hxxps://github[.]com/quivings/Solara/blob/main/Files/Solara[.]Dir[.]zip

Analysis

max time kernel
507s
max time network
509s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
01-07-2024 06:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/quivings/Solara/blob/main/Files/Solara.Dir.zip

Score

9^/10

discovery evasion themida

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Executes dropped EXE 6 IoCs

Processes:

Bloxstrap-v2.6.1.exeRobloxPlayerBeta.exeBloxstrap.exeRobloxPlayerBeta.exeBloxstrap.exeRobloxPlayerBeta.exe

pid process

4804 Bloxstrap-v2.6.1.exe
2004 RobloxPlayerBeta.exe
5880 Bloxstrap.exe
4108 RobloxPlayerBeta.exe
6044 Bloxstrap.exe
4432 RobloxPlayerBeta.exe
Loads dropped DLL 3 IoCs

Processes:

RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exe

pid process

2004 RobloxPlayerBeta.exe
4108 RobloxPlayerBeta.exe
4432 RobloxPlayerBeta.exe

pid	process
4804	Bloxstrap-v2.6.1.exe
2004	RobloxPlayerBeta.exe
5880	Bloxstrap.exe
4108	RobloxPlayerBeta.exe
6044	Bloxstrap.exe
4432	RobloxPlayerBeta.exe

pid	process
2004	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe

Themida packer 23 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral1/memory/860-308-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-320-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-319-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-321-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-484-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-526-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-530-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-598-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-654-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-841-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-922-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-1014-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-1076-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-1095-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-1131-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-1160-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-1176-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-1261-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-4744-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/860-5001-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/6472-5415-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/6472-5555-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida
behavioral1/memory/6472-5616-0x0000000180000000-0x0000000180B0D000-memory.dmp	themida

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 20 IoCs

Web Service

T1102

Processes:

flow	ioc
4	raw.githubusercontent.com
51	raw.githubusercontent.com
76	raw.githubusercontent.com
100	camo.githubusercontent.com
102	camo.githubusercontent.com
4	camo.githubusercontent.com
103	camo.githubusercontent.com
104	camo.githubusercontent.com
109	raw.githubusercontent.com
176	raw.githubusercontent.com
183	raw.githubusercontent.com
2	camo.githubusercontent.com
5	raw.githubusercontent.com
50	raw.githubusercontent.com
101	camo.githubusercontent.com
105	camo.githubusercontent.com
2	raw.githubusercontent.com
3	camo.githubusercontent.com
46	raw.githubusercontent.com
177	raw.githubusercontent.com

Suspicious use of NtCreateThreadExHideFromDebugger 3 IoCs

Processes:

RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exe

pid process

2004 RobloxPlayerBeta.exe
4108 RobloxPlayerBeta.exe
4432 RobloxPlayerBeta.exe

pid	process
2004	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 62 IoCs

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.exeRobloxPlayerBeta.exeRobloxPlayerBeta.execd57e4c171d6e8f5ea8b8f824a6a7316.exeRobloxPlayerBeta.exe

pid	process
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
6472	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
4432	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
2004	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedgewebview2.exemsedgewebview2.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Modifies registry class 64 IoCs

Processes:

Bloxstrap-v2.6.1.exefirefox.exefirefox.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\roblox\URL Protocol	Bloxstrap-v2.6.1.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\roblox\DefaultIcon	Bloxstrap-v2.6.1.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\roblox\shell	Bloxstrap-v2.6.1.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "6"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\roblox\shell\open\command	Bloxstrap-v2.6.1.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\roblox-player\DefaultIcon	Bloxstrap-v2.6.1.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\roblox-player\shell	Bloxstrap-v2.6.1.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\roblox	Bloxstrap-v2.6.1.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\roblox-player	Bloxstrap-v2.6.1.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\roblox-player\URL Protocol	Bloxstrap-v2.6.1.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Pictures"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\roblox-player\shell\open\command	Bloxstrap-v2.6.1.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\roblox\shell\open	Bloxstrap-v2.6.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000c71d209b5fbcda01b0044e9d5fbcda01974067be5fbcda0114000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	Bloxstrap-v2.6.1.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe\" %1"	Bloxstrap-v2.6.1.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe"	Bloxstrap-v2.6.1.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Pictures"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\roblox-player\shell\open	Bloxstrap-v2.6.1.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Downloads"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\roblox\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe"	Bloxstrap-v2.6.1.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

RobloxPlayerBeta.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	RobloxPlayerBeta.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	RobloxPlayerBeta.exe

NTFS ADS 4 IoCs

Processes:

firefox.exeBloxstrap-v2.6.1.exefirefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\Solara.Dir.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Bloxstrap-v2.6.1.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe\:Zone.Identifier:$DATA	Bloxstrap-v2.6.1.exe
File created	C:\Users\Admin\Desktop\index.jpg:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

cd57e4c171d6e8f5ea8b8f824a6a7316.exemsedgewebview2.exemsedgewebview2.exe

pid	process
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5228	msedgewebview2.exe
5228	msedgewebview2.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
5460	msedgewebview2.exe
5460	msedgewebview2.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

firefox.exe

pid process

6728 firefox.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedgewebview2.exemsedgewebview2.exe

pid process

3888 msedgewebview2.exe
6696 msedgewebview2.exe

pid	process
6728	firefox.exe

pid	process
3888	msedgewebview2.exe
6696	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

Processes:

firefox.execd57e4c171d6e8f5ea8b8f824a6a7316.exeBloxstrap-v2.6.1.exeBloxstrap.exefirefox.execd57e4c171d6e8f5ea8b8f824a6a7316.exeBloxstrap.exe

description	pid	process
Token: SeDebugPrivilege	2612	firefox.exe
Token: SeDebugPrivilege	2612	firefox.exe
Token: SeDebugPrivilege	2612	firefox.exe
Token: SeDebugPrivilege	860	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Token: SeDebugPrivilege	2612	firefox.exe
Token: SeDebugPrivilege	2612	firefox.exe
Token: SeDebugPrivilege	2612	firefox.exe
Token: SeDebugPrivilege	4804	Bloxstrap-v2.6.1.exe
Token: SeDebugPrivilege	5880	Bloxstrap.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6472	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Token: SeDebugPrivilege	6044	Bloxstrap.exe
Token: SeDebugPrivilege	6728	firefox.exe
Token: SeDebugPrivilege	6728	firefox.exe

Suspicious use of FindShellTrayWindow 18 IoCs

Processes:

firefox.exemsedgewebview2.exeBloxstrap-v2.6.1.exeBloxstrap.exefirefox.exemsedgewebview2.exeBloxstrap.exe

pid	process
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
3888	msedgewebview2.exe
4804	Bloxstrap-v2.6.1.exe
3888	msedgewebview2.exe
5880	Bloxstrap.exe
6728	firefox.exe
6728	firefox.exe
6728	firefox.exe
6728	firefox.exe
6728	firefox.exe
6728	firefox.exe
6728	firefox.exe
6696	msedgewebview2.exe
6044	Bloxstrap.exe
6696	msedgewebview2.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

firefox.exeBloxstrap-v2.6.1.exeBloxstrap.exefirefox.exeBloxstrap.exe

pid	process
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
4804	Bloxstrap-v2.6.1.exe
5880	Bloxstrap.exe
6728	firefox.exe
6728	firefox.exe
6728	firefox.exe
6728	firefox.exe
6728	firefox.exe
6728	firefox.exe
6044	Bloxstrap.exe

Suspicious use of SetWindowsHookEx 21 IoCs

Processes:

firefox.exefirefox.exe

pid	process
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
6728	firefox.exe
6728	firefox.exe
6728	firefox.exe
6728	firefox.exe
6728	firefox.exe

Suspicious use of UnmapMainImage 3 IoCs

Processes:

RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exe

pid process

2004 RobloxPlayerBeta.exe
4108 RobloxPlayerBeta.exe
4432 RobloxPlayerBeta.exe

pid	process
2004	RobloxPlayerBeta.exe
4108	RobloxPlayerBeta.exe
4432	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 3092 wrote to memory of 2612	3092	firefox.exe	firefox.exe
PID 3092 wrote to memory of 2612	3092	firefox.exe	firefox.exe
PID 3092 wrote to memory of 2612	3092	firefox.exe	firefox.exe
PID 3092 wrote to memory of 2612	3092	firefox.exe	firefox.exe
PID 3092 wrote to memory of 2612	3092	firefox.exe	firefox.exe
PID 3092 wrote to memory of 2612	3092	firefox.exe	firefox.exe
PID 3092 wrote to memory of 2612	3092	firefox.exe	firefox.exe
PID 3092 wrote to memory of 2612	3092	firefox.exe	firefox.exe
PID 3092 wrote to memory of 2612	3092	firefox.exe	firefox.exe
PID 3092 wrote to memory of 2612	3092	firefox.exe	firefox.exe
PID 3092 wrote to memory of 2612	3092	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 668	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 2520	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 2520	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 2520	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 2520	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 2520	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 2520	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 2520	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 2520	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 2520	2612	firefox.exe	firefox.exe
PID 2612 wrote to memory of 2520	2612	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/quivings/Solara/blob/main/Files/Solara.Dir.zip"
1⤵
- Suspicious use of WriteProcessMemory
PID:3092

