47310c56561c49371d9365b765792aacb7613c8ad566e3f6aec43aa8517e041f

Resubmissions

20/02/2025, 10:26

250220-mgk2kssrbl 9

20/02/2025, 10:13

250220-l868fssmds 8

20/02/2025, 09:48

250220-ls8rcasjaw 10

20/02/2025, 09:41

250220-lnzymsskgn 10

Analysis

max time kernel
295s
max time network
299s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250218-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250218-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
20/02/2025, 09:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

qr-code.png
Size

21KB
MD5

48405ae35cd148c57494edc4bac3d387
SHA1

8032d3501fcecd4cd50259d24835ca6bc2996164
SHA256

47310c56561c49371d9365b765792aacb7613c8ad566e3f6aec43aa8517e041f
SHA512

928ff81abf044e238cfc21b06b543673baa2198ef852bc20a7fbf58aacfa3df16c4458632714f308a4841070a6478f20f737cb65c1cef423d83ef287c657e670
SSDEEP

48:sQGcxn8CTL6QT0KNHcRtWSt5SmVjCuqJXkYQEB11ov5N:HLnFL6QTZNHQWRmVjck/21S5N

Score

10^/10

defense_evasion discovery execution themida trojan

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 1520 created 3596	1520	Solara.exe	57

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
5264	powershell.exe
5456	powershell.exe

Downloads MZ/PE file 1 IoCs

flow	pid	Process
354	2992	firefox.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000\Control Panel\International\Geo\Nation	BootstrapperNew.exe

Executes dropped EXE 2 IoCs

pid	Process
1804	BootstrapperNew.exe
5748	Solara.exe

Loads dropped DLL 2 IoCs

pid	Process
5748	Solara.exe
5748	Solara.exe

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x00070000000280e9-2881.dat	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

flow	ioc
187	camo.githubusercontent.com
190	camo.githubusercontent.com
195	raw.githubusercontent.com
197	raw.githubusercontent.com
198	raw.githubusercontent.com
201	raw.githubusercontent.com
372	pastebin.com
189	camo.githubusercontent.com
192	camo.githubusercontent.com
371	pastebin.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
5748	Solara.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1520 set thread context of 6220	1520	Solara.exe	102

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4992_986506055\LICENSE	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4992_986506055\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4992_986506055\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4992_986506055\manifest.fingerprint	msedgewebview2.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\SystemTemp	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4992_986506055\keys.json	msedgewebview2.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\BootstrapperNew.exe:Zone.Identifier	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Solara.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133845182981497849"	msedgewebview2.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556327730-4249790997-552795783-1000_Classes\Local Settings	firefox.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Solara.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\BootstrapperNew.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1960	mspaint.exe
1960	mspaint.exe
1520	Solara.exe
1520	Solara.exe
1520	Solara.exe
1520	Solara.exe
5264	powershell.exe
5264	powershell.exe
5456	powershell.exe
5456	powershell.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe
5748	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4992	msedgewebview2.exe
4992	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 56 IoCs

description	pid	Process
Token: SeDebugPrivilege	2992	firefox.exe
Token: SeDebugPrivilege	2992	firefox.exe
Token: SeDebugPrivilege	2992	firefox.exe
Token: SeDebugPrivilege	1520	Solara.exe
Token: SeDebugPrivilege	1520	Solara.exe
Token: SeDebugPrivilege	2992	firefox.exe
Token: SeDebugPrivilege	2992	firefox.exe
Token: SeDebugPrivilege	2992	firefox.exe
Token: SeDebugPrivilege	5264	powershell.exe
Token: SeIncreaseQuotaPrivilege	5264	powershell.exe
Token: SeSecurityPrivilege	5264	powershell.exe
Token: SeTakeOwnershipPrivilege	5264	powershell.exe
Token: SeLoadDriverPrivilege	5264	powershell.exe
Token: SeSystemProfilePrivilege	5264	powershell.exe
Token: SeSystemtimePrivilege	5264	powershell.exe
Token: SeProfSingleProcessPrivilege	5264	powershell.exe
Token: SeIncBasePriorityPrivilege	5264	powershell.exe
Token: SeCreatePagefilePrivilege	5264	powershell.exe
Token: SeBackupPrivilege	5264	powershell.exe
Token: SeRestorePrivilege	5264	powershell.exe
Token: SeShutdownPrivilege	5264	powershell.exe
Token: SeDebugPrivilege	5264	powershell.exe
Token: SeSystemEnvironmentPrivilege	5264	powershell.exe
Token: SeRemoteShutdownPrivilege	5264	powershell.exe
Token: SeUndockPrivilege	5264	powershell.exe
Token: SeManageVolumePrivilege	5264	powershell.exe
Token: SeImpersonatePrivilege	5264	powershell.exe
Token: 33	5264	powershell.exe
Token: 34	5264	powershell.exe
Token: 35	5264	powershell.exe
Token: 36	5264	powershell.exe
Token: SeDebugPrivilege	5456	powershell.exe
Token: SeIncreaseQuotaPrivilege	5456	powershell.exe
Token: SeSecurityPrivilege	5456	powershell.exe
Token: SeTakeOwnershipPrivilege	5456	powershell.exe
Token: SeLoadDriverPrivilege	5456	powershell.exe
Token: SeSystemProfilePrivilege	5456	powershell.exe
Token: SeSystemtimePrivilege	5456	powershell.exe
Token: SeProfSingleProcessPrivilege	5456	powershell.exe
Token: SeIncBasePriorityPrivilege	5456	powershell.exe
Token: SeCreatePagefilePrivilege	5456	powershell.exe
Token: SeBackupPrivilege	5456	powershell.exe
Token: SeRestorePrivilege	5456	powershell.exe
Token: SeShutdownPrivilege	5456	powershell.exe
Token: SeDebugPrivilege	5456	powershell.exe
Token: SeSystemEnvironmentPrivilege	5456	powershell.exe
Token: SeRemoteShutdownPrivilege	5456	powershell.exe
Token: SeUndockPrivilege	5456	powershell.exe
Token: SeManageVolumePrivilege	5456	powershell.exe
Token: SeImpersonatePrivilege	5456	powershell.exe
Token: 33	5456	powershell.exe
Token: 34	5456	powershell.exe
Token: 35	5456	powershell.exe
Token: 36	5456	powershell.exe
Token: SeDebugPrivilege	1804	BootstrapperNew.exe
Token: SeDebugPrivilege	5748	Solara.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
1960	mspaint.exe
1960	mspaint.exe
1960	mspaint.exe
1960	mspaint.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe
2992	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4524 wrote to memory of 2992	4524	firefox.exe	87
PID 4524 wrote to memory of 2992	4524	firefox.exe	87
PID 4524 wrote to memory of 2992	4524	firefox.exe	87
PID 4524 wrote to memory of 2992	4524	firefox.exe	87
PID 4524 wrote to memory of 2992	4524	firefox.exe	87
PID 4524 wrote to memory of 2992	4524	firefox.exe	87
PID 4524 wrote to memory of 2992	4524	firefox.exe	87
PID 4524 wrote to memory of 2992	4524	firefox.exe	87
PID 4524 wrote to memory of 2992	4524	firefox.exe	87
PID 4524 wrote to memory of 2992	4524	firefox.exe	87
PID 4524 wrote to memory of 2992	4524	firefox.exe	87
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 2280	2992	firefox.exe	88
PID 2992 wrote to memory of 4816	2992	firefox.exe	89
PID 2992 wrote to memory of 4816	2992	firefox.exe	89
PID 2992 wrote to memory of 4816	2992	firefox.exe	89
PID 2992 wrote to memory of 4816	2992	firefox.exe	89
PID 2992 wrote to memory of 4816	2992	firefox.exe	89
PID 2992 wrote to memory of 4816	2992	firefox.exe	89
PID 2992 wrote to memory of 4816	2992	firefox.exe	89
PID 2992 wrote to memory of 4816	2992	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

