512
2e98ba8e57cb0950e45d20365d16e86ad94a60cfd4cf103b7d55dae02de677985d37c0f771e16ae0a628cb3b59adce8a9e1742cffc298f18cb7d935d72536e6d

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\debug\package.json

Filesize
1KB

MD5
71a7656944ffe50cc27ebe02491ae49b

SHA1
8ebf0f80660d982fc68f00f82855696157e74b10

SHA256
6c3d2c892db282317913ce7c340dd2edccd326bcafd18b644b8738144967d6ee

SHA512
5b0010b41304e212a22d2c89eff65ce410b000c71c4ab8c7fdba8f549ba0629fe27f37c142058b041fb889bc73e00959ad58f673866ee7d29724687da3c3f320

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\debug\src\debug.js

Filesize
4KB

MD5
74bdccf347345d27fe8a4ac3add99c60

SHA1
a2b8a915c86fc750f56a7137860f19ec1182ee21

SHA256
d8d1c1d6c387ab67c3f28d78fd0b20b9becd69442db9d3efe110ca464b509c8a

SHA512
c2d47efee2a4442be6375d623f46b4c7ee9552c132b9229eb284bdd98629edd02664167805b0af9b3faaa9b1906e9ed0c5e383396d4995cef7051f9a450e1b99

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\debug\src\index.js

Filesize
263B

MD5
dd13897ea2eed92695bb7e4e744a9148

SHA1
182314d32e789e4f9c29e3150ae392f1630f171c

SHA256
9a34fedeb2d269c46ed94e6f13039eb0d16d866dd460ec66fa3acd78122fa9fe

SHA512
0b53bc984178336ac516601e72d477d2beeef6936800da17d3a79c153e0036f7428517ebd75d296729f65856c7e07749029f5aa192b2ac071efc4d3e39750a32

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\debug\src\node.js

Filesize
5KB

MD5
25807a97fbb1fcc42a013abc7d7768c4

SHA1
f24d52cbc9144b011def218234ff7b50e7ddcb19

SHA256
a3e83594a4ce88997e2e4fc66bc942b17b9d736290ad62560c7f09d6d0989ad0

SHA512
8d316b63700126d7c8965a886e9b35a332d3f7e68d28f2264d235c0afad28066f877f25821e1983ddde5f2d5052716cc73338779b41b6f4d1b90ad33dc3e9f24

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\depd\index.js

Filesize
10KB

MD5
002a1f3e813cc05d9e3cc011f6601628

SHA1
1690c27457637ec234d6b7658f1b96e547a0eb99

SHA256
4d587a5662e20a7bb9bfe6555afe5987e1b80303a819b447394f37a93297ee91

SHA512
ea1ad9bcf09a73a10dd1fd8a66daac12f87725e16ad27e7beff6d9fda937579976cd5d7ed6439c4122b16178c3ffdf410d6c7a54918f94bc98fa7950adf3bd54

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\depd\package.json

Filesize
1KB

MD5
7f0a9d228c79f0ee4b89fc6117f1c687

SHA1
3c10082c1464a6f589aa10cda88285e780ebf857

SHA256
5a3659bcc2e47b25ebf9f23f38eb9452a58920bfe4b59410bfa6fe84639a3b99

SHA512
7bdd7259bcb8d79aa41777f03d3a3f8a29b60c2d25104072edba9febeb813e12ef78d31573637702decddbaa97d8fec263bc413bd27dd660ded17d644458cbc2

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\index.js

Filesize
224B

MD5
866e37a4d9fb8799d5415d32ac413465

SHA1
3f41478fdab31acabab8fa1d26126483a141ffb6

SHA256
4d2f5afc192178c5b0dc418d2da5826d52a8b6998771b011aede7fdba9118140

SHA512
766d2e202dd5e520ac227e28e3c359cca183605c52b4e4c95c69825c929356cea772723a9af491a3662d3c26f7209e89cc3a7af76f75165c104492dc6728accc

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\lib\application.js

Filesize
14KB

MD5
15cf9c2f48c7ba6583c59d28908e3e27

SHA1
19c7718f6a3d0f9dcd4ca692c19718ec29aae092

SHA256
5901b32f609ba349351bf7406dbdc0c4c57b77ce6f7215ea67ccca5ac2a28e88

SHA512
c063277a59b83dffc085116769475ec5cce1c47c167b9bd2246e8bda04f0ebc2773b5f06e3b44fc5ed057e043f6d33e77741f34d15e22542134e3865574a29be

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\lib\express.js

Filesize
2KB

MD5
d467bc485eddf6d38278bc6b1dc16389

SHA1
e233882de62eb095b3cae0b2956e8776e6af3d6a

SHA256
2f25585c03c3050779c8f5f00597f8653f4fb8a97448ef8ef8cb21e65ba4d15d

SHA512
2add66b4f2e8ce463449ca8f2eac19363844b6ab159a41b42163028c57f07a4245ebefe759a6f90e8685b5bd239c969fe99366eff89378cb8b92b8a703dacd61