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/quivings/Solara/blob/main/Files/Solara.Dir.zip
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.0.1517788324\1281836767" -parentBuildID 20230214051806 -prefsHandle 1824 -prefMapHandle 1816 -prefsLen 22164 -prefMapSize 235091 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eded3380-bb0a-41cd-8806-a5d04b27e403} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 1760 189950f6d58 gpu
3⤵
PID:668

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.1.859657618\876703487" -parentBuildID 20230214051806 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23015 -prefMapSize 235091 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7e4fa49-db59-4b0a-99bf-612667bf9cbe} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 2424 18981e88f58 socket
3⤵
- Checks processor information in registry
PID:2520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.2.895893669\1149063424" -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 2944 -prefsLen 23053 -prefMapSize 235091 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3045ee68-9fdc-4459-88e6-1383609a9bba} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 2688 18999155158 tab
3⤵
PID:4064

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.3.84894209\1609361179" -childID 2 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 27612 -prefMapSize 235091 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfbed5c7-90af-447f-9a0c-567c02416b75} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 3636 1899be18c58 tab
3⤵
PID:4932

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.4.1381203265\117115362" -childID 3 -isForBrowser -prefsHandle 5220 -prefMapHandle 5216 -prefsLen 27536 -prefMapSize 235091 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fabe5233-d1bd-440c-a6e6-1d39123b8341} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 5232 1899dd35958 tab
3⤵
PID:2444

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.5.268790148\963758421" -childID 4 -isForBrowser -prefsHandle 5364 -prefMapHandle 5372 -prefsLen 27536 -prefMapSize 235091 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3089d7a-fefc-4ff0-bc6f-8d35192f7559} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 5448 1899dfa0258 tab
3⤵
PID:4396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.6.1987587389\66720340" -childID 5 -isForBrowser -prefsHandle 5448 -prefMapHandle 5480 -prefsLen 27536 -prefMapSize 235091 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a37189d-9055-41bb-87a1-1bac9b5a7cf4} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 5212 1899dfa2058 tab
3⤵
PID:1440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.7.5293774\635804639" -childID 6 -isForBrowser -prefsHandle 4488 -prefMapHandle 4492 -prefsLen 27841 -prefMapSize 235091 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {333dac77-fb15-4cb0-924b-9e8b58280afa} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 2792 18981e79558 tab
3⤵
PID:5612

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.8.1762238584\1071335386" -childID 7 -isForBrowser -prefsHandle 3216 -prefMapHandle 5036 -prefsLen 27920 -prefMapSize 235091 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {285c6354-4e8a-46e6-9a34-3262120bf0f8} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 4964 1899cf93158 tab
3⤵
PID:6072

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.9.1949860372\119736444" -childID 8 -isForBrowser -prefsHandle 5252 -prefMapHandle 5912 -prefsLen 28056 -prefMapSize 235091 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {600b08d0-567f-44f0-8bc8-e1edc98ba7d9} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 5240 1899f825058 tab
3⤵
PID:6060

C:\Users\Admin\Downloads\Bloxstrap-v2.6.1.exe
"C:\Users\Admin\Downloads\Bloxstrap-v2.6.1.exe"
3⤵
- Executes dropped EXE
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4804

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" --app -channel production
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies system certificate store
- Suspicious use of UnmapMainImage
PID:2004

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2788

C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:860

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=860.4560.18205599391363986746
2⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:3888

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x190,0x7ff8c0b03cb8,0x7ff8c0b03cc8,0x7ff8c0b03cd8
3⤵
PID:1564

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1916,9666602617342244423,12534285858955821453,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
3⤵
PID:5216

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,9666602617342244423,12534285858955821453,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2188 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5228

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,9666602617342244423,12534285858955821453,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2508 /prefetch:8
3⤵
PID:5328

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1916,9666602617342244423,12534285858955821453,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
3⤵
PID:5660

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,9666602617342244423,12534285858955821453,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4964 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5460

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1916,9666602617342244423,12534285858955821453,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3216 /prefetch:8
3⤵
PID:4716

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1916,9666602617342244423,12534285858955821453,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1648 /prefetch:8
3⤵
PID:5556

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1916,9666602617342244423,12534285858955821453,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=908 /prefetch:2
3⤵
PID:6000

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1916,9666602617342244423,12534285858955821453,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3240 /prefetch:8
3⤵
PID:2304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5556

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5880

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" --app -channel production
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of UnmapMainImage
PID:4108

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6544

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:6728

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6728.0.813303306\2121760970" -parentBuildID 20230214051806 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 22406 -prefMapSize 235178 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce0bc8b0-14a5-4e9d-8b57-4de02623703f} 6728 "\\.\pipe\gecko-crash-server-pipe.6728" 1760 27795a27358 gpu
3⤵
PID:1912

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6728.1.1313041333\1981517774" -parentBuildID 20230214051806 -prefsHandle 2188 -prefMapHandle 2184 -prefsLen 22406 -prefMapSize 235178 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {218c5afb-0795-49f5-9269-25fa7208c573} 6728 "\\.\pipe\gecko-crash-server-pipe.6728" 2208 2778228a858 socket
3⤵
PID:1552

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6728.2.2016196182\1585378644" -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3136 -prefsLen 22802 -prefMapSize 235178 -jsInitHandle 1340 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1feb3de5-e906-46f8-bb63-ee7f88afd3f4} 6728 "\\.\pipe\gecko-crash-server-pipe.6728" 3160 27799935e58 tab
3⤵
PID:1856

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6728.3.327958695\379509742" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 2988 -prefsLen 28268 -prefMapSize 235178 -jsInitHandle 1340 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17a9f737-fb56-4793-a0a3-97d88f1bf912} 6728 "\\.\pipe\gecko-crash-server-pipe.6728" 3588 2778227ab58 tab
3⤵
PID:7004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6728.4.332399625\69387386" -childID 3 -isForBrowser -prefsHandle 4984 -prefMapHandle 4908 -prefsLen 28268 -prefMapSize 235178 -jsInitHandle 1340 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {985edf94-8d5d-4aaa-8f1f-7358d0ecb300} 6728 "\\.\pipe\gecko-crash-server-pipe.6728" 4896 2779e276c58 tab
3⤵
PID:948

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6728.5.449934066\1823786494" -childID 4 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 28268 -prefMapSize 235178 -jsInitHandle 1340 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20793d53-978a-4a73-bc96-fdfc397650c0} 6728 "\\.\pipe\gecko-crash-server-pipe.6728" 5092 2779e274858 tab
3⤵
PID:2044

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6728.6.285376257\1228848606" -childID 5 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 28268 -prefMapSize 235178 -jsInitHandle 1340 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26237a1c-8f8c-44c9-8098-d84b617e95dd} 6728 "\\.\pipe\gecko-crash-server-pipe.6728" 5296 2779e275158 tab
3⤵
PID:2860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6728.7.1285210486\642413020" -childID 6 -isForBrowser -prefsHandle 5848 -prefMapHandle 5844 -prefsLen 28427 -prefMapSize 235178 -jsInitHandle 1340 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19f7bc35-eabb-4341-813f-e01ef80fe647} 6728 "\\.\pipe\gecko-crash-server-pipe.6728" 5860 277a01cdb58 tab
3⤵
PID:3188

C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:6472

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=6472.2280.5633719440031472998
2⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:6696

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x1a4,0x7ff8c0b03cb8,0x7ff8c0b03cc8,0x7ff8c0b03cd8
3⤵
PID:6456

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1884,1217085640153715891,11845432389093685560,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
3⤵
PID:6776

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,1217085640153715891,11845432389093685560,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2088 /prefetch:3
3⤵
PID:6816

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,1217085640153715891,11845432389093685560,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2644 /prefetch:8
3⤵
PID:5672

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1884,1217085640153715891,11845432389093685560,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
3⤵
PID:5260

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,1217085640153715891,11845432389093685560,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4612 /prefetch:8
3⤵
PID:4200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3740

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6044

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" --app -channel production
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of UnmapMainImage
PID:4432

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
328B

MD5
c786907f9d0336f4919aca31f26257e4

SHA1
667b52470722f549830658edddf94a21fc8a4275

SHA256
499633619cbcd3961c746d148c3d834f3e0227e9a469cd8b7b1b7ab5e163397a

SHA512
9e16329e39a63d1996ea739df5afc2bcd593ba58e6bd560c3508eed21e9e25074757999ba1aaff508b904a798099e85b77d4b6d2451c478cf01dade281a284a8

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Modifications\ClientSettings\ClientAppSettings.json
Filesize
79B

MD5
eab6dcc312473d43c2fa8cc41280d79c

SHA1
b4e9ec7e579d06dfcaa5ac616de2751308a153c3

SHA256
0a27d3c9100ab7ab6f03c45daeb0f0cd586f3aeb59daf7986e853f9614e954fe

SHA512
1ce0fdc237110d644bcc8238f184554f25813ccf7142fd312ce96fbb6659081db677b04485bf66d52100136da6bb9688e48b1287455725c7b4950153aa2a4595