cURL User-Agent 8 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	388	curl/8.9.1-DEV
HTTP User-Agent header	391	curl/8.9.1-DEV
HTTP User-Agent header	393	curl/8.9.1-DEV
HTTP User-Agent header	394	curl/8.9.1-DEV
HTTP User-Agent header	377	curl/8.9.1-DEV
HTTP User-Agent header	382	curl/8.9.1-DEV
HTTP User-Agent header	384	curl/8.9.1-DEV
HTTP User-Agent header	386	curl/8.9.1-DEV

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3596
- C:\Windows\system32\mspaint.exe
  "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\qr-code.png"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1960
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    3⤵
    - Downloads MZ/PE file
    - Subvert Trust Controls: Mark-of-the-Web Bypass
    - Checks processor information in registry
    - Modifies registry class
    - NTFS ADS
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2992
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 27448 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {551dafcb-cd17-4751-9366-e153a1cf1ba5} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" gpu
      4⤵
      PID:2280
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 27326 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {783ac568-24a9-416f-94b5-1db0d2cc4291} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" socket
      4⤵
      Checks processor information in registry
      PID:4816
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3344 -childID 1 -isForBrowser -prefsHandle 3352 -prefMapHandle 3360 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f219774-2da8-4b5d-bbb5-639fee8a5a37} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
      4⤵
      PID:1356
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3812 -childID 2 -isForBrowser -prefsHandle 3932 -prefMapHandle 3928 -prefsLen 32700 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77737fa4-c14d-4ea7-b5bb-b19a71a05e17} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
      4⤵
      PID:3940
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4760 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4780 -prefMapHandle 4776 -prefsLen 32700 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fcefc41-5c7a-4930-bcac-273289267aa5} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" utility
      4⤵
      Checks processor information in registry
      PID:3056
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5300 -childID 3 -isForBrowser -prefsHandle 5288 -prefMapHandle 5284 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4d1ee2f-4069-43cd-8311-1216ee1312c1} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
      4⤵
      PID:1760
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5524 -childID 4 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed8539c2-8927-4a6d-9bd9-12789bfda0f4} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
      4⤵
      PID:1728
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 5 -isForBrowser -prefsHandle 5636 -prefMapHandle 5640 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c2d7414-42c5-4af2-88a9-ec81965f8418} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
      4⤵
      PID:752
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6044 -childID 6 -isForBrowser -prefsHandle 6036 -prefMapHandle 6032 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8280669-dac7-49e2-973e-82c71804289e} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
      4⤵
      PID:3088
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3848 -childID 7 -isForBrowser -prefsHandle 4128 -prefMapHandle 2820 -prefsLen 28348 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {936d0bef-52ab-4206-b6e4-4fa13c3924b8} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
      4⤵
      PID:2204
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6948 -childID 8 -isForBrowser -prefsHandle 6940 -prefMapHandle 6936 -prefsLen 28388 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31873ce1-c70e-48bc-87c1-04a61482d034} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
      4⤵
      PID:4516
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7092 -childID 9 -isForBrowser -prefsHandle 7100 -prefMapHandle 7104 -prefsLen 28388 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {051dd875-a130-4672-9284-bf2b26967ae2} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
      4⤵
      PID:4016
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7884 -childID 10 -isForBrowser -prefsHandle 7892 -prefMapHandle 7896 -prefsLen 28388 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abbf3313-5784-457f-9ce5-8a9353760634} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
      4⤵
      PID:3172
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8028 -childID 11 -isForBrowser -prefsHandle 7736 -prefMapHandle 7752 -prefsLen 28388 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df2ebe1c-023e-49c5-ab01-a912673bf70a} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
      4⤵
      PID:6680
  - - C:\Users\Admin\Downloads\BootstrapperNew.exe
      "C:\Users\Admin\Downloads\BootstrapperNew.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:1804
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command "Get-MpPreference | Select-Object -ExpandProperty ExclusionPath"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5264
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command "Add-MpPreference -ExclusionPath 'C:\ProgramData\Solara'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5456
    - - C:\ProgramData\Solara\Solara.exe
        
        "C:\ProgramData\Solara\Solara.exe" --bootstrapperPath "C:\Users\Admin\Downloads" --bootstrapperExe "C:\Users\Admin\Downloads\BootstrapperNew.exe"
        5⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Executes dropped EXE
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5748
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=5748.4044.4568452223236264418
        6⤵
        Drops file in Windows directory
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:4992
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x1a0,0x1a4,0x1a8,0x17c,0x1b0,0x7ffc8a44b078,0x7ffc8a44b084,0x7ffc8a44b090
        7⤵
        