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\package.json

Filesize
2KB

MD5
3b5b76b70b0a549dce72c5a02756d2a8

SHA1
07786baebb5c52882e28a8bd281c9a36d63dd116

SHA256
bdd67333ab62b0bfeb10ecbbb23936db57b743a3eec580a354591fdf63334859

SHA512
bb266dfa725421fb26d26fda0f45a5fa5cd832667b05f27ceaf4e7fc1e032aeea8700493cfdd2941c3c38cd166eee1000d2b9ae3ddef375714e25a2027a943a3

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\finalhandler\index.js

Filesize
6KB

MD5
d50e9637775204f194d629000189f69c

SHA1
50d1a1725cb273b0a8e30433dabc43d65f55169b

SHA256
96900b458b12085ea16f228151439d9a7bae6b5d45248e355ad617f4dc213540

SHA512
563a8375e3ab7936162a9d209800f8b41c416c1500fe24de817871c3e5489e8faf5a4dcb7fb239f697a8736432356e60ecf1578d0aafc0de80d6e0ae90c34aad

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\finalhandler\package.json

Filesize
1KB

MD5
3d09ac571e0b6eaf8fdb9806118b6d30

SHA1
eb758bb6a7d3e4f32f0fa2f941265678539e74f1

SHA256
243d853d4386c4132508ae9a99e5176b25be7f5cb6967bc1bab241f20e937e72

SHA512
0207cf364e3eac974cae61ec68fe3975fd1f1eb6150f51293ce67f62dbb0f27a3d9c193101ef282dcd099fc653ca73cd3c875c18e5e266964038e3334697b5b4

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\merge-descriptors\index.js

Filesize
1KB

MD5
b4d3859e603602c87a45682862055af0

SHA1
e95cb1c14d70be457eba2ce61b2f4e90a13b21b1

SHA256
88564234b9eeb2f0fe2cc5d03f617a97eb4802f126bdd21aa223c3c87c02531c

SHA512
b17bb8c8b652f27d8037ed60f28b0d19a68e77bcc45d1e2be7dd304c942f6e85570e9720011f983fb8783d670eb66c0c3174d5fd90690b2aa79c2b402adcd00a

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\merge-descriptors\package.json

Filesize
931B

MD5
570e06d8ce0167e07a32ba70fdd56795

SHA1
39dc652dfa419d46d6fed0835444c603c57077f8

SHA256
45ebe570483c48b6460767fc4a0bb69e4dee4bf4becc645b0e0627172a30a580

SHA512
9c8ddf41b3207016935affce00108d87f176a9e473a01f03f1110456397c88ee2fbaf34f9e497e6cbff2b65c4f4c7f254a5129b4c1eaa2b85fbebffb8fe43777

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\ms\package.json

Filesize
704B

MD5
cbd55880a650b56c3d5acddbbdbee9bc

SHA1
4d354da7ece1c7d5689b8104f3b6f3dcbac7790e

SHA256
30fbfaa3840b2f63978ad4bcd7ed8dc24d277b818e4755fe93eda8cb1bc8b74c

SHA512
e329a6f6a38dd33bd60334a8dec4a91aa6e7dab28f0893240374ae6a303c12646399d821403e3b80eb51317d1808e6abf30bd91b0bd99951f96815a22ba105c7

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\package.json

Filesize
53B

MD5
b9f2ca8a50d6d71642dd920c76a851e5

SHA1
8ca43e514f808364d0eb51e7a595e309a77fdfce

SHA256
f44555af79dfa01a68ae8325382293fc68cd6c61d1d4eb9b8f7a42c651c51cde

SHA512
81b6352bbabd0bffbc50bfcd0cd67dc3c2a7d63bda0bf12421410c0ec8047af549a4928b5c5c3e89ead99aa9240bddb461c618c49287c15d9d4d3a899e8f596a

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
3cf89a6d55c5c77dfbefbb4346d74d69

SHA1
259c483f1fb0f210322b9d0ee0ad4c29d8f96943

SHA256
2c7650628136af446b0b5668e2ed404ebd67d26baa62874055ef922c91f21696

SHA512
6f0043cca62fa8c564734759ffd95143e4a4661c7d850dba998732cd812e169d2c80469ac4bb019eaf50d5cc757819cc52f884b28693f5e52ecae3158dde4286

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State

Filesize
824B

MD5
2713db9e05c685289df2942af70a93fa

SHA1
1afa60062fc19f9fe5eed87177ad822759f8728f

SHA256
2d2b05f05a29fa4dedba197880f7d5c9836a40d4e466efbf57c18064b16d90a5

SHA512
4953b93d18106f89cce26dfdf3ce5b9d578958ad6e68f7f626f34a1993cbc55ff51527253af8283b6ccd37b31a1cac07855ffd90fbe5b6dc00815d0570a78df2

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State~RFe5a2ed2.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
4a93e9f77a181f033af61fa240f472ee