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Settings.json
Filesize
602B

MD5
8c163da85c0ef3babf7d0cdde874769b

SHA1
797b04679be2a8d4150115170a4b35ca58001b4b

SHA256
d4751e0899e6e73e934a5297e69cb57dd31752415fbbeaa14a2010ce608c4cb1

SHA512
88155cc76ea4d2dd60e0d4141405cc5b405d208b9fcf037530b3750d7b482c9c09d8e71d8add68af3500f6bde5689e7d2489c7e8d88cf3440677dc390ee06037

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\State.json
Filesize
299B

MD5
e1d564e628c33ee2e4bed6b3ad7785ab

SHA1
a251f820d9047d1bd875117dbcd06630c687eb63

SHA256
522ae8f407d397ab1f1235dc9f128d26bef439d93dc91a6bf8b1dba0ec617bda

SHA512
a599bd3b9863921543a17580b8c21c4b148a5cd26e723893b9c684d7709c4f4a71f069e1cf0b5225a80c10d089d40e9c79325979b6d8ab46ac5f7ddee1c959bc

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.dll
Filesize
16.7MB

MD5
6dfc619af29b1bce46cc55f2f1dd82e4

SHA1
e39ccb51a7e456df074f505193f7371046a51c29

SHA256
72e88ee5395bc66d252042e2fa975a39cff8c3ed2152ba661aacf6b997ba755d

SHA512
379e38a57b17cc417e949ff4ead79980d0b6829f33774d5b0e7a2e36c9247686b12a3c0915123f68e891310a594672ade26d247946213919b7ab972ec6eae495

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\sounds\ouch.ogg
Filesize
6KB

MD5
9404c52d6f311da02d65d4320bfebb59

SHA1
0b5b5c2e7c631894953d5828fec06bdf6adba55f

SHA256
c9775e361392877d1d521d0450a5368ee92d37dc542bc5e514373c9d5003f317

SHA512
22aa1acbcdcf56f571170d9c32fd0d025c50936387203a7827dbb925f352d2bc082a8a79db61c2d1f1795ad979e93367c80205d9141b73d806ae08fa089837c4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\activity-stream.discovery_stream.json.tmp
Filesize
32KB

MD5
6a6c06f5b9580c3a11bc02ae3138c927

SHA1
5a4e77a62d9f976ddd356ec6c3ac4721e162156f

SHA256
e4493b35709351923c66d31cffd0fc3467840c3f083eea28f4257a58b6e5aa8b

SHA512
de7341884338172a551edaf477fe7d981ba2ad1c307b3bc2358bf5df7e1347dc2ad555ad73e8214c9c882eb91e49ee2acd3f82617b7244672a40a291dabc73a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\doomed\16215
Filesize
12KB

MD5
ac9ad58931ce6bde5922dbf6f8182efc

SHA1
6eb36861b990478e619335bfe6e88f6a775d7dcf

SHA256
85a7fbf2b988b83d18a2cd7b5ce4702b41bbd304a2ad569cb17cf11ced28d6c2

SHA512
0109f21992a2cecaf96f02d7c8cc7076f2a8a888d8f0d0448eedb331490dc0b0e6e3ec833fbc1c2d5a8e99adb1a804415b63cb352b872e0eaaf5af6198b3ed74

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\doomed\17849
Filesize
13KB

MD5
d94eea3f756ef75bf99934d01eccf440

SHA1
b92a45801a33f65955a46a0269d7f2a326daec7a

SHA256
f024b07020c1f2c8afdfcb3d38627eaa7150c6579abef8fca1718deaf5206d8c

SHA512
11d0519fcbacf8e12c5eec44162d051ce2eb6f161f508ad2d56da3270cef77c6f17936dd3c9379f9b68780359d07af821ad156b2184716ce430d7e65d799c5b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\07E58126644AEAE01A2252933A750571586D823D
Filesize
38KB

MD5
2ac1ec2d9a3ac4e71b7359a3c62dee5f

SHA1
95c86faa544420d86b7dc0f99dedaebba2d0e105

SHA256
122989dc7b34b33de870dd2604a817c8f9c62ae36803e1c1de47fa455b7af698

SHA512
11756f6314f377009e5d152aa1046d2938225c983a78888f05d403389af4e2200008639b6642eb0ffb50ec9e57fa8f532e86f3188ca9517866b111a6e08f6a49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\2B1DFB3BF62868D7BE390097837204DDA6FC828E
Filesize
33KB

MD5
30312052ea602f2b8cde25d9f2af9981

SHA1
b2156ea887a3ac477b0e21bcddb3d7f010b36857

SHA256
65a20e1a785d7fa9fbf3d49ab4d4a922d9c3466eb67a14190e0210181706269f

SHA512
0b8c369a30f9451e4b81be451c3f0c9daedec9f7b55806ed5183edcb1bfbdb7f7ca5b65277c934c366425a1b3d76c2552fc537804987cc79e8453fed76bfe2cb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\31ADA5AEA1733ABA619E19CAC0860A68F74D2FA8
Filesize
24KB

MD5
0adedb23529b333695219e425b186d35

SHA1
4e1ffbf84aaa22658abb4134aceea4db8f7c558f

SHA256
abd58024d08e8e76553473f9ec2c418392e3d7d2c1525c4f202bb8e1abcbfc43

SHA512
b5a3023e9383a4906c40660717eccaf7a3d5331735b8ec3a7f2f7399a84a94c1607f86f92fe6a1540ec4e134b01dfa699e683aef1b8548367cb38609de4201c4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\44836238049E96471D6554497813EF38374771D5
Filesize
333KB

MD5
287b876af6c494dbc7df92bd152352ff

SHA1
35db671913789d60559650cd20fd18fbb2e8104e

SHA256
4b3842751baa1c71aaf809650d04c521bd37febc06c7b3bd1895229ebfb268bd

SHA512
539fc7ab1fa854a9feb6227d0949d1f637696f52d11949124db5cdfde96353dbe773acb128d87e1c554810f1c0cbdfc7a65d1c227c964cd654d14c1a4c354e08

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
Filesize
13KB

MD5
61ae00d9866fe8b887a903c3e91d90a4

SHA1
db028ec21e891a6c074032ef85d017f17f7ed8c7

SHA256
925a3ba18d7fd5596e7251cfb30899a088a40fd6c8a2b4420f46cdc7f295fa8b

SHA512
865eed8228a3494525881795aaf4c7b533bb7cb9521c6e5cc7a2dda3e763eaca7c823aa846abbb3203c48f81e32de544abf7f4cabb76f7c8e6a95dcd4762d60a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
Filesize
13KB

MD5
da5fcfae809ab64778d7198b50c836d2

SHA1
8e28408828de272ffe5c1d4550f12dd585582a38

SHA256
ce3ca4f1d2286b5a8d330014b6e4fc48df6dd40cffe34184673f02bd2d79443e

SHA512
34c4d59afd305e69216e5f9ac5ea65595e63e2bd0c94e95d697571da354a211498ae6deddb903389e18e3c8956edcb141ef1a8296ae40882b4162f4aeda3f9f3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\68ADA6A2A4F2FDFFC709865AD2629FB4400675B5
Filesize
934KB

MD5
29326694f089a0a0bc91761daf9072a7

SHA1
71133ac5eba7b5db296c1556d94095be43f6ab9a

SHA256
3d3991cf385da01a57254b498a42e388c356d2fb5224304381ba5db7386a1653

SHA512
1a31e9fe5074b00488aa976fcba6db0b6fabf1166c90501bdf2dc3cc88344532f4be4ee8aa1e3f6524dbf81c97ed295688fa35c3dd2bc67f1b9da777eab6e65a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\6C78A8506F2F8019B55A170A2FEA7FD9FC69B12C
Filesize
59KB

MD5
00d882e385d87e05efdebcbab34a1d6d

SHA1
b4f97dc31ad296b7a9c9844355157dad36f6f296

SHA256
9a74ec92c563249ae2d765989c082087d208a580b97c83d5945a466fdbbff0f3

SHA512
99f69ca991843a2280be09f082acfb7b32d8f6df90c6b51674e735243801d232f0b640551acb018303a0231280a21ff376018994e470ec76848289d0c24f8a5e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize
11KB

MD5
f20b9845abb0d59a0e276f92e3e5a619

SHA1
498d2861923bcd66a5f49b2034bf470eb620cce4

SHA256
a5747e97db31a086466781b88acead88b83d79ea1a9707741cc31361e84db482

SHA512
5d8e8a10236a6d3a503477b33a4a20387d103e66482eff2aaedda10abf021df3a7ef0fd7f2036672997e423368eea7cfb319af8612bf30f2067b7b21d5957d2f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\73DA966E898670513B3B93DDBFF6AE8CD81EF48C
Filesize
49KB

MD5
5d99103814daffc88bc6179e9dc6ba0d

SHA1
11e0e4c3f1f7dfca655c5532a1e1822dba81ce6f

SHA256
281eb0d9f90e91aefaa196b51bd1182da5233c1fc77511a53cece7c34050b433

SHA512
f213f565384b822c661aee05651b9787b56c44843e02dc26693cdcc85d5f5303b8b0cfa2e2643521dcddf9744e236ff440d9449a784ff8292c4867d3db08da6e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\7E70ED4B97A34E95EA37C1434415111DA60ADEFA
Filesize
52KB