        PID:3792
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1852,i,9255761599630085661,16338947857510448863,262144 --variations-seed-version --mojo-platform-channel-handle=1848 /prefetch:2
        7⤵
        
        PID:6884
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2104,i,9255761599630085661,16338947857510448863,262144 --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:3
        7⤵
        
        PID:3776
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2348,i,9255761599630085661,16338947857510448863,262144 --variations-seed-version --mojo-platform-channel-handle=2364 /prefetch:8
        7⤵
        
        PID:4988
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3608,i,9255761599630085661,16338947857510448863,262144 --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:1
        7⤵
        
        PID:6140
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=4932,i,9255761599630085661,16338947857510448863,262144 --variations-seed-version --mojo-platform-channel-handle=4948 /prefetch:1
        7⤵
        
        PID:1708
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=5044,i,9255761599630085661,16338947857510448863,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:8
        7⤵
        
        PID:5720
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8036 -childID 12 -isForBrowser -prefsHandle 7056 -prefMapHandle 8236 -prefsLen 34398 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {748fdcdf-1d18-4bbb-9022-0836ad8587ab} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
      4⤵
      PID:1904
- C:\Users\Admin\Downloads\Solara\Solara.exe
  "C:\Users\Admin\Downloads\Solara\Solara.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1520
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6220

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:1092

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Solara\Microsoft.Web.WebView2.Core.dll

Filesize
557KB

MD5
b037ca44fd19b8eedb6d5b9de3e48469

SHA1
1f328389c62cf673b3de97e1869c139d2543494e

SHA256
11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197

SHA512
fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b

Download Submit
C:\ProgramData\Solara\Microsoft.Web.WebView2.Wpf.dll

Filesize
50KB

MD5
e107c88a6fc54cc3ceb4d85768374074

SHA1
a8d89ae75880f4fca7d7167fae23ac0d95e3d5f6

SHA256
8f821f0c818f8d817b82f76c25f90fde9fb73ff1ae99c3df3eaf2b955653c9c8

SHA512
b39e07b0c614a0fa88afb1f3b0d9bb9ba9c932e2b30899002008220ccf1acb0f018d5414aee64d92222c2c39f3ffe2c0ad2d9962d23aaa4bf5750c12c7f3e6fe

Download Submit
C:\ProgramData\Solara\Monaco\combined.html

Filesize
14KB

MD5
2a0506c7902018d7374b0ec4090c53c0

SHA1
26c6094af2043e1e8460023ac6b778ba84463f30

SHA256
cad1e2eef6e20e88699fac5ef31d495890df118e58c86fc442ea6337aac7a75a

SHA512
4a9856512e7866b8623565886e5f3aebf15c824cb127e24be9afa2a5501a83fa95d209875a8777566bcac9973b38881e18caf6ad160c8d01366a508cafc2164b

Download Submit
C:\ProgramData\Solara\Monaco\index.html

Filesize
14KB

MD5
610eb8cecd447fcf97c242720d32b6bd

SHA1
4b094388e0e5135e29c49ce42ff2aa099b7f2d43

SHA256
107d8d9d6c94d2a86ac5af4b4cec43d959c2e44d445017fea59e2e0a5efafdc7

SHA512
cf15f49ef3ae578a5f725e24bdde86c33bbc4fd30a6eb885729fd3d9b151a4b13822fa8c35d3e0345ec43d567a246111764812596fd0ecc36582b8ee2a76c331

Download Submit
C:\ProgramData\Solara\Monaco\vs\basic-languages\lua\lua.js

Filesize
5KB

MD5
8706d861294e09a1f2f7e63d19e5fcb7

SHA1
fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23

SHA256
fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42

SHA512
1f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f

Download Submit
C:\ProgramData\Solara\Monaco\vs\editor\editor.main.css

Filesize
171KB

MD5
6af9c0d237b31c1c91f7faa84b384bdf

SHA1
c349b06cad41c2997f5018a9b88baedd0ba1ea11

SHA256
fb2cbf2ee64286bc010a6c6fe6a81c6c292c145a2f584d0240c674f56e3015b0

SHA512
3bda519fed1cfa5352f463d3f91194122cf6bf7c3c7ab6927c8ca3eea159d35deb39328576e7cbd982cfdf1f101b2a46c3165221501b36919dbde6f1e94bf5ff

Download Submit
C:\ProgramData\Solara\Monaco\vs\editor\editor.main.js

Filesize
2.0MB

MD5
9399a8eaa741d04b0ae6566a5ebb8106

SHA1
5646a9d35b773d784ad914417ed861c5cba45e31

SHA256
93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18

SHA512
d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8

Download Submit
C:\ProgramData\Solara\Monaco\vs\editor\editor.main.nls.js

Filesize
31KB

MD5
74dd2381ddbb5af80ce28aefed3068fc

SHA1
0996dc91842ab20387e08a46f3807a3f77958902

SHA256
fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48

SHA512
8841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e

Download Submit
C:\ProgramData\Solara\Monaco\vs\loader.js

Filesize
27KB

MD5
8a3086f6c6298f986bda09080dd003b1

SHA1
8c7d41c586bfa015fb5cc50a2fdc547711b57c3c

SHA256
0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9

SHA512
9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
619KB

MD5
91f5d6abf1fc57cb3e6222f10c51bff1

SHA1
fd1183ba06cf793f12de674d8aa31bd8bfbe1172

SHA256
c48c486f8655d33b4b0d7fc169adf5cbc964c723161953ef5877e99e45833840

SHA512
4538dc6b1c0c21f09fcce5a496538c25cbbc88bd5bb484806fa9426753691df7d798882085be0bdf4ee542da793c04a0d45675265a6ced2f4ea61b691909597a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
4a079777673625d6b2431cf1c2a2c1ad

SHA1
176eafd3f12814596dcb8906bd9e577ed540646b

SHA256
31be075aa6b74b90d744b4cd8cd69d8973eb0291406c1cd6e0e66a79295b5029

SHA512
118440851e75e0cf34a46a1a2a400a90578c865651b2e47e7982283ffaf6e2aa6101575328d2ea602ea60c439ac7e10d8257e30e7ca804bd617145b70b743c98

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
f5e8fdace0376068aef9be5aa89b0a2a