SHA1
bce0791e7b7bb93ec37ae0a8f32108826a30ed86

SHA256
5c832a3d6d6d2b4d53ad753a9054ce5b8c5d25da19d4724a646a2a67fe5e630d

SHA512
2c05213788dc4ce9c3e6a5a386b708049a581349755e344479bfab8094f9c3dfbb0abd34eb520fa77d63174696b172347e77dd2eb3207b699b0b6daaac7ef3ec

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
401e8dd0d6d92809e00ad1a7f0a38f85

SHA1
9332ee70551be1e58ab534ed96b666a6c3b59f40

SHA256
2e37c3e73b654ce6351b9e2b89e2be6882f3a12fab39c014153d62f9951a365b

SHA512
3cbe744eac867ddf4248c22f7b4c75e745dacf8c4104b8dbddbee6a5d22172d3ce118893c1b270645d2ff93732a66a8ff32c0eb4bde3108222cecaa711b65a7a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences~RFe59747a.TMP

Filesize
3KB

MD5
9c6543ded61ca47e253f4608180f9eff

SHA1
a8ee7a0119c38cf63c3a23e1464207db8774acdd

SHA256
2858cc2d9389f7ff9d8148009e62fabbfa4c3ef21cca57554881bae974357d1a

SHA512
a6c199f6eb446b865e6abe162efb276884009d32631c9a704f491e2c70281cd68195c5fe7be7ce5b9ffa37c175efd6452304691176a36a084b22dc5b1959d01b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe59672c.TMP

Filesize
8KB

MD5
dc2493dc211839269acc04b4b0be3dee

SHA1
28ffbf581dc1c03f289a016d662336494e757ca5

SHA256
8420b43ea7bcc53b18f5fe96985bb3684f728d215299059493e2d2fed890ecd1

SHA512
aa7b26a2e7f7d742bea6c0a865e31077d8b1e6318752fcdbf976c51675553d53a77b30f18751c731a1a0f322293f603f7e4654809004fe73d2b0244790c89cea

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\b1af4c86-8893-44eb-9499-cb2600f1fc65.tmp

Filesize
8KB

MD5
5eecccfc17e4ded891355a4a12e54d09

SHA1
40a37ff57422144f5ee4e65f35bbf2ee30e6e8d1

SHA256
00732f59cd710f22b7cf6f7d532f55764ca5ddfae2c3ec35298c427b9c1b251c

SHA512
93f9e3f68285678a43d711cdb1db38acfa233612dc6e3adbbe2193064ec898b2aa58afb2c501fff6776cf71c89e3fda4101b80dbc01d8204249bdda2750569b3

Download Submit
C:\ProgramData\Solara\SolaraV3.dll

Filesize
6.8MB

MD5
c3d8a566119d8fee7fb2d0db4dea86e4

SHA1
c8094d474337ccf4dda2b1888a8235f73c20eaf3

SHA256
ca8df8f0b5d9981ed0e284f809472e8013252e59bed1a0f08c98a4b0726920ee

SHA512
0cd41d5d7c90e4f780dd92b03ac0938dbbf082c5658ee660c31986cd8e9d9c68f386b9989373cdd25c34a21943c266495c4f4c85b44487bb97d0edebb96555f7

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\ProgramData\Solara\bin\version.txt

Filesize
5B

MD5
a550e39a1b99146581652915aa853a6b

SHA1
3509c9a74b8fbdce7069149a65b86c70d1fb37c0

SHA256
f637e389c425692bb6ea379c4bdebef58ae2aea6aef7d28488816613e7bf9374

SHA512
4a62903c599ca8cc0ed9f48c9dfbf1cadc4953e2c87a9c5fdd71bfd8f689809c9223bf51f0190e177eb477cd7322c64812c8b4061065346d22a95b79d1c52104

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\80ccaf9e-4281-488d-8f12-c2d6f0d4dded.tmp

Filesize
9KB

MD5
de258bf79d0b20555c66d3885ec33cd0

SHA1
5d9667ed17e040c50a2a047ebc085f13bdc97021

SHA256
32220c5544c932a9686693014560e773359918507dbd2d17b4aa7fdd8716c689

SHA512
19a90e5355c62902cff7d51f7306217195a2114fd60e8526408b33b5fc7ff0a11b31c5b329d4cb17cebe8721e9e00101ab7aa6bc6e74513adf29ad3b06f02cbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7e4a424ad1104a79577a095b7f225639

SHA1
f2f333f5315d8d57a8bb2626786a2dad2108e6d9

SHA256
d7fdfa62e54d4b8da65af4bdc84983c50cd57ee8afdbcf5e5300a197fd18cf9e

SHA512
afb96d444a3144b6b0734e25cfeed8ef442d447febd07ad716769b17176a1e94590d342587d1bb7cd275744611c6e80d6a1e71dd3cb71eccef076861691d8154

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
370c96eea6adec428347a0a07afc630f