MD5
6d644e4ba711f94536709eb9bd6092cc

SHA1
644389fdea687bec2766e5514b5e32d91ce71239

SHA256
c24c0cee14380069dbfd939a07ab1a91e39ade4f0c032187a1035ae1a0aeaebf

SHA512
84bbc64e14642ba868314ab272c970d80a237a756c4004f65834b2640b85c9e2a05decd49b7f7901576bf8ebbbfe91dfba86540d991ded631821d844348c7f59

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\88D2DD145122466A8C6F39785D5A392BF5E86A0D
Filesize
39KB

MD5
53fe418525efaf16f3977e2a54e14da3

SHA1
a1fd50e7dcc234ab2784979af1537dc65dc15311

SHA256
f6ef7772ea3a2bea38f19bc59244cfad030f483f7094b38fcdaa1f9fe81d9637

SHA512
8ef61c7dd9d3fb94f4b34a42579cf456921c8d1610da14831ecea2a37d6491cab4a9be2b85c5de5c6e12d5afbf56348537e08111124eefa3a9f6b44113f84f5a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\8F9E247AAE39258ED6C7674972B4FC933A618AA2
Filesize
15KB

MD5
fa5c0e26249ac86edd2318216fafbfc3

SHA1
8ab5d3aabe31fd666fb56d94a4f8e3c4262df54f

SHA256
28ab97f4c2e80c439412d0c2518d04bf15d9059e4c4ebd62ed3f61b232a9b7d1

SHA512
8b3f93a873dfeaf950afe4ac2e85ac56fc974f4ee6371bd3227ed08378a7bd232680baf09e09d86e47afcc2e0986485ee015ccc967a9fe1159189bc4210800cf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\91F31F756AA32DC0823EC30502996894D0DBC749
Filesize
68KB

MD5
2b1a966312099758390373b9dc477189

SHA1
58c551279f554919c1c9c9689affde3ea0807194

SHA256
7b7cfb675ba1258ac69c8afcf978ba25409ccbf2205fc8b30a9f50bc78fd0e38

SHA512
242f581c383a75e4c500607c01fe9c61c30630892231a6aba3f7ebea17ad2339922ed754813b541a50b9c7da7807dd93c141783009e7247f80053b06f184203d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\9C76ED03235B16036B6081E7D29AFDB1DBD86F69
Filesize
65KB

MD5
40ec5c43e154956e17600787f010b3bf

SHA1
b7b9d8bf1f0c570be858c1526b29340ffea68719

SHA256
4e52c14b469ce27700bf495d2c3e8797b9c4ede1d43053e91b9b37025ff7500d

SHA512
e95a16b0be5ee70f42ef4517a7b7e5bb50b2a74dd17eac5ad286ad905fab64efde684f5d6f72a980f0ba605e1587960edd23785fb4656d76a0c59c6701966a95

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\9D052D1DC54D0E3995CAC53B82BA9B60130EBB01
Filesize
75KB

MD5
d440645e93e4c8d90bff880d55ac8b5c

SHA1
9d83fbc37a86102b0f6b366d7f05d3f351470b28

SHA256
37c40c4723bb2085d28832eddae80d2fd8649529872898388a6b1c37b9d69f85

SHA512
d64e4b207560d5ebb15a1566d9188c3370f68239516cf6cbcae9e03055d6d48e25daa319dbcfe4290eb44ef461a54fd2f5d8449f8ab319abfd19b17174f16e75

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\B86B02EAB8400C58B2F4F42B69E218D9C5FB9327
Filesize
45KB

MD5
aa83acc36907b53a42192cf252637c42

SHA1
2d27a820f95aa026bdc92413039f30ba75cb25f5

SHA256
b219692ebda8455f407a69f0159008bd678bb8fddbf64d72d9ac80c834273624

SHA512
83436032bba244fad25a5e029b14e843fc26aa7d1f9a7b7ebc755607fb34226944fdc3affdca4f66722068533c37379a9b04cf2ab228cd84a67b5f90e954507f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\D35C09500437DD22D7C72D16F29F6C78D8E3C45D
Filesize
40KB

MD5
ea2a70410ae43020ade7116ee40fa896

SHA1
210e01bf1a6485d14d42279c3f30ac251d13f3a7

SHA256
55df4e573c429d5b226110b38d180f040d67354732d2096195a5a71a3531d4d5

SHA512
5c3c7a1a813a345c4739d4d8664748c7cf1247dad67b5efed0c41edea82f92aeba4b9dd83f9b3cc111362d7ff0c95f21d4813ed331cdf49074dd6071c508e361

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\F4DB32A33BA8ABD54C2F4557A74CAE91E42459CE
Filesize
36KB

MD5
bf6c850d199d7da44de3b6e7effa39fa

SHA1
c45f6c60c7f42d1612e7da0395ae05787d313adf

SHA256
d459f7e81ce4aa63816f86635cb2fcf96cefd317fd8e34e0d034cdabdd642687

SHA512
44fa17a508ce6264195def77ab9cb964f9e7f8ecbed216f79e8adb30b3cc43f5d1cbe45dc2e145eec2b6776bbba24e803cf3aa7f47cc553dc30779432e3b9234

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\F72B374DC96EDF65EB8F4062EF3DA2023F9F563F
Filesize
46KB

MD5
e7085688e766405eb526c2798775aef8

SHA1
9f7b85385c7d47f179838bda71e912dacebdf527

SHA256
03a7bf25e30b3f9f096a9be4ce1c4a694be4b7c145c684533a2da7f6f3af2c56

SHA512
3ea2deb5dcb351da9d40a2ef58ea1ccf158591ae99bba429b3dc88a426fcfb517d098d406e378119bd074550fdc6e421218b250f6229d62f0f82ddf97d2fe533

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\startupCache\scriptCache-child.bin
Filesize
459KB

MD5
3cd5743d239ea536510c7bac9282963a

SHA1
23b334a505aa4e9a3c43e10c7ba1a4ba67dd3b4a

SHA256
5e864cffe118bee4cd25cc51b39c003b06ddd719c38f5220a97d2fdfb38200ae

SHA512
97dea12bb545a808129f415ea3e3c09d0818af73b18c3e6ac6d10c25f0c731565663d4730d7e8d75c4f8c589bc8174fc0edc90a5d22e53625f15acfc16622985

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\startupCache\scriptCache.bin
Filesize
8.2MB

MD5
947ca547bdda7a642ba2c7166237d7d3

SHA1
3da912bbcfdc7e196728d69042d7903b95a22188

SHA256
11619038e80306b22eb531daac4624ab4fcb24e0538920dd2b8f04274d640876

SHA512
68ceb4e0f90efb37638df38917f57994a8764b9227feb6fb44cd92ec1239c537be9da14d590028094a74ff5bbd2d87addd4c6c58ed4166bc22221a9411838317

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\startupCache\urlCache.bin
Filesize
2KB

MD5
759d56826342aa74f4c24230d74469b1

SHA1
8e94501fe594f41926aa1849bb2609246c60c476

SHA256
e6994b477f227683a0b081734eeefc514568d42001ebc9da5fa3e53c2c220b49

SHA512
e69f0325d0ac96d1e7072ffc52959f6322688948ec7331d8b86e8133447b98898ea3f7395c4de16be90aac0da32b50dee0445176d3b30371cf9b458c3246eee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
Filesize
13.1MB

MD5
1c53ad627bad990dc76ae17efaf7be93

SHA1
3fd84183f5953106aaef6b0f5edd2f058b074e2c

SHA256
8691f4cbe985ff4ad3559e3d9183ffa5e706695533ffe775dbc70080aff420c3

SHA512
9b894d1d81a1e6773798f022c7021b86cd650c45fa019284038ff32b936eb4857f9dcb46fdb7c74890f895c642b6e49894e705f152b893c1caef396ece7818cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms
Filesize
5KB

MD5
91b3f8b584f8d1067db623622c5cd64e

SHA1
7db4524987acdbd7cc489c0db3fd05dc1d8b4b00

SHA256
9c7911bbe72d7ae1aebdd0a47034b297601432c7f8fb2f6595c27d38e6a3602a

SHA512
6143972863d00ce339b31a98ef0bb052cf1729662fa4db7824af50a7bb9befbef310e955ee6d50800c9637f8fe6cfb6f6743b52c461ffd585bd78a9dc170dbc5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
20KB

MD5
e16e3d97d2a92912174b9f0a2d9a6f2d

SHA1
d72d41691e329b67d81762ea7f990298e49ff99c

SHA256
512253742b56fc2b6a6f4386bf5a87d429f3dbf930f78628215e15f3bc6fe507

SHA512
2101588c1283faa5e172de11887a67496b84c9f37cc88cdcdeb4c884ff2902b61f155aaf2524a0ad2cc45df0ec18eeeb5a8e56cb0f264b2908dd36846d8d3a2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\AlternateServices.txt
Filesize
1KB