SHA1
b3b63b307dbc4b5ce3b5529cb61614ebbf83ce2b

SHA256
c3c062ce037753522b6a3e96c9dd2da15a442905650ad2d8db79458855b11f8b

SHA512
8ad8d1f9ceae6edeac9cf6dc5dc33be3227bebb746302df3cb5358093fd624bbac70da96d18babd514e87e6010edba1dd262e0df3e5899f3c4ed26f6ebb8826b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
b9b0f4aaa00dcf6d37e0bc21ab306482

SHA1
fdada438e20f3502c5cfb5854e0c35ea99b4a662

SHA256
d9a77164b501666869374d2f0cf35d94cf29c80c6027266072af1d4576e1bab8

SHA512
054d9a16c96dbe477c3a860ac081e686c15cc1ab9786b6363402337f6b0e440862c2742b6ab7d3c1601f207a13d183227c393187680c15cb200f0f830d53a1be

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
1KB

MD5
9d136072f0cb455151f9b2f213b062d3

SHA1
2a261b82c87b00a98477c5ed210b39462d7be96a

SHA256
6eb25245233dad23428c615a3b520e3095820e39afe7f6628ff2872e0f8748ed

SHA512
7ad65c89d40f9d32bd725ca6c44d2be8ac0d08f55b0c2101ddde75e339f132ca7e40e4e2fdf2edddb767e7f551f1e2b322831619cdbaf8e3a96b1f56605c3320

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe5ba4c8.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\TransportSecurity

Filesize
858B

MD5
03a09ad84681b6fa9ed0afa77bcd1739

SHA1
3e847aa1f4c87c0c644d8bcb3519e25414a49651

SHA256
fd0d84a83f6591002e9dcb7af07e97fe1df8f9836f0de86e19dddb0fbf6c42a1

SHA512
4472cea84d1a3b3e82f3df557b48e3c35c4d47c23bb195fb1aec79d6faf1335df97e479faf563f7e72b2817f05340ba62e09b831cfd7af86385bd81e119cb6aa

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\TransportSecurity~RFe5b077e.TMP

Filesize
858B

MD5
f8ac2b3339c05e2f51bac4d6a0f72da4

SHA1
e3507b8b125849eb3e8dc9022e2fe2dd17c07818

SHA256
2c186a3afdc1368affb3cd722e8df739f75c66bdb74d1954d426cdbca2085005

SHA512
329d786176c7e35be2fcf27339f74d18176285880aba86442060fe97b56f6fd48fcf5f00ad91ea285ca1d92c2dda08617eb449b8c5d4bf7e1e0a584bb126ca18

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
67f7e4b998590d38760ad459d5cfc553

SHA1
31c6abfd50f951abc33469a4ed97af1bbe71cb7c

SHA256
b90f95469be9c23fbb4a9ee925bb111e172dae165ffea5b919678934de676e3d

SHA512
e13c2e11688ae655175b8d1f8e9b5f70f714bf55d7fd7cb6ef5de8d8a1be4ad34500745e1308bb6628d9e4f2f58022008c46215548aeb3390f138754690599f6

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
5119a114d2b0263c9d868834d714a360

SHA1
b67b29ff055896da53e0ca4bf8714387b5ce22d9

SHA256
b1ed37daf2983600e7fe2edf48af6e017fa4a5ce484ec27705d5d8c546afc6d0

SHA512
2739427f0b0e8db57ae2ec81a9316064c8517703ee68e99736df5cad12d10c8ea8c493565bde73f589a070ac7e21f74d58305597657bd2f61c3c96563b06e2f8

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
158da9528c816fdf4f95055958b42c22

SHA1
c7d85be92887da889f8a2e672fa3e8d7b0a17875

SHA256
7b78b68aff73434c177645880a4a1456bfc580691fe1ff49b19a2da85c81e96a

SHA512
eca063618f18f1addcf7c6fa0566b2bc622a4ea3785c6d1b68dadaadf6706484cff0d13ec909ebcb503e37ac3f0eb2320ef6823cc3586f28c9dfca36135d02ea

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences~RFe5b0694.TMP

Filesize
6KB

MD5
1e9f67a0f1013dcf5f8f6cb718755105

SHA1
a3d4ee12c69cc845ce77dde8dcb41aebcf731f75

SHA256
e2ab25082dfc6f07566693b6e52f254127cbf6c4fbeaedbde10d65e33eac15c0

SHA512
ec92b21d993589dfe9c0cc3387f6f2cc500fd496e241aff421a502b873934db0a63cc1466dfd91becedbb5936dadb55949ba12890ff14fa25cfadff18ac95a58

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
89cc7d43cabe93d849c8c4d16e3daddc

SHA1
bd9f6a4030d378cb012b6edbc4330a1b1bb8bcef

SHA256
aa9b1283e02164ac24644ef75e0cdfeb5c3485556a53e7646b9466f7d76ccd8a

SHA512
8f9cd365a42d22143851288d6dd34ea73ff04a749463caa789a3cbc5162e482b942cd960169993706e97642840913b7bbae258731d3cf51c80ae75b50541f827

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
2KB

MD5
953ca94b64a4d50afd14d6cb2276e58a

SHA1
6f2764a1d1032cd8cfd9958198768df0d0733207

SHA256
ae12b0c90f28815eb97eb83dc5c91d19d2227dcc57c80347bd2485e92ab6a5fa

SHA512
99ca84f425cc501fe40acdcb5e5f4067d24aeca51a75cc70e48699b4a3ae55272ad60d831c9cdb80bf2db543ce178faa1d858a1696f100008ca8cca98033f079

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
0647a2ba33b40dd66e6dbd16cea225bf

SHA1
9e332c29f13f4069f0844aa84faf0a9a2660d21e

SHA256
c40cd074eccf6882162d74d63252c7dc753ea4acc45818dca0dbf7870f6f6bc6

SHA512
e9c0b8d90bda84a1e3b2b9fd93ce0be819bba5c0e36bda1a5d71c38ab1452f6b8a2a7615d13735ce79579c739a03b59170e0fd436022c5dcfff02da8db8bcb9a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
d9df2e87931261d25be3912b0d8995cb

SHA1
1001959b85d44200774c777cc72a20ce6cf40a71

SHA256
bb16e0a036a196ae9a115dd4d180feca466aae03d790479647396caa325518f0

SHA512
3e9155c627b1735a14f535e6f9ecaa4e105b10b9615f89740ddd2cbabf24288d806ba03e2691505d807af348e04319ea0e872daf66a0a64946de74632bceb697