SHA1
c1e482181634d54a18a518f301a6ac24c7b86a10

SHA256
d978c5d461e8d48b9a9f845cdb04c4bf63af049e71ef216a7b1b0d453f6c038a

SHA512
9001344b0f95cb7fc77816efb2eecbaec1deb75ccbb0b20d089604e716e895a56c36d774bd53fc9390aaab4236b43e81c0efe825653579fc52a3343a900030a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6bb8dbdf1e33a8d4f40d7db3c304fb2e

SHA1
73a00eef6c542a32a6eeb702c2803db7e5c2e414

SHA256
4a81ddb7980dc3b9e7b411999558fc277f31a667ef697a21eeeb168190da6591

SHA512
0b5bf902e08b64f201bb94cae1e51197c9402ad5f902a71ad177e0e76e824f4f8363eb040db593c6167c167d96529094263d898f46e2efdc820a6664bf4afc51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4aea76413a48d917b04adcc793b01f2f

SHA1
ab3928f52d75e5d6beb1bdc3dbba78c59a64766a

SHA256
6c6ea9c31ff991bc021afa79c61254707de61b47f69bbd897a91ad6884ee1d4a

SHA512
8617db459aa4d00f4bf61d966259b8324027fc2acfad947a3ea2511b273a863b6a7a27fc63a51323498ab8781922d9662c0d43ca00fc83d5848d0bf29e1584ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
64e097242fe73653e337fdd37e791fe3

SHA1
af4de548cb384c2fe817212e3583b45175a39723

SHA256
74c1045118977ef51a05f76581b0f17f194d815e71fc592892d623f4f593b60b

SHA512
9409c73e5487268fe985972f97019f4e0f9dda6945240028566c8bbe0d5b019b4a1f294f3f4364f4b4b2b061a69eddfb123c24299101e732453f83d5283262c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9291298f7a9fe3ed0b2dda063a86b593

SHA1
cbff8c7c3b7a53b98cf8d9749ecf3bc3284eac62

SHA256
25225727ca666046d580ab73fa15dc627e2d19fcd07b50aa2eae005c2f29d3cf

SHA512
8208ffb4526dbffd69575f562b3d9c32aa9797ae5c8028d7d8cb653d895c3ea847a2a5ba83483173ffb2b948e5edae96a78c6a69bda92237d93ac8d01f029cf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
652f6e58af334e79181dc50a38cfd721

SHA1
310eff8b4b3f62405d3fac5f96fc7a532e46314f

SHA256
f4ae26c9c836880ccb38160a20b4d7dfc76af8917fe2c4aba825de7ca488ff65

SHA512
ef9c617067dc6639b6f69ea69fddd08be60d36539d4583335e3446fe9b6c72b4164486d591ffee7984a44a15fa989dff9a70ad8a65c2f8c8030c8d0ab8121f85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
13634f6cf096d5d7d650280373b8e6eb

SHA1
87c06d1031af64e4c8430d19d6dc27ca461d5464

SHA256
4ea23e554c2132b7ab5913e11dbffb7487c96d5bb02633df15a387ef6db8422a

SHA512
0e6fd8057fe787d942fee16e79d23a2a9059739ae4cc51f290f42dab02192d1edf858f074611405ea254599b38dcdb071731b7d9ee9395a7f165815d8dc35a87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
915bc2405ac5fc9a02d6b6c0ae84771b

SHA1
4764d7fe2d1cf108575e2d71a1ff4c3983d5852d

SHA256
54514162d151e922a46bb8393af7342fb7ec3517c074c2c91fdf2c4fcd2678a3

SHA512
de0870d5f15bd4af5b0300cf22ce918b6eab53748b6618bccd704411a804821d74520eec89ba9581eb748983eecbeaa9d00eb19e66366c3ab592eb1babd9ba48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc15ddf406e8c4e2d542e3da55c30fb4

SHA1
f0c63d9b7e6a3068ae7ee8c09eb5431a3c444a00

SHA256
7e0f5580e39886b4e705c5f42e4b262fb167202fbbbead7d40375db13c552e1e

SHA512
63910e42cb7512c3392c64b9e79d4d395e37d862d01bf1a39e8194806877515a7947e373c665050b16d6fc7c7d52aece0058d3084cdcd7e463a0502da59e44f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb47663269f5d6d8921ff2e9cf9f1e9e

SHA1
1e3979a5489186878f284f30248dd4f1351ab8c5

SHA256
b666a19981f191e1bd4af2edf4560b94b0570d8f0b07a7f2e0837f9ae636d7c1

SHA512
aa0f837d9b81a051e935f59b2e56be1232865da6664eaca63d05198413cdf07a004266a837e9c4f21bf268338cd08d99c6e600300ea1ed16149e44366e5d5166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6770547d0024ff0f4e61e6e1a8f71fbc