MD5
d9564d00a12cc90e2ebdd9a1e03b5c1f

SHA1
3e52f92ce30da87fe69dacc922998629764eef3b

SHA256
bfc512c8d093bfcd029bb1b7e2680add84f5d6adca5c27007a67ff0c0c4760e8

SHA512
f18cf4529821375ecda7ec56769ac12ee60bddbcbcb9511d80ff8ddac3d0d11ca290d1fa15f6106055ce2c48645ae8079b19abe5b37ed2f536ecef111e3c7084

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\SiteSecurityServiceState.txt
Filesize
598B

MD5
4778d5bb09c440955b6027a7e0222699

SHA1
92833dd3227ea0773613107f324519d92f86b3cf

SHA256
5f070deccf4b8848a34dd6be9d5a85f7ff1bca76d6b04fa4c053596fd659b045

SHA512
d43bae2ca88e630057367a6f4ad6f77906e84bffedc1683dd43fcb1ab799b7f5f90e7b79634ede5802e112ff30ba345e8874662ba788b65e02abf3f5f0b3ede7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cert9.db
Filesize
224KB

MD5
9938e047d25d923f96b0d4ac8c00c7fb

SHA1
27ef22d21e936b5bab0f7f833b112be0abc9e655

SHA256
fae54dce9e156b491c56eb45cd12a76f7166ab58172f5c56b247f9067207dfc1

SHA512
17740ef91d670bf753882a7cb8dd145fda7d5144da7910a6ba6b1fe7b4f9343848dafcf4bd5f31591fa965f8c5642201ead7b533dac4ed91ac2852c4f0c14e9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cookies.sqlite
Filesize
512KB

MD5
762197efeefaa7b1df8bf591d4df5093

SHA1
90f67116c34ff070251fab03d379e106efeb1e05

SHA256
cdb3f3b2a315bc569f6226c02e942fbe850fbd455ed3e16483b57ca3b3b489f7

SHA512
45b6428f5af97d47c3d59e8301ab59cb8c3b230dad5e32b4ff848943667b61e508bae7fca6530419f34bc47ad6620ed3727b12b9310c0122df56f76c9174c590

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\crashes\store.json.mozlz4.tmp
Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\datareporting\state.json
Filesize
51B

MD5
3e32e2cc1ed028dd8ff9b06f50a4707b

SHA1
b3910351bd8e13ad1479db699cf6fac6544a5bef

SHA256
4a3a666d98e61b5fe06fecac56807137a0fffb4bb71d4c3b16baa8702dde738c

SHA512
4585ee9ec04adf138727cd039a9cbe78db6cf2926f6ce92524312a42efd1250100848a919ec4b833f9a013181ce93734575b86eed37f1bf32effa3237eba84db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\favicons.sqlite
Filesize
5.0MB

MD5
91bc48cc4f45b0d90187229483f4ddab

SHA1
0f2309b7d4193b18fdf8c4a9e185086d0ee8364e

SHA256
fd5ed4018786846ed23ae4332086e30772b5deaa26b733ad5f9d889e2d05da1f

SHA512
f75f7f7231aebe0cd5ffdf7a364cd3baa9e6db2d891290dfb8fcd505b8d217cc760ba50e5627aefc9258edd3ccdc3c250d506dad7778dfbdfb89c0069c3eb3bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\permissions.sqlite
Filesize
96KB

MD5
2acefc4b3b1779b650cb6c0612aaab67

SHA1
639f65e56f034dfa9254998a1a9bf2666bb37bff

SHA256
a9ed1689c7835f4a9607d01212fdab66f38a8b1b37941290b75a48de4e88b01b

SHA512
ceced578d627c68dba506729aaacadd7f74384010d3eed4f093c22bb9c1445357a69f0abc6a21d4916cc1745a3bb4aa1c1eace40034d0f835cb9c70328520e54

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\places.sqlite
Filesize
5.0MB

MD5
fc60d9c50ca7c519ef4e7749285e03e3

SHA1
6f5fc2dfbfe316b4569898a44fcb452b6adce745

SHA256
2bf6b2f7ec74f90b55406feb10fea40216bf798d701f5045b58dcfb28aa592a4

SHA512
fc4524178d1f5eafcfb9d252601ecb81a82b30c3ee6a56d722ccfef5605396ca00f448fd8ca7c8e992180f3627c01148685dbe478906169765c436487e5276e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs-1.js
Filesize
7KB

MD5
92d3136cd067a7310e4423c466103801

SHA1
78d75b62b2017c29f6b3b5feaf537670e6be6afe

SHA256
a9f5dbaab1da7b08d799e91de00283a8f268a0500c7fe8b168b42deb3f9b4433

SHA512
78c927b30dbe591032409ed306870eb8df388a9bc24d4d88ee253089b38b7ab699c0590c9d4ecbeaae4685598185434fb1d3842a29c79075dc5264fce1eb0e3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs-1.js
Filesize
7KB

MD5
cb3a1b12f33b049fe75aebd361adeb84

SHA1
e3a4c2a442bf8100d76008e8c29b9b8eda337c1c

SHA256
cf8724ee41203f60a26b860c94adc2aa6bce1476905d98684682146d58b68282

SHA512
9bd0eebb6cda6755c6fb5669971319862bb61fc87c684c8fe53605ea7b03e1d8d59a5de8df89590ad23eae6251200bfa0760e8523198fdf72009bb3c4a44e9cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs-1.js
Filesize
7KB

MD5
5766d9c18951d3b99678c507a13ab71d

SHA1
66ee6d5cb41eb85e06a83da78d5b9922be1bbf48

SHA256
f6cd4787ca8f34d9965d31cd7e0de03e3fcf40860db1436c4fd2086ee1be89a3

SHA512
6fa1f7c6ec163590b95537f68807f62a91b8e8cd5c2ffff0ef7d17eee22f0b76cd7c2290f4c8afdf9e86df91508506ca81bd21714804d99382c6a694ae7b3116

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs-1.js
Filesize
7KB

MD5
4c62252d978851f129240644ccdb2ffb

SHA1
cf606e4cce57e7f416e8ace52d70c702950eebc9

SHA256
c18e56c3096b90fd6938396b36e5a370793cfea7ce8250da246e3666f9e079cd

SHA512
d5ddc0b0a67fd1939380915f27dbb27195fc77e8327599348f6f933f7c8fc9514c20a74abe22347c0c66e1648481666f8f271ec2dd5cb00d0e05a52503d97682

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs-1.js
Filesize
7KB

MD5
cc5ea0af5cf15c018f8df5893caf4354

SHA1
a3cd9f3521351f720d03449ed30c32f25e561ce5

SHA256
6ac04b80a16c8acfeec402bbaa4d2c3c153806a46886af425c20cda95a33f354

SHA512
e684bfdc2f21bb2b7fc72cfe3b392a5596cd528ac984fd1cc4f96c3014b0a503b65190257a4e46de17bfd1dadfe6fba55778a3fd33d5f93d440134c1dc1a6d09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs.js
Filesize
6KB

MD5
278bbf20d1b275af13dcb1431d09a866

SHA1
546dd179bc26934008b6968131c259d74452264a

SHA256
df293db30dd2de06771503537d0da092991f50aa142c64d5b9faf836a47209a1

SHA512
4249345b9c13035ca8e4f804fb4b4c7a95ae8694caf68bfac4307b5ecc556ac4f9355f63d3c028f6dd736483c1af704397689171ea7318cb13072effb6be773f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs.js
Filesize
9KB

MD5
440e5c53a3359120c3e7d922061af78c

SHA1
a36e6baed8283ab04a887e88a471312ea922acf1

SHA256
7771eaf9dd72760a8a23b4b9000e25678208ce78fa48ca25298a20eee42bd6d6

SHA512
c3d9314e5e8b47d9711b2707c8a22598309b01da2edf0135e9d337e7c1be44ae31a4d55998c10b1f469d30489036c76db423aba3ce09d21680bd0a32885c3c3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs.js
Filesize
7KB

MD5
56a3d1652bfb60ee35400844509fd58b

SHA1
fbc5d7edef4b6351c77cd5e622dd3e5c31737c73

SHA256
f1d65cd37087db95ca49788b35fc40611973696b305e8dc647062488eb19e35c

SHA512
a0764c196dc51debe513d221385b36e820b5a107f342bbc4f745cabfaead0a31225d9101d2b5fa84d642f7356269b5119f47835e8eb6896c654324cf7fe6c8eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs.js
Filesize
6KB

MD5
6647a97da710df1a8a507c785c4ce6d0

SHA1
87f22532aaa323ad445df082a4665568577bd0aa

SHA256
aa6f4dd7965ef1509b49964dc622b0dfe18ead657b9e32a80f87f721e34fc467

SHA512
135d3f30bb4e27218883adf35658b7d802942b92f6ff3193a1c6e98b2d67a62570dca593aa714bbfd1bcffa435541457a8e0e9b0dc01108b9ae19b77744e3413

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionCheckpoints.json
Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionCheckpoints.json
Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionCheckpoints.json.tmp
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionCheckpoints.json.tmp
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
39d84dc359b037eff5e9c471f46676c8