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe5a9106.TMP

Filesize
1KB

MD5
f9c5f861542d5b4125998f28ac1870e2

SHA1
586c2d4bd347f1118aa35e54f2f052b8405abaa1

SHA256
5d8e7d6b49ac3199da06e9a332e2f179f15464022575e3e8683b52372c4387bb

SHA512
0a9957f0adad774385767352de96434084e8c8d8613cfe4ba958c06c26fa9ee4f6d3624efb998898cf012563003cfc58a4ce458a2881643c6a6fe758a9db280c

Download Submit
C:\ProgramData\Solara\SolaraV3.dll

Filesize
6.4MB

MD5
fd5fbbc0cb077f4e0cf0a95c4a4ae159

SHA1
e0a5dee5b66c63888dac139eb45def546db30f33

SHA256
4427f0651a65b4cb1499b9d150d47795547be6592f8fb5c0553e34be20d7113c

SHA512
72f2e6dcf20e5c96fad112ad6a6e3611b8a018e2bd7340fd78c74f6b67b1bd8e2cecfec4abcfbf0024d9c682f6d50c54c27ea18ac3c1836b46896f3f45f99570

Download Submit
C:\ProgramData\Solara\WebView2Loader.dll

Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
35f6f7dce4b40edb4d8fde2efb97f2d2

SHA1
8521f4604bce0443a7565a16231e0549eb6712e9

SHA256
8d4d0d42997af6194af00873aeef846818f8900c09650a77ff8436c3df454780

SHA512
bdd5bfdb51afd116eb397e3b1b963f9bbc393b2a27a0c1d421b4b9ad1f7fd95bfcff45f6965a698d6cc7cc236be63b8e4573c47810c80d92131adea94cf3c55a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R1YHJKSF\76561199824159981[1].htm

Filesize
25KB

MD5
a2ad64f6f849293e12e4a2517944bfc4

SHA1
0c3e5f538272a474caea9d5feb360c95782ae756

SHA256
0825062476fcadcfd6ef8c0af1b628e74604bcae60c8b0e11247547bcbca41c9

SHA512
67b9986af29f67f75d411476c7f488510809b99397c0cc9bffc9c3f8446fb9e83b5ddc185e6435f3ac29a911f8f7b76047491155dafeb5070cb6a64362554c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R1YHJKSF\76561199824159981[1].htm

Filesize
34KB

MD5
3cfbf08de7520afd5f9becaa8f84f2db

SHA1
05f226b6f56def173b7eda95a61591cec70a89d2

SHA256
8cea01aa313fcd47fd4ff081c8d81f3498f4fcadf17f0457b6c231fe4e5b21bb

SHA512
8d9d813f28ae33f2c7d9c78a03d75e28669a2234a16ec0cc57bd190d0244e454f1ba2edd9655bfffd4bd0e28b87e00ac0ab44011ce66a0f4790c3aa3acfe22f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0dabbd90458b35a712198360ecf21670

SHA1
1f9b354af1f69d6e51c690fdee82d42be0d72ed2

SHA256
dbb8aaf893115b2e73e29415a90214e9e9132a8a0cf235eadbe3d5479a14ccdf

SHA512
fe5500b642007eb56b640727b2b37e3b38467002580d56fd506d7641b8f1af37a54a720f151f61ac771c7e02f167c6c76a79490752744a90a564b93ab0796566

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5k8zi25l.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
412341793beed9753a8e33ab56fbf64a

SHA1
42a7104bbf7951e85dd7a4cc35a9e89c89c88ea1

SHA256
027631dc7c1685510135a57ea256fd39c10f1fdb7a61ae969a974a12515498a1

SHA512
a2459f3c4da2831df91d9f67fa2e91158b139caaa5f2097a91b07ecfa97a4c05f326cccbc40a938ed2691b88a7145f9d303032e04a2a18c271def5b7c53b7b01

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5k8zi25l.default-release\cache2\entries\40A8F58CFC1A23A6BAE836E45F467F9B93975806

Filesize
41KB

MD5
3086e6ad6332d3ec198a234241136ebc

SHA1
5c09b7c497323afd44d36c87d572bb6fefb36c33

SHA256
cf7c9d3c7b97123ea96bff4c5304ae0de5c11702e7d30073f5fecca0464c20ef

SHA512
c049ecd631ab0cc52fb25323a93494acf74e850cedc7c7726ffce963902377523e86643dfc72dbad81200310d264dd14661dfdf376d1107445f057d2bcdee084

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5k8zi25l.default-release\cache2\entries\7AF7A604CA95F1FB77C870254FFCE9DF73D36FCB

Filesize
108KB

MD5
70f4abdd9cd48fd2cdb1fcc622e32c63

SHA1
4df4d218fbc289f380cf18880c3df7faba6bc0b3

SHA256
31649aff3fee619b9d712a1a35e6f9a4f1773135c0b981b051e33a5800be5e1f

SHA512
f8fee35afed060865398a0566216c43679f056726c0e89e98e0450ea67ad20b01acaafaabd5ab4af0e0e1e757cdd1ac4cec4dd564d2181b2b420a357a5a43752

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5k8zi25l.default-release\cache2\entries\ACCA57C2AA87DA93BA001327F9BD79D85D71BED2

Filesize
47KB

MD5
1a073064e87e6afe36203fceb692444e

SHA1
24c523f5bef8d7c389527e904f1b22412cafdf0e

SHA256
df2e809393a2e9c6613166bac0cc35d12f3339154206dc4c6292bab3883115aa

SHA512
a88447b0e64755653f0b1d51210c055a2504f1086bd71749891a1e88b59ae999a611785226e80f0f12339b5c36b9f4d65991fa3228f71975551be81514f41345

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5k8zi25l.default-release\cache2\entries\E65CF1F04385CFCDB57F6FEE3EFB5E21B96018BC

Filesize
34KB

MD5
75f97df756446947e4808c4ed0b09f3e

SHA1
b318625493601db5dc3f98d226e9913d07af6da5

SHA256
44966f74b5a5ffa31a2ad57b337f0a8ca9923daefe3fdf736d831839a9b5691f

SHA512
035816c29dbcf84e36eab153201cb33980f37283e866389f4aa8c00dac166e447ef528c4892252f9241131adb14fdb0e528567c96b0037817316277b54031e43