SHA1
ee093d7d6ad7ccdc80104f5f787cd9b3ab313f0f

SHA256
fe100eed48266b0944ad40865d51e62562476b74c88fbe990db440a825e87628

SHA512
04452d1a25d1a7da087c9db7fb77ac55f14d1dcc4178f2b633d9758319d4ff937daef487c5b7c7a7693f984ba83093fbce977c07a27b23e849550bae0f477883

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a001dace7658c80ad47ab4aafd32e83

SHA1
ee8e0dd2628ca88c3d372debebbe65d506964e23

SHA256
b36a6cfd5e010f86a7c083669ab31e4b62d7cd499d4b0e432f31ecfb9801fb8a

SHA512
a8928f0c19564f6af453f0f42b33b51a2370ce25d395ef3a6dd72d81461cca10539086620910f2cec5d81c7a66306658e2acbd0d206cfee339b1272058134526

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e59b5deb571dab8557ba05474136d2a

SHA1
6a83ba2483e805a17fa261e676723f1bedc0f9e1

SHA256
370c945c4a5ca284c78bec673a7b489b30159a674fea0f3343900f0f65df8428

SHA512
16f3ac114c41cb4bdc00329cc6fbae92478351783443b39db96f37f80719f4dfc14c062c461ecb7278a343a501a43b41604c8fb618a4a7fb37e56814aeff5234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0210faa936b6c959ccd4a308f0968d28

SHA1
370bf331d31a1bdd1f380f4f3e694af3b589b7f3

SHA256
f07dc7bad1c2795e35066e358abbbc6b236c811087ef5c2d311bb742e22782c2

SHA512
67657c1f7feb9a5290d79c2652cd96a836d39d012cb89b8d9d69f69b65f7ceb05e2fcee87b9b56f2ef9779c638a2461bbc44fc09b469e0eceda1b55b94248796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
85a36102ec251890e45b57b6c78b2159

SHA1
52519e029b4640024367ba61cb0fd05a031be3aa

SHA256
c7b123f0ea72eb6691438259c7e812227f33a6af715f4120203b8c58df381983

SHA512
bcb8cfeedf4a94bd86466e0358f099b120e9b38f6296e546fa978719a3421ba9c08352fd4f9928e94580cc3eab5a6197d01eb109c6e5f863273b49910d2bae3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c3d98b7d3322b55d494dc661eb81cdf

SHA1
84974d39a76fa02a39f6d8ea4faa3ed74e44db07

SHA256
ee88e07bbe375aae89c830dcdbaff0ceb6191e3d1db2982369afa1fc8ee65e81

SHA512
20ecea9c3a2f1af1c2646379dafb3347491950025db16e9f22de401a8ef95143c52e6754a1293a2a07541be2d58cfd59c2b758431763bafa4156069e6283b4e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8c0c1e7b2020c66fca9e665ab3ccb42b

SHA1
6304ce2619fa33bb3e5fee0add201c4726c6fe3c

SHA256
78ea81c168a3933937d32272d3624614e534805d12393b9b05a50d3684fc836e

SHA512
2cdcab01e4f38950ba72ffc9bbae8af32d6ae76978b91e3090ce9a6169a3ff472e5b4238ca0cb5b6fad83f5affd70ffccbff23dc7e7066eca2bb312e6f0c87e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\db56702d-78b4-4388-9005-7399f5242986.tmp

Filesize
649B

MD5
83a26c6ab29dc821ac8bf52f140a79d4

SHA1
7c685ad9e13b8e7fb8c248386b5a6e7242618d94

SHA256
ad35ba2ce38ac5ce3f1fa560050b9da8b752566748b6c0db6d29e01b13f40c29

SHA512
1fec24f5379075d8523d0003a71699fbe9122a61c662954822cafbb02dda78039a121baa597933eda974deacf578401dda31e6c56a5205eecae2c97c5753eb2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
c835700aa03352d4974357c43e2a5240

SHA1
ea7bf2c0e42e38267d56b0183bf8001b2abfc77e

SHA256
c9da7f34905fb77c18963a60bc08357312a775934f2d334987036f61ddf97d08

SHA512
1e8a7c30255e080972a09006c7db7d05c5899532fc15b2c94607788a9e9d3bd7b673c43ded768f9adad980b7b7469aea00adc8876113daffcf739ca6891c2151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
e12636fb09c8d17fefb3a0a6f45a7a1f

SHA1
98ec271a40f139b42a3664827c455ac46a50c6bd

SHA256
0af91547c9d3f9050ac41586edbf07e8c967d01109b7f22aa6a0778e56928b4a

SHA512
5bd6642316ddf4129a6393a698e949f35d3e08b12361b18db47a872b1b860c9df00b8b57d876e02d77b5896e19dd2223f06c90a10d8abce1f4a2dd79d0f4871e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Bootstrapper.exe.log