SHA1
6459fee18590255bf23920d1696c8e66b0906bff

SHA256
6d88f46e85040846b2b3b027807fc7eb2155a9532cb43535a4dab99dfe1b311f

SHA512
93e880903bfe97db15db9bab932ad31b1c3f24872c2b2b592e49b0ce172f127515b14fb9df542825cf14ad9611bcd4a14d3950e8c8008e703e976c45935c9fce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
aade6dba1d7e69a10200f16cc1f84e14

SHA1
059b32274e489b59afdfba0aeb8b3976227d6be3

SHA256
991023adf5baebb814a82c02c5048f660414db2a3df749dbe8b6486cea5e4d03

SHA512
1b48d01da79fdbd2fa88c1ca670b0a170bdbbfdca63ca5fc65685602beadc7ee1b6eb3b23e39c4c4479397f4c3c7ba74962584b737070aba844e8ad679c60862

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
813c0fdcc42d67b97559abb7a7801aec

SHA1
a723b2c47fc9da4c5bb337562c3fcdf44907fd45

SHA256
19c207894f42d511fcc8209e3ab9620d7e0caf61791f58872acc016011a0705b

SHA512
132fffbccecceaed3602ef096a57fa9f29b471e2828f9b6cce4919bf339f00f2c6cd67f4324bc5486bf791fa633db514d902573255e8bc3bcad5c3a6a0a22b1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
f01419024898525c555a13c6b5bbdcf6

SHA1
7f1d953b24d280f048cd5afe7a1a9dd9677d18a9

SHA256
b75010ba643518f320f94c3555f269e0cfb7b48754c341f53b1d357066e982c0

SHA512
062d72cbca0416070b3e4197f4829a119ad30eec78c14d42d8f4b182e5b2ec7a9eaa446cf3f1c603475d4f8301cae3a136cec9501a32d5985f6dec3cffcc26c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
11KB

MD5
a147c5193a6ee06fe637390b23986594

SHA1
fe7e19b44fb9efc886525149990097a50d1d3b49

SHA256
123882eb202ecb8a96620ee6116ff5ffa87644dfdc4d9197f4c036a26605fdfd

SHA512
6599f8621c8144135fb8731159ecc3e11fd67c3dbc7185664bb7f5cdb402b06bdb0d181fe2326c2f8438aa692ee751f4ec47ef7e1de5c1a29000abdcb8776620

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
d6ee7769af29cf80db2ec7541ca2ba3e

SHA1
d7dd375bd71a6516913d8e6cf17572a73d1871ae

SHA256
277027ab77ef5bfabf3b58be87a3689a2ce6366b303b50f19009e0a52bf2aa32

SHA512
9c67045529833c7755dcd271a8e35538142e44c9fe2e67b4f8659668d52936cfc2a07b238ba4d1e69f5328ea50b65b83af3b193684e189c98df3cc4014ce21e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
8KB

MD5
13f57636c93e774a697096ab31d6811b

SHA1
9c5c792001f28de3081d25ffdab2f7b6e5c32747

SHA256
0ebe1b6bf51851649a0d65988f1868756219b22508e0dfae41115d72f022698d

SHA512
59b45b0c611d4ec10bb409f2aad8c1456a6d15e8b1e16281fcc14b239d13b820789906321d4b0fb61e3afc74fccfda84a787c3cfe8f7943d66fed3554ce2954f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
a6cc5aac2f836502c31d12e3684e0eaf

SHA1
ab210ec60b2626b1c0a50475bcf9771196ed55c3

SHA256
2e6c9600367bc53045845ccf0139b549a5dc066e19e713a79c69d398add7ca5e

SHA512
4c83b632e557671b0a5234a2a0bd15fe603a600fd9dab0cd8a53aa31c3cbc590ffdbdf451b4b9b53061347ca83c58aa28984288ea7065cfa54332fb7e767c728

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
da337bc79ac113996c1a88c1c51b39e7

SHA1
7f2f3778de876c322b7a28fc017f82da121bd768

SHA256
e711a0c8b28537f463265e76ad791d2978350914b55947cd83e5bc56f0f90f65

SHA512
5da7c5f87f03ab0360f12d45e2ec93a0778d464a3f3b96144ab2901e5563b515346b646ad76900924abca7f21f7a2fe5bbf6bffaa170ee733501891dd98a5352

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
4384037c3246fe98a94dd5f59ef6bfaf

SHA1
b517083f489aa62f16bf7ba4a4a25ccdbb888906

SHA256
d774466ffbb8741c1ffeb412c0986a9a78f68d8f0de7bc4712e1b3f18a6b3d34

SHA512
b3b88a80b5d22db70aa64ff39f168300e4433654ad03ad360ecf88f32cab223c0ba48e61ffcfa4a1b3fd123849e539924f78a272943c4cdc3ebc3f0813ffc1e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore.jsonlz4
Filesize
5KB

MD5
25ac7c9d0c9b0b7bbfd502e95c4b1991

SHA1
c91f0796b105aca8fee067bc72c2ddaecc367777

SHA256
cc3cf98e1ccbdf29076cede99789a3badb292d71fbebbfe281430f52dfe71837

SHA512
077bdcfcd1c24fe1a2e7d2787e0e3f76108321d4ac167af313ebb60d7405d5aad80fb14a65d9fd89d4303a8561a4c5393cd8b3923494d0ef5cb696a81f0c7f6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\storage.sqlite
Filesize
4KB

MD5
e1ab0723402af20d15c0f94875d37603

SHA1
341c5e0de487a9a74a5d80f2ed28a5bb515e8d75

SHA256
bd4eeebfbdfa5f0b9eb8c278341b447374a76ba240e0dc901a681fe241f0e163

SHA512
5a3911f952116ef0d80a1d099ea6c7b3ff490a5494a3252b1cf323e70dbb8ada6343b8878e4d915246f2b48da0cc29199d79dad50736c19700f54e295e9fff9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
Filesize
48KB

MD5
b31c10508e703549516553f7d89f772b

SHA1
c3a77a806ac458901193cfcb2d13301f0336ddb9

SHA256
6328b53814ba70eb0be1db9dc54738a833ac2d13fa359cbec46637b96e58786b

SHA512
809abed224d3087420d3407d2d135ddaae207e239c13c0e18237a4a9563bd26b669c1b279b3735f7747f50fcf9d93fdc499330fd77d983588c7a04f1c8677a7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
200KB

MD5
ba5d4e63ff9be23b9834653c187f1420

SHA1
5a5b390895a9e62936175b5934bcc138071494ea

SHA256
11350716895846ff76b89a6cf26d46eb8d4e9b144b72a785507c43b1b1b2bc86

SHA512
e393b64626308d1f90e2e7dc1d8b1f718a719a8ddc3060cb9b72bbdc0de477f606e75b22ce83c43747e4811bb6a17dd182cd606c859b017586d4bdb69fd19df9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\xulstore.json
Filesize
217B

MD5
6d9b95ac26c346f90f4773f7653b89b7

SHA1
7fc448b63abe6b9c8549543a7e7a7dde53ff2736

SHA256
e881d3d030d2427dd30d05df4e5bf1494af4e14c5440e20772757dd197626d46

SHA512
6ee6ca9770956cf67db93a19864cc08b082f3f293510b60b2888b29995a2a296e5dfb06f46e6b2cebb328a7342044092f1444c5ce231284bf5f5e7e8cc68357f

Download Submit
C:\Users\Admin\Downloads\Bloxstrap-v2.6.1.exe
Filesize
8.4MB

MD5
8450908897067c9527740d735897740b

SHA1
71c993302b3174fe4fd712eaf8886a4842778e42

SHA256
f5a04c5d6ddcb4cc3925656919c37a9ca18f20f3623c722dc45499cf1e4de8a8

SHA512
841d6d732db87ca350dd7f4eda273584810dc976f6a368a141de8ea8d87113e8f8ef92c747ee2fa3dc8f906456e2c2c17b122d3f86dea9042c40acb9170848f8

Download Submit
C:\Users\Admin\Downloads\Bloxstrap-v2.6.1.exe:Zone.Identifier
Filesize
664B

MD5
98472bc2ab4e2b514f2a80b445fcba05

SHA1
58404d86b17d945e6ff39000ae058082e5199546

SHA256
3805b34d9df94cf427d5fc7302cb10b423f6933f5122f4d528c5e66109a77dc3

SHA512
46dc169e8992ed10b6c47262da801f7338789dcccfaf3b86dc6386d86ee7df23c6e350f2b36c085c77eace087d6fa0174a29f0bdcef825fa41bdee08171ec841

Download Submit
C:\Users\Admin\Downloads\Bloxstrap-v2.d3fXdyWN.6.1.exe.part
Filesize
2KB

MD5
a905a3196d0a9223d5bb2482f75337be

SHA1
1a8712b82be9e0b789b660385b45419f5c95c4ca

SHA256
5f503e295f984c045d633b28dd91ae99c118407e9a960710e975ac612572bd28

SHA512
4639df1895af65f3266d4c253ae024405c3f4cbb7c96b74a2302dea2212e9b2e48212f871d44ef96148d604e7560eb28d4b2236d26241bbb651aa612a95703d0