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5k8zi25l.default-release\cache2\entries\F2DB04E8874EA787BF267112F15627EC783C459C

Filesize
43KB

MD5
c33a849798e60ade5fd35a1415f15e0d

SHA1
d1aba545bb609f5446c19fed1eb957e0c1e318ec

SHA256
b4d1b47206edd163a8fd3b663b07104b4c9592b655454279077166b0187b868b

SHA512
104ee6231488f52a3122b08a81d67e75a2b71caedf123fb016e46694d9159c8b35da07799bb30d4d9012e837a76fae464c1da9825738ff4162ea940b7c2df250

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5k8zi25l.default-release\cache2\entries\F970AF1849D195B8B07D40E8A83C8733C69FEAE0

Filesize
16KB

MD5
f4e68cbf2258e6c76c725228e3d93a62

SHA1
ec8e539fbfbe08b8ad909a47eb75c1e68e160159

SHA256
122ed2e506ec89b6ae4a3a7536c066b24a7a8a05d5408ebabe7b849f439fa7f5

SHA512
ab3b878d5a4247d3134752aac8fe22243e8ed7ba2a73bd2ab66f514ce4fd7518a00fb4378f5ec532840e63fa551a2aecd44c0389772c64477423b1e672b9b0f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hluxrxqb.b0n.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-2

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\AlternateServices.bin

Filesize
8KB

MD5
acdc42b46d205b14a3f8a1295b0cf556

SHA1
5cc82a8adbf7ceeac01638405720deac549880c9

SHA256
e0aafe8141a0e8b65ccfa13a12ab0870762d8436b1c5f3f2035cf61c26b1dbc1

SHA512
caac935c94709c1b1b6124360281b5e139150f946ed681b6bf01fc17139fb6384cf90fb17296522c3e9f086d4f3b9ff20551c4276bcbc356eab586f6cbc01406

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\AlternateServices.bin

Filesize
12KB

MD5
1e2255bf10f6ea65970d17b96903fe0d

SHA1
e2ed24a257cad8c83fcf78ea9eb2f6f2b86ff87a

SHA256
1413bc100a027044fdacb0c343030e6f195cf6cfca637aec78f74a60f82db9bc

SHA512
8eeed2af065dea0d32c2d9ca27978ecbae6b1d8bc45ef8d6e1e2d88b9fe63c9ed47392d89b23c3e73c0b35eea56cab9ebe73bd02b4b333e8f3cc0e8b56be4551

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
79e495f2fc62d3bfd0af536431fcb87c

SHA1
4a0b5545c20e3f6d411af7f6a62ccb56445501d8

SHA256
d9ef104ce30c1025a3a50211d5c90f5b0878a7a3e509bbd06ee7972b278f4c43

SHA512
80af589472f1d86ecffb8e26ce757044aad3363e00f7da8fbf0a1a67bf32c52e475d8a6eaadbd30588d0ec38ed64001e06adb5b2ce18a3e2e92db7723c95781b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
54b37f091f7a49f814948209f4a2a3f3

SHA1
16f0d2959d7e05c1a7124a2d66d95e81157d8a42

SHA256
ac903519e545c72d36a916033f74ed67353b34962aa2bac2a9a4609d76f489a1

SHA512
97d142c5a8f490e94480311f3ed2aeb5004eac7868ebf82ca0ebb9871e81a03402bd0b9cb2807662388fbad3f657649fbe6b4827feb8353266359aafa83ab1fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\datareporting\glean\db\data.safe.tmp

Filesize
40KB

MD5
7aea2e6205f52a9865a8dc09a9913d4f

SHA1
0bee6140b96c38c78edec30123aa867e23488acb

SHA256
d96c6d09b2c7a4675b63468b791470b0ab858f4ac4168f41268471bbe558fb4c

SHA512
aa00a647ef569456dc1a69e11dfb0149991c556a1a3f1bfb139d71dad37bce48ea82891a2311fc724c4cfcebec7ff109b4bf5f5eeee1ea8f9e2663da464464f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\datareporting\glean\pending_pings\3800cf36-38ab-45fd-8b03-a0fa52d2090d

Filesize
982B

MD5
2b124654e46b7973c6e60670f7f50f91

SHA1
9be8d5dd7ab0d7b6705c126ff2e4caea81b72916

SHA256
912f9049fc712c1f87e620e3e97f76ce6ee0f3a84896ec473d1bf086f623ce2c

SHA512
98c57f0945c5124fce1d1b82d4f0916b84ab329f6fd1aafe01ff7b37a72a21644119c3dc089d7e321c882e043c62461b7569dc2cd4be3f39154fcefe2dca4b33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\datareporting\glean\pending_pings\ba0420c4-7fe3-4709-a0b3-1cf01a0bfc44

Filesize
671B

MD5
a0cf6764b6bf7719f13320cc5c5c1fd4

SHA1
cb5f5a495dc798925d77e075dd161ae8e2fb6542

SHA256
1472b305b045ec0493b59423ec813e57ba84c16df89613504c979e9e1f85751f

SHA512
f4cbae04daa9af6ccea3ef900cd7a69b96ff55bb40c2df7ad005cee8eb30e8798822703eb19a8d6387ee4086c57fbb69727f0b63e446fd883baff73dba421775

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\datareporting\glean\pending_pings\c7b8c52b-73e0-4f16-8fe4-d54a3ba60ce0

Filesize
27KB

MD5
04d49625b5777547e9be92870b1a5e8c

SHA1
d1e146036dd90cf8dd97c527d97d0f930390bad4

SHA256
6a2f6ef711874b01fdfc475c9c789ea8ac4ea0f0607a04c7036cebd31a326d83

SHA512
2185aba7047468d9331c0e380021a7d083ec06b0a60a598ee17a3840e7fde8b431346d943bf622b5f29dc7d6fd42a83b5a9126cc42bfad666fc6cbf17cef85a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\prefs-1.js

Filesize
11KB

MD5
3b2c7b7a43dd0fb4e3362713ccbe76b9

SHA1
f90944dd6244a5600fb4853fcef8d2c2839c6b59

SHA256
7c80b946d0fd99821cc521a727bb2b0f44a90593aabad8dad4ff7c6b27f643e2

SHA512
5deb0fed5102d4269d97fe727f31fff33453207be233ac19c4372d218152adb83cfbb1eb56ac74056e317b6e46aa4ce152f856e0895ea9d2930e1ac0bb0d8c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\prefs-1.js