Filesize
859B

MD5
b80ab36515c0740685e38a5cd01e292a

SHA1
ebea40ce14021888f2c869576ad62b98b7c73c8a

SHA256
a6f7d3892a001df1aafe2eaf221a3b09a4fdad23ad642a62b9cc50fd25f9415f

SHA512
a9ad31c000c2264f8a9b7bac6bc60edd7ecf0d1c946a4bb3e57d824283c6b65e59344e834bcbf563586211078ddb895af13e4c697bea2c4a907982bbc5fbd4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
f7ac079334bb6acfc5f5b8b138fba489

SHA1
537265a03c1e2d666cba7f4eb3fa7be1379e7e70

SHA256
1077ab415035dc0d1e15dbcbd82d920fb246d3560f0f790ae8305b77b548f33d

SHA512
6c757d5d1720bada0ab8282bad75bb6db74375fa20d52ea676fe964da386a398656c87409d76c9643c5b7d34e1d9246a063c3b81df5dba7a563d329214b2b89e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
b97da8be68b3ef02915d8782271f99bb

SHA1
14565aa7a6ab8433aff332946ba73c965ba69625

SHA256
f54e83f073ca05b7e4ba31b3762db7689c4072dbf953acbdb39ddd3df6f43717

SHA512
5698e0653b126d51ecda7756791bed4aa72dd08df5fdf0f8efbc9ca0df30e52a9e9108b3f366793f4b5679d4750f5b7693e1867b675d12d6f86ea948581188b5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
f163de3fa2cbbbaf2c0f239788a07db2

SHA1
78c0f2eed1d717673d28e7bcd9b2db2ef2623378

SHA256
fe173253a456dedc65d6ddcebac3156d3f9e8a4ae0dfe8103627934830b6631d

SHA512
9eacf3d7d3ce260af3f3a8a5cb198ae1e172660735f2d208472b856575567ba06bd697ffe8cfceae84e68c4638c34bc8395be9552020ffd9169af936cf9987b9

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\3a216e5a-3ca2-4c6c-82af-d52fb86b3455.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\AlternateServices.bin

Filesize
6KB

MD5
b0c21bdf6bf5710681d9b1404fc8abb8

SHA1
a2399e5b7d3a74008b2398179034f42f81a229b4

SHA256
a2e33c0627007e1a6c9d639461f03954455a24563869267a00753b4da20d42f7

SHA512
85a155f48b64b8bbab356549cc7735b19377e9827e64a3c1760ce6e4bbdb9cb2a08151640fe9e6a6313ea06d24ba3e832a9702d758e5e7da7ffc1e5c82292020

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\AlternateServices.bin

Filesize
6KB

MD5
3fe87b2475f0c7a3628abf14a98e07fd

SHA1
a680c14e4ea3e1444100a0ca41403b490edfc6a7

SHA256
5d00deccd6595ad1b8a50f8d017e6ffd802f7271de81d6c2294559e9ce1a8a4a

SHA512
eecf20612ad8378d655f4ff9968e1879f876050194be8307715ab5a12dddfc2a4f68e02dbec59d0db622786ae1eff4c33be609eedddb287f575f2abf8396bec4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\AlternateServices.bin

Filesize
8KB

MD5
e9081e17cc52c012280081f8570ef661

SHA1
8d6e2101ccc9bb75f6f5b348a0acc9f895961d35

SHA256
8f49d79a88b69331eea6b8e7747a42c40a62007aea761592861d781880ef7c05

SHA512
7f3cdb55908a14e99bbdb744ba72c31a944783422abe3f371e53afa2fb8d51093f43f225e58b00a214853a2640987d8c567c69aa9eb07099136ebe576a771383

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
a157352f1222636623214eef9a002970

SHA1
5258e5187ec5a17f0f8a15b690ae152fcc453706

SHA256
950a0b30394177e9727c6c58284b2a4d8445482e4e21aa735e7b5a3f7f55fd9d

SHA512
630818f29fef061281d63399c42e4e97a01c4d843d5288996498f924d46d93033e50a6d7e6a85a6e466502863feade63827ca35fde870f831d6456aee6af3f81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
5a702e52c224be556429ea1350967ed0

SHA1
1b83e70108a87145de23f4b773c99c7a4ad0edde

SHA256
75b7ab6182d7659edcc98a8ceeed4bb4fbbc0da61a5cbad788de3eb860750d6f

SHA512
45dc5cb55a3f9e7346875074cad10a50a50a999cd009dd8b4eda10b4a46e007786e62ef10b87f4ab478d3bc890c89a4643f4d196f329e84336d37969060a3735

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
f271eb6b4965ccfa30e16f5255c8790d

SHA1
64b237f3d44622af69d940c6806c48f1dfa72dc5

SHA256
62ecd36b0f7e52417fab52607227726b56707ab321fe7767b20ff86dcd7daf6c

SHA512
9ad225bacb4cecf91ec3f62188e716c07126b4fcb8d2542ece66d7f6804b7a51e3feb8aad435297351d0c83002b0d9e0e27673b0a757230598fcbbd2d4688d87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
608eeae9eb251effd522517e60f91e6b