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize
152B

MD5
7c112d575a3d43d1f05617e1abc795b5

SHA1
7b7c478a1034378c730a463050bb3a18d3c69142

SHA256
59bd5d7f1cb0d97dcd812a5dc82a855463c3fa65fc98749ded9d99bfb9c07c11

SHA512
72afbdc016a304b8778457737c2fe9055ed9231978bedb9c942441354e79c6fac74fdc8fb39db7b87781a6a453cbe787cc2326adcf91fa1564e359cbd57c33e0

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize
152B

MD5
4cc1fee41ce5dd834c74082405614cde

SHA1
63eebc074a21e662c3991b75b79b540ff7814d57

SHA256
efc3ee29f7921bd9e36118fe4a3df90cccce72c161cd99d7dbabf2b0802d0baf

SHA512
2b3795d2424e135c007e4e9adec6cedd873cdec33b98277148ff552037f4d8a8bf330fd96f4d5fb1c81b58805be815afce297c6116e81ce04294f8a238e9e94f

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize
152B

MD5
6cb1852bf3fc1511eb339b831ab1cbd7

SHA1
00bf6fb70f3bb1f309f150a231fc42ec9d1157ca

SHA256
91e04f5f1bc4f3cf981759dc7353b7c09249afbec64d07be456cdd73deb04db9

SHA512
5464ffc908a91443dd63598ab6b0dfbde60e43d386239d5cb50845f9374a3d00b11ba43c14ab549c0f6ab15acb7e1f62d16da45c0d549641c14c43270a75eaf6

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\throttle_store.dat
Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\GPUCache\data_1
Filesize
264KB

MD5
4f25827277816449f42afcdb8c9c96a2

SHA1
90def998a83485d32f8e39ff33bac1f4c12a4fdd

SHA256
89f8e35e828d8c8a9aa8099b1f55ee53bd3c691f0e1c4e489b97bdf6c803de35

SHA512
0b167c8ae59620369e88a5733c112d891c9a8d6687176fd460994eb585920c899f159de852c72322b92a59339a1534681cb1c6189684c0df19be427fac6a7a0d

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State
Filesize
935B

MD5
11aab224c756f3b7dd6e535b8dcc7b45

SHA1
a634ac922637afeaddc8ebb28bcfdb51f5101d2e

SHA256
8ebd9259f89aa9892c049d87c2055488b17be9d46423f6ae7b9367c80804c0e7

SHA512
eb6fe5b69118140ce02d9a3177652d51880c98fce61d1940488500768161e702fb06a1a089c46d96cc7d76e4770c3691bd563682e68376c7c4431527368215b7

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State
Filesize
1KB

MD5
d3da405e5514a5c5e5474e069cc5f0f5

SHA1
d30999717bc40e8f5b113b735b49ac05506ec351

SHA256
7ba99be0bef0eebdae5e0137a780b2c5817b2af6b33c7936ecac5b244249c110

SHA512
030d00bf74d739588f207bb68b1da2af1090bfa35cae201e9e7251390ab769df6947b360dc13b281ddc6e8d99e91266ed0ebd7fda8e21368fff8667a408423df

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State~RFe595f5c.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
Filesize
3KB

MD5
8774e19b80124d7b639f652b958fc0f4

SHA1
26c199cd44f4dc01eac96fbc29667206b2b61c12

SHA256
d199155985bccedf7804295f6e71304dc0dbfcbc41878de805fec2cc428811c8

SHA512
aae0a85c619cd402914a1aded49ae53c038eb0e485cb86cb25c17259ed2837ebd41ba36f55b274ef918ca0b4a6b0c068242ff462e5e110ffb8b408d642256ad5

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
Filesize
3KB

MD5
ef41146386bce14af9373011b68dcc4c

SHA1
b009063af6fd6460e45d686dd6b25bff1f94f611

SHA256
2f28f78d6379ebce0244bf84f8aab45a94ea924bb2e6add9e57e134638f3c7a3

SHA512
9b8e2128c8f641835591203f934576763867cc2fd77064e346191a85a16846803fda0879f45280c4eacaaee17ff74faa999db11ad0c2d49bdd75a39c30607fdb

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
Filesize
4KB

MD5
8180805e573ad80a058d189ca9c7983e

SHA1
1f268721467e2e5096721d3226e84b0087e94c40

SHA256
f0c2444cd3bd59cde49686e5d830ba9fd26e8c5cd76f818b6cf5e5f269f77666

SHA512
5e3e02a0c20637156495ebd801a45553f3d885073864129736f3838b1fe6f2963c5fcf1854f92e062a3d17338255548ffc290b1e4e610eb38beaeaba1d1e2171

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
Filesize
3KB

MD5
18dbd6a41625046d708e8a5f45ada75f

SHA1
c1a58ef4dbd483455a967a50553ea73ff85f146c

SHA256
40b68ec436209ff84b126469acfa0831311c18b59d272de381d0681434d6f54a

SHA512
e2f892dbe6dcb5027ce8687c75e39aceba687c1ce602b15c79c07367ddfe9fab3502b4a7df9d2beaf8aad3c70d395bb55d5ff8b009b76138c3578b2854160786

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
Filesize
4KB

MD5
ea62db2e702e5efad67252f94c25d579

SHA1
2f6fa4c226340ce1a63df326fddbba4ccfe7a76b

SHA256
320265623a66e87bd7b6b9053620326c9fbd2a6f0233f967d06cf875f47a22ee

SHA512
7c927385cfd30722c1a1f0035e1301d6f0b9ade14c2c2cd890faa20550cf7bc7fcab71e5ffd36afca76dd3638df352538e217aa024a77a3a0ae668b94fdc4bd9

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
Filesize
4KB

MD5
b1c4285c21005011fa9bebc6c9181c89

SHA1
ed13473fd2a7a9b3845cbab4d7aa1fd141291dd3

SHA256
8d03b2d505e4123835f9292b1755ebc41702903e8ed9a0facb34b3934fd953dc

SHA512
2f606520444ee57cc7e5a1af9796cb58776aea5675b2d8662782c7aa277fb37f484be4ac94e457dec98bcaf48276ffab74812c7bd404132948fe5f8b75e834fe

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
Filesize
3KB

MD5
82535e1293d6ae42c77246e0869dc6e7

SHA1
36407b5f3baa27b82bb70d2df2a9fd06b569f0ec

SHA256
1e33c90fc6425d78b203735c897f7b528ac576feee684fd000b844b2b2d43764

SHA512
cd3c37b86874530742b77500ab4e6a286e341dbc35c1336979bb092b522dd4a683b8df315db3b845e7c842b6e9325d8da526fa89808d646f662fc03251c078f2

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
Filesize
3KB

MD5
007b2adeeafee550c5b163c3d918d954

SHA1
c91b2022a80f7a98103408f30ef8a5cf6a0538da

SHA256
440fcbdb41dbf5cd82491f49c7a051946835f377b4aa835258e3e36c87019ebe

SHA512
6f4bb77fa6da2ea35486f7629b83decd552c8bf3e7802edb40128414274645d26685dd5d962113a70b6be3c260e9fb2826a627ff87dc7e527a2266363beac015

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences~RFe589f87.TMP
Filesize
3KB

MD5
b5851dfe6c17f927867b6ff193a97c53

SHA1
ddb4469781b61b2275bbaab90648aa6280773db8

SHA256
def5363dfbb0ae9e1c5767a0cb2263699e99773743a284402dad5645183c82e8

SHA512
dcfe50f430b3428cfa1e890aeeba8cccbe1db9e74a3d8daca565f77df89d90a89d881589a740a73ccc0762c2aeee3405f35c5ecc7f9a97e11404a79aedeffb2e

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\TransportSecurity
Filesize
874B

MD5
53c4bcc05fd0f64fb73fe767166788cd

SHA1
415145b31a0bb3fa8930392edf830e2a1673be55

SHA256
a614f692857f45cba11c7cf05b08f971b963bb03040f56ba0d12d3c5cebc9fde

SHA512
1aed278752b2ffef2875cddf2be59dcc962477c69e8708cc20b1757c6eee3aa299848f0d431e6fbdd62e9a5f891278baf0602716fe1791b80b45ea4b8423d8b4

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\GrShaderCache\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize
8KB

MD5
c7f29c8aa27582c4f44880744da973d5

SHA1
0265ee98c0d20ba02852377743bf94efb31a3597

SHA256
9d5a5a69ad53a9568c6222400c38697185ff28a25357290049817a88631c6383

SHA512
9f31bdf74ee922b0ac82e9804a04f2bb804942b2808d3106910917ccb6d539441950e2d3bb95b02b267d08235bd8b16560ed9f07a0005888b083845d1d25dfe2

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize
8KB

MD5
325c46224efc44c229aa17d8292e651c

SHA1
aa10517a0257c846120629724b324fb8b377a76e

SHA256
b3726bac549ffc088c6b5620a41240a2df3dd9edb2fe408f2b661f8c94223b68

SHA512
997d7c1404812a26a488de613a04cf2d238d5ce239d7494f63c12bea363d45c3783ed8158c255f823f704af056f4d39de569972d88129fb7dcb851c7716611e8