Filesize
11KB

MD5
10e3f34f18170c2d8771eff9802a3f59

SHA1
00fb229195820ba67bc9d7967d54dd24a029a324

SHA256
08501216953b783b03b8651f709f34c4140cda777abc85c136136038b186bf83

SHA512
19bc927cc4e5e305322deb6da5f1da91244678d61c6dabcf66aaae943be035e4616ba00f9410961410ab94c7b02ffca9943dd4b9793e5d62a8221dd9d2e48799

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\prefs.js

Filesize
9KB

MD5
4eb6ccc9e3d0333cf70d82e39675a77b

SHA1
25e98dd4290ff178e939ebb7e6e49ace19cb44aa

SHA256
6461e6d42bf2a05ba1f27c747d81ead5db5c75b2f2f2bf6fda6d7c1ce4020b01

SHA512
10d75a8cdcafca1a14e2b44543b9cfb79076b4e2f27535986a6fdca3f1319da026944fa1ef103f6bf60cde56ba37c17e285863bbd9095206b780e483eca45706

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\prefs.js

Filesize
9KB

MD5
a946893d3febb62aa8c04c8c7d7e4a82

SHA1
a26e5e47de212a4336bb8555302e58779579ccc3

SHA256
eb7f82d637416866fc7fa9ba0968f523ef95d48d4e2abf462ab5cdbd4998cfc0

SHA512
922d43a3f475375b023c543e8ff9cc75de1224fa0387808123941f2cea38d3b215be8c207ef862c3f49dce73deb77d2e858b5d963881f1dfacee0ad0e22d93ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
c3eeb9580e6cb4235a39205f3e961796

SHA1
dd813d9fe8bb343196d5b164f1bdfd3694ee29b2

SHA256
798f9785caf09f6d97c12c96222e3fbc9ee7ce66aedc574e4da5025531196d54

SHA512
9e1037e1019bb70a1f07c5c9041d392ca099454e2e1e956d2b4b5139d8a0e9c18617bcf7dde462a9691ca9e0ba98773813e0cb076b9fc6b9059f4d8aae791a12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
583184ffb04080dbdd283cac3baf1df3

SHA1
df9ca4c5d43bb32507477b386d969ee991aa16cd

SHA256
9604f8b0b4013243bbd81d158fbe60d8e50b25e12977d9eda46d55b5025b309e

SHA512
b6dae8e68217184a30dcb547f8cbfaf28d2e3a0733c755bd6ef00f3585f4b05cb08007309330dfb16e0aa01abe094cd47bda032bbbaf37a8454046a6e3a06ee7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
119f50894c3caa6a4dfbd875dcb7f12d

SHA1
f1fe9eb63f19ffbe6b06ed5e1d781387c06aff72

SHA256
3efb1a134ef68468a661709d8aea303af50b5e47158eb0d10cf970297c4944ae

SHA512
4799b3d4686914d4b1a8cd8384a5fa86f4e4aed951449150b63f712a3938ff70540f7844f776090f39b9a47f7d786802afa8c3249654c16837f7ea03daca7068

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\sessionstore-backups\recovery.baklz4

Filesize
21KB

MD5
62e2d379047a1f9df200e12fe016114e

SHA1
8e56a6e0144fac013150a32bcf280ee7d539736a

SHA256
8a60516afd5d40036fdd4b3e836fd4c97ce84e52f1ec42a571357dde609de212

SHA512
291eeed729f9da38dc930f6ec564c49d799f47d4a01f9130f544dc7b26d1faf01d6d99beeff360768e4f5b74e2cbfebe9a09cf38a50bffe4faf0c4a85c44c1ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
b9e4de0816d58c1c53fb9b08a3869212

SHA1
e60f28f2bb8546541778d086f9a83e34e8821760

SHA256
c6efb8377faf95b87abbd90ac4eb88e44d43fad08205a9560b8938a682ceedbd

SHA512
32eadd5cea6c4dc78d44aa4d823dc9647e3504a84189b459f96e9c4a079f463abbec1dd75c5c2b450326c0c7ea129d7a7e3556907f70d43a37c6443e2d982ae8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
21e0cfcd37542f0cb6e634e6687bc422

SHA1
eb8b79a53abb2cb4a54ab97f905b1b4f00aea240

SHA256
d7ec89426ae23829b5560cc581079e2f50796c62ac99f9d69cfb1acdbf5aa16a

SHA512
c700dfbed7c30ec9d5d701aedbfea081e9746d37b566cfd20c40844733eeeb90adb4a0af8eff35f3f90bcfdf2e0555a677b39680713c4d6ff9c264fd25538da4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\sessionstore-backups\recovery.baklz4

Filesize
40KB

MD5
ea4d917af19e7aace828d819285a1205

SHA1
40f8a06addb25ec342a352a6e3db9a524207f7ba

SHA256
7c2d7be3607aa341e24dc75302349b5c4fbe61c2e47a1f26fcc975df60dc383e

SHA512
4ddbf8c8c1f0b65485daca7067da37e8870d7be09ea97b9be3eb85a457892759c24a33e20977e03500a7b800bdbfc1704bb4ba96687426773ff766502016469a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
a1fdbf467540d4977c22d4e21ac2e124

SHA1
9183833ee806af187a01508addfdac74ec8273f4

SHA256
731af6ead9aa9c2432ba615d55664f8e5836e68cb30879650068abf4c4e35bda

SHA512
d4283d18ffb63533cf37b52ff3a53019a915167d3b8d8ea7dfac75697fe8f08f6abc84bdf6843314f13ef894da11a7515b4de9f4f19fa3ded57df1714e13e055

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5k8zi25l.default-release\storage\default\https+++wearedevs.net\cache\morgue\187\{94747e43-c6b6-4e57-82e2-4fbe661a21bb}.final

Filesize
968B

MD5
d4eaa2ca1163d919a635c18684df676d

SHA1
80d805c1724eae282d9fa5131d752b939b495c69

SHA256
b41fa304a88900715374d97bec6cbc31c0f1f3b6d225b930edc639db324edc45

SHA512
a62da191b9565387c125a0ec22c5b8555658081dbc9ca56f2d05c2e5772ad2a24d187cd8dd0209aebb8aacabf28634413b97f32f802a33728b979701e14f8f7e