SHA1
df9a4e600b24a26b3601764eabe6ae25b71689cb

SHA256
b307588d0ab1a46d2f92f2d251f0b285265cd15531ff8ad103c9ef40fd14ae41

SHA512
d555a2f45cebf79722136b36cf505c1d804db321b759284788b64846f134e462379b6faa3cf2be3ee19730245d812c6abd89b2e5501028051c299dac92ac61c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
17KB

MD5
a50f5736b0915314153f5151b6d34b41

SHA1
5020bd5fa0a2c9f9e98f13c312172a708fa61703

SHA256
bc28d56f6bb39dc14c0b9b6da389c57314347d1a4893caeab20e9aa4cfeb3da7

SHA512
ab1f854b0b24cdd615c58d868ea18545796ec3fb508810aaa08b4606b9b161995ee71bf5b0ce074d9a68302add6ab2e1c996975fb64f979b8221d11e6fb0d72f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\0aef6e47-e17c-4815-9615-6486b0d24644

Filesize
24KB

MD5
4c80b491208c8d0352267f4be5780330

SHA1
c4bb13e2efc8294f769ec086945e18b6cc33dac5

SHA256
aa423e2d66a759822aa50ee631a29ab00a1aa1827923deddb643adada3dbabfc

SHA512
640bd2044cfee1a0fc9d90a2f5e704f82497febfda233b3d6300d304ddceaeb454e85c130546c41a05aac6a00e6f2d6af2b087080f02b229336d0cd73441db35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\45d47d1b-8df4-4bdc-b393-ff7f5b94653d

Filesize
676B

MD5
5ddd978fca254f1ae65a82a84bfe2111

SHA1
3d8653e40f26db2c081b74385abe31f37d54228b

SHA256
d3645d05daccedf708a2cdccb5ea46d8d657fae88ae81037aad262f938f5fff3

SHA512
f8ac2db680132358d480a20d4dfe16a7c255f4bdccc527a23aa6e08df16ce14a44beba49e3dd1f4fd1db30eda29b4ad9c58a2a5c2b4b3fa18e391b6c66cbb7b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\7b243573-09d2-478b-b1b8-f66f91a3b920

Filesize
905B

MD5
b5e48299a0d47a91837e7ac538df15ee

SHA1
6af6ee99c4b52944c1b2266596f4b8ddff6bf2c3

SHA256
06c6ab5c889966f6f8893055f52b542a10960b9e1fbc4599c54bdd66c54ab627

SHA512
e5edf59cc7f44b09b25d2092a5e7aa07af68463d90fddaa083e54424f917ce7c7357dca6ac104e0f79efd4525bd5487c18acaa73da702a27d27ffa108b64a387

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\8d5748be-9594-4713-acc2-e944458f6c37

Filesize
671B

MD5
cfa44d845a5c4ad8a84a5d7f5e420302

SHA1
d378a562b603d9ae681509262576f5f19be68bcb

SHA256
a4fe02ebd9cd22b9d9e4a089c7bbf883da69789651b25bdc99ba8912011c7543

SHA512
e4f3bb4ec6ccf4545cdefd6f799c0bc5031f668f7b7db873b8920c3d4bdc73192ef90ae17beb48bb8e86110047a55f43a82228fcd2a72c5f9c1758531d100008

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\e96e906c-fcf8-4b0c-9003-1086a0e05f29

Filesize
982B

MD5
28234ca4d166e92c45a9509d6e573d31

SHA1
7c41b9d343437ee6073fea0114c8f90922381548

SHA256
f814415f5678408bd5232aee544429c941f500bc5395ad1fc124d644593c7bb9

SHA512
1eaa88553f535da1b56526f5e6ee913a4457bda97b88ab6e71f4936f93345597b3c9d535dc328a8657e21c3f88273cebd8ec277b02c4290466a0c0b9630ac3fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\prefs-1.js

Filesize
12KB

MD5
5f9593591013f29ab90d933f747465a2

SHA1
6b637618e9b0ca8b8aa0f64fc6846f82cff5456c

SHA256
99c40afac7dbfdcfbee7ef72bd69f0b906e057dd4cb9a90c083f5ab3ef388ccd

SHA512
e72c7933ea43cc2d43e1b8f5dccae5f71e717ac4b70e800be6dea7d12fcc43e2c2e63cdc30042df4f955471f90550a7e696e18046bd85c301200b4faf754b850

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\prefs-1.js

Filesize
10KB

MD5
c0033d3439e491712a6e899726779d58

SHA1
cb520e0cac6cd1914a4e4cfa987536f2271bd148

SHA256
0f895f4f4631db5f8877a18fcbce3b837f2fce3d45ca0ca49b101fc8a7b6e65c

SHA512
5a7fa2c727ceea01ecdcef1a036b109bf633c2f34be973e98c7ccc9887f244c1ced899fa5e7a7a00922aa6233170bd483983d19498beeef4984802b0532a4d9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\prefs.js

Filesize
10KB

MD5
3cc2a6caa5b719f73e5d173de6a2fbf2

SHA1
6521a6fd270177ee7f110c671c559cbb28f91176

SHA256
8500f3a21d6734e35ba5be29178313cbadef544da702e02d6c1cc9f8c54c6111

SHA512
05bc25cf5fb81394f81d6ad86f93b45628873546abb1f4bb39a2ddcf2d36a5e30b9642d5c6dba7ca5ca41b07198d91a939b89923ef61c114a776436e91c1bbe1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\prefs.js

Filesize
10KB

MD5
8a60a9e59399f04768c39f644c6a9f4a

SHA1
5ef4ec060a4b0f8aa6c3f7a264709c4a20bf834c

SHA256
d5ee5220f5583ac858b612d3df5a48a79478b8dae36ccaa839a091de30392ccc

SHA512
bf95b4b758cc0dab77a3f493a7521deb32d0941da8f2859050810bcd0f92402faa5073e976356226ba02ed466de0abadf756e76652cc0c78a905b351b59382db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
648ea624280e409ac3a7f120b5e9000e

SHA1
168bd9dd85eb0603e0db6bef23a0df64f916bf83

SHA256
ea208bf36fe4e150165db9ff5972004c6f468114058d6dbe5d0350f85e8fc08a

SHA512
49520e85cd86cdb0b9fcefecaabc99ba3915ed5ce0b622ffe752de94df6d1fbf3f2fbae13ee18397b32477aadfb23280e42be6f92ec1c74feb4f246c60eb7e32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
560KB

MD5
a8873e9e78aba588d7d30126f7b36752

SHA1
6ab33cbd1d1174107d0e192aee8b355d505b6363

SHA256
ac5e1ed6d1f1fe177a57bc51a80013c10f0d5b57769d7862e6af52cda92d409c

SHA512
48763100df17c440acc2e04256d8735140da933755146ada6cd18732e6036700d50ef1ba1d13f9d91ecdd65ac20e6504093c696ab27fd37e838cc6ff802c8fa3

Download Submit
C:\Users\Admin\Desktop\sol\DISCORD

Filesize
103B

MD5
b016dafca051f817c6ba098c096cb450

SHA1
4cc74827c4b2ed534613c7764e6121ceb041b459

SHA256
b03c8c2d2429e9dbc7920113dedf6fc09095ab39421ee0cc8819ad412e5d67b9

SHA512
d69663e1e81ec33654b87f2dfaddd5383681c8ebf029a559b201d65eb12fa2989fa66c25fa98d58066eab7b897f0eef6b7a68fa1a9558482a17dfed7b6076aca

Download Submit
C:\Windows\Installer\MSI7644.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSI76D3.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSI7D6C.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
memory/240-2885-0x000001DAF0CE0000-0x000001DAF0D04000-memory.dmp

Filesize
144KB

Download
memory/240-2890-0x000001DAF3560000-0x000001DAF3612000-memory.dmp

Filesize
712KB

Download
memory/240-2887-0x000001DAF3830000-0x000001DAF3D6C000-memory.dmp

Filesize
5.2MB

Download
memory/240-2888-0x000001DAF34A0000-0x000001DAF355A000-memory.dmp

Filesize
744KB

Download
memory/2536-1-0x0000019DFBE60000-0x0000019DFBF2E000-memory.dmp

Filesize
824KB

Download
memory/2536-0-0x00007FF8ECA53000-0x00007FF8ECA55000-memory.dmp

Filesize
8KB

Download
memory/3196-72-0x000002B4653C0000-0x000002B4653E2000-memory.dmp

Filesize
136KB

Download
memory/3196-2467-0x000002B465560000-0x000002B46556A000-memory.dmp

Filesize
40KB

Download
memory/3196-2469-0x000002B4674E0000-0x000002B4674F2000-memory.dmp

Filesize
72KB

Download
memory/3768-2945-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-4204-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-4295-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-2953-0x000002C2FA260000-0x000002C2FA26E000-memory.dmp

Filesize
56KB

Download
memory/3768-2952-0x000002C2FA290000-0x000002C2FA2C8000-memory.dmp

Filesize
224KB

Download
memory/3768-2950-0x000002C2FA0A0000-0x000002C2FA0A8000-memory.dmp

Filesize
32KB

Download
memory/3768-2949-0x000002C2F6F30000-0x000002C2F6FC0000-memory.dmp

Filesize
576KB

Download
memory/3768-2948-0x000002C2F61E0000-0x000002C2F61F0000-memory.dmp

Filesize
64KB

Download
memory/3768-2946-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-4082-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-3620-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-2944-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-2924-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-3517-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-3974-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-3121-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-3949-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-3155-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-3165-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-3068-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-3919-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-4225-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-4237-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-3182-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-4256-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/3768-4257-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/4500-2917-0x000001D75F5D0000-0x000001D75F6E1000-memory.dmp

Filesize
1.1MB

Download
memory/4928-2968-0x00007FF90B800000-0x00007FF90B801000-memory.dmp

Filesize
4KB

Download