Download Submit
C:\Users\Admin\Downloads\BootstrapperNew.D3WPjLRn.exe.part

Filesize
2.9MB

MD5
f227cdfd423b3cc03bb69c49babf4da3

SHA1
3db5a97d9b0f2545e7ba97026af6c28512200441

SHA256
cb5d6c1ca0aa6232a2d55e14b20ac4a9945a0bd063c57d60a5ed3ae94160e3e8

SHA512
b10afd03b02a928545c16fad39a6ae46b68b1e1a2477a6990803ce80008e7161fb2ebc9380ba15a1b074bb436aa34bcd6c94a922933d438b1c22489717e1e10e

Download Submit
C:\Users\Admin\Downloads\Solara.Yo65Pv2A.zip.part

Filesize
6.6MB

MD5
e07b1998f3c7eb234c6444ac5ffefb3b

SHA1
35b3b141821957450103d202db85d79b8fc4f3bf

SHA256
1ab9a50d12a6077fa8b9296845b97d7216c9500a4cdd0ccfef238d8968f04698

SHA512
2baadb9720d3cb94a6fac97165f67e2b51cd20efde26e6c46201b3e098cadd9a20e14d06766ad1f1215186a7df1286d5b5e0711acb25222baddcea640857f5fc

Download Submit
memory/1520-897-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-909-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-899-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-895-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-893-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-891-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-889-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-2182-0x0000000005390000-0x00000000053F6000-memory.dmp

Filesize
408KB

Download
memory/1520-887-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-2183-0x0000000005400000-0x0000000005464000-memory.dmp

Filesize
400KB

Download
memory/1520-885-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-905-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-859-0x0000000005160000-0x000000000526C000-memory.dmp

Filesize
1.0MB

Download
memory/1520-903-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-911-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-913-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-2184-0x0000000005460000-0x00000000054AC000-memory.dmp

Filesize
304KB

Download
memory/1520-881-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-879-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-877-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-915-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-907-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-917-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-875-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-873-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-919-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-872-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-922-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-869-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-923-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-867-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-883-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-863-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-858-0x0000000004EC0000-0x0000000004FCC000-memory.dmp

Filesize
1.0MB

Download
memory/1520-861-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-865-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-857-0x00000000003D0000-0x0000000000590000-memory.dmp

Filesize
1.8MB

Download
memory/1520-856-0x000000007459E000-0x000000007459F000-memory.dmp

Filesize
4KB

Download
memory/1520-860-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1520-2185-0x0000000005D70000-0x0000000006316000-memory.dmp

Filesize
5.6MB

Download
memory/1520-2186-0x0000000005550000-0x00000000055A4000-memory.dmp

Filesize
336KB

Download
memory/1520-901-0x0000000005160000-0x0000000005267000-memory.dmp

Filesize
1.0MB

Download
memory/1804-2804-0x000002DFB9590000-0x000002DFB95AE000-memory.dmp

Filesize
120KB

Download
memory/1804-2639-0x000002DFFA460000-0x000002DFFA46A000-memory.dmp

Filesize
40KB

Download
memory/1804-2629-0x000002DFDB7E0000-0x000002DFDB7F0000-memory.dmp

Filesize
64KB

Download
memory/1804-2634-0x000002DFFA450000-0x000002DFFA45A000-memory.dmp

Filesize
40KB

Download
memory/1804-2636-0x000002DFFA4F0000-0x000002DFFA4F8000-memory.dmp

Filesize
32KB

Download
memory/1804-2630-0x000002DFFA3F0000-0x000002DFFA3F8000-memory.dmp

Filesize
32KB

Download
memory/1804-2632-0x000002DFFA440000-0x000002DFFA44E000-memory.dmp

Filesize
56KB

Download
memory/1804-2637-0x000002DFFB400000-0x000002DFFB416000-memory.dmp

Filesize
88KB

Download
memory/1804-2638-0x000002DFFA4E0000-0x000002DFFA4EA000-memory.dmp

Filesize
40KB

Download
memory/1804-2635-0x000002DFFA4B0000-0x000002DFFA4D6000-memory.dmp

Filesize
152KB

Download
memory/1804-2612-0x000002DFDB140000-0x000002DFDB422000-memory.dmp

Filesize
2.9MB

Download
memory/1804-2807-0x000002E000060000-0x000002E000072000-memory.dmp

Filesize
72KB

Download
memory/1804-2805-0x000002DFFFFE0000-0x000002DFFFFEA000-memory.dmp

Filesize
40KB

Download
memory/1804-2633-0x000002DFFB300000-0x000002DFFB400000-memory.dmp

Filesize
1024KB

Download
memory/1804-2802-0x000002DFC75B0000-0x000002DFC7662000-memory.dmp

Filesize
712KB

Download
memory/1804-2640-0x000002DFFB430000-0x000002DFFB438000-memory.dmp

Filesize
32KB

Download
memory/1804-2631-0x000002DFFA470000-0x000002DFFA4A8000-memory.dmp

Filesize
224KB

Download
memory/5264-2778-0x0000024F438E0000-0x0000024F43902000-memory.dmp

Filesize
136KB

Download
memory/5748-3100-0x0000022A370D0000-0x0000022A370EE000-memory.dmp

Filesize
120KB

Download
memory/5748-2865-0x0000022A177E0000-0x0000022A17880000-memory.dmp

Filesize
640KB

Download
memory/5748-2867-0x0000022A324D0000-0x0000022A32A0C000-memory.dmp

Filesize
5.2MB

Download
memory/5748-2868-0x0000022A31F90000-0x0000022A3204A000-memory.dmp

Filesize
744KB

Download
memory/5748-2870-0x0000022A32050000-0x0000022A32102000-memory.dmp

Filesize
712KB

Download
memory/5748-2877-0x0000022A321A0000-0x0000022A32230000-memory.dmp

Filesize
576KB

Download
memory/5748-2872-0x0000022A194E0000-0x0000022A194F0000-memory.dmp

Filesize
64KB

Download
memory/5748-3099-0x0000022A39250000-0x0000022A392C6000-memory.dmp

Filesize
472KB

Download