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize
9KB

MD5
67baa47e4396448f3616f10a47436593

SHA1
5919f7f25ae04ed3dd2e077e32c61df8f5f8747a

SHA256
34a55aa4789ddcecb6c50f9502c6c2e2f985975c9a906847fab38732d9492605

SHA512
9900d2bc144ffb6a3bcd4ea9b92efe38fe6572871148a25fc9d439e3d916b3cdb267c61b46a0ca27d8ea4ac47c1b7e28c9c93a931ffff2a7b80ff38ecf8d4b42

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize
9KB

MD5
f485d0b74d765141c8caee96f6218737

SHA1
7738520a76b157c047571fc6002f12690989fb19

SHA256
a267cbb150a005004d92e676c210746c56256a255b45d93d514ae913b2ee9653

SHA512
dd06443100febe632cb2f3e195ae82b0e61f6f0d47e3a201df0a2099eb4bdbec714fda076f93dc63051a5246add73a98f5692d25abb1ad9ba3f6b4769c8dcfb1

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize
8KB

MD5
7c998c74780772d85d161c68d46865f1

SHA1
1ba371fa79016f200e6cabd76083d8311b1b7f52

SHA256
e13caf0b0fe50d89467d81e97e623259b7a2fb0c99a8e65bd34737486cbe9ca3

SHA512
8ad92ef147e9b1d7d33477ff6efe7eb8c716cf63610a061a480b117884319a3f468b8f8d2e7bce052eb20424a842d128ee27de507f6dee6441a2f9b3c9627062

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe5895f2.TMP
Filesize
8KB

MD5
844c5c92a7b57049419458be30cb9c55

SHA1
5860fadb40c55b07935f1a0aba36ab507e87c74c

SHA256
6137c371427fbcba7f648d456be4351421aea71b13cd72fa7b793ec386464edd

SHA512
38974b7ef4e18b1baa912baeaed22ab9db61247397cd1ca38b5f4ecc5dee2db3cc4284a31ca4b2a6ddaad2830a5e65406e4c0b768ac6f789cd12462a34d5edc5

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Advertising
Filesize
24KB

MD5
131857baba78228374284295fcab3d66

SHA1
180e53e0f9f08745f28207d1f7b394455cf41543

SHA256
b1666e1b3d0b31e147dc047e0e1c528939a53b419c6be4c8278ee30a0a2dbd49

SHA512
c84c3794af8a3a80bb8415f18d003db502e8cb1d04b555f1a7eef8977c9f24e188ae28fc4d3223b52eab4046342b2f8fd0d7461130f3636609214a7b57f49cb4

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Analytics
Filesize
4KB

MD5
da298eacf42b8fd3bf54b5030976159b

SHA1
a976f4f5e2d81f80dc0e8a10595190f35e9d324b

SHA256
3abd2e1010e8824f200878942e0850d6e2620a2f0f15b87d32e2451fdda962ec

SHA512
5bf24c2df7cc12c91d1fb47802dbac283244c1010baa68bfae9eb5eb8ee25758156bb1e21f6cc3f55e7d71e5c330888ffd41469b2630eb86237c9970d7ede75e

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\CompatExceptions
Filesize
689B

MD5
108de320dc5348d3b6af1f06a4374407

SHA1
90aa226d3c9d50cf4435ecdd2b8b0086d8edeb8b

SHA256
5b462316a51c918d0bae95959bf827cb9c72bbd84ffb0e43b750aa91fbf3ba53

SHA512
70f30c45e20b7cddd0cba6476af9338975cec8e40b8b19603af5fa859a34c6eb2138957daaa263633fe65213e2186402d05d9d29ad53e8f311335555116314c2

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Content
Filesize
6KB

MD5
97ea4c3bfaadcb4b176e18f536d8b925

SHA1
61f2eae05bf91d437da7a46a85cbaa13d5a7c7af

SHA256
72ec1479e9cc7f90cf969178451717966c844889b715dff05d745915904b9554

SHA512
5a82729fd2dce487d5f6ac0c34c077228bee5db55bf871d300fcbbd2333b1ee988d5f20ef4d8915d601bd9774e6fa782c8580edca24a100363c0cdce06e5503f

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Cryptomining
Filesize
1KB

MD5
16779f9f388a6dbefdcaa33c25db08f6

SHA1
d0bfd4788f04251f4f2ac42be198fb717e0046ae

SHA256
75ad2a4d85c1314632e3ac0679169ba92ef0a0f612f73a80fdd0bc186095b639

SHA512
abd55eff87b4445694b3119176007f71cf71c277f20ea6c4dcadfb027fdce78f7afbcf7a397bd61bd2fa4bc452e03087a9e0e8b9cc5092ec2a631c1ebb00ee25

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Entities
Filesize
68KB

MD5
571c13809cc4efaff6e0b650858b9744

SHA1
83e82a841f1565ad3c395cbc83cb5b0a1e83e132

SHA256
ab204851f39da725b5a73b040519c2e6aaf52cb7a537c75802cb25248d02ec1b

SHA512
93ff4625866abf7cd96324528df2f56ecb358235ff7e63438ac37460aeb406a5fb97084e104610bb1d7c2e8693cabedc6239b95449e9abb90252a353038cb2a2

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Fingerprinting
Filesize
1KB

MD5
b46196ad79c9ef6ddacc36b790350ca9

SHA1
3df9069231c232fe8571a4772eb832fbbe376c23

SHA256
a918dd0015bcd511782ea6f00eed35f77456944981de7fd268471f1d62c7eaa3

SHA512
61d6da8ee2ca07edc5d230bdcbc5302a2c6e3a9823e95ccfd3896d2e09a0027fece76f2c1ea54e8a8c4fa0e3cf885b35f3ff2e6208bf1d2a2757f2cbcdf01039

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Other
Filesize
34B

MD5
cd0395742b85e2b669eaec1d5f15b65b

SHA1
43c81d1c62fc7ff94f9364639c9a46a0747d122e

SHA256
2b4a47b82cbe70e34407c7df126a24007aff8b45d5716db384d27cc1f3b30707

SHA512
4df2ce734e2f7bc5f02bb7845ea801b57dcf649565dd94b1b71f578b453ba0a17c61ccee73e7cff8f23cdd6aa37e55be5cb15f4767ff88a9a06de3623604fbf0

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Social
Filesize
355B

MD5
4c817c4cb035841975c6738aa05742d9

SHA1
1d89da38b339cd9a1aadfc824ed8667018817d4e

SHA256
4358939a5a0b4d51335bf8f4adb43de2114b54f3596f9e9aacbdb3e52bef67e6

SHA512
fa8e1e8aa00bf83f16643bf6a22c63649402efe70f13cd289f51a6c1172f504fedd7b63fc595fb867ecb9d235b8a0ea032b03d861ebb145f0f6a7d5629df8486

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Advertising
Filesize
2KB

MD5
326ddffc1f869b14073a979c0a34d34d

SHA1
df08e9d94ad0fad7cc7d2d815ee7d8b82ec26e63

SHA256
d4201efd37aec4552e7aa560a943b4a8d10d08af19895e6a70991577609146fb

SHA512
3822e64ca9cf23e50484afcc2222594b4b2c7cd8c4e411f557abea851ae7cbd57f10424c0c9d8b0b6a5435d6f28f3b124c5bc457a239f0a2f0caf433b01da83f

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Analytics
Filesize
432B

MD5
01f1f3c305218510ccd9aaa42aee9850

SHA1
fbf3e681409d9fb4d36cba1f865b5995de79118c

SHA256
62d7286cd7f74bdfda830ee5a48bce735ee3661bda8ceac9903b5627cbd0b620

SHA512
e5b665e981f702a4a211d0569bb0bc42e3c29b76b3f75aaf8dc173f16f18f7c443f5cf0ccf1550df3aa2b151e607969c2c90ab1a6e7a910dfeb83854cea4e690

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Content
Filesize
48B

MD5
7b0b4a9aafc18cf64f4d4daf365d2d8d

SHA1
e9ed1ecbec6cccfefe00f9718c93db3d66851494

SHA256
0b55eb3f97535752d3c1ef6cebe614b9b67dddfcfd3c709b84c6ecad6d105d43

SHA512
a579069b026ed2aaef0bd18c3573c77bfb5e0e989c37c64243b12ee4e59635aaa9d9c9746f82dcc16ca85f091ec4372c63e294c25e48dfffbed299567149c4e2

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Cryptomining
Filesize
32B

MD5
4ec1eda0e8a06238ff5bf88569964d59

SHA1
a2e78944fcac34d89385487ccbbfa4d8f078d612

SHA256
696e930706b5d391eb8778f73b0627ffc2be7f6c9a3e7659170d9d37fc4a97b5

SHA512
c9b1ed7b61f26d94d7f5eded2d42d40f3e4300eee2319fe28e04b25cdb6dd92daf67828bff453bf5fc8d7b6ceb58cab319fc0daac9b0050e27a89efe74d2734e

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Entities
Filesize
42KB

MD5
f446eb7054a356d9e803420c8ec41256

SHA1
98a1606a2ba882106177307ae11ec76cfb1a07ee

SHA256
4dc67d4b882621a93ffdb21a198a48a0bc491148c91208cf440af5f0de3ef640

SHA512
3cc3a521b297e4f48ed4ba29866a5ade380c9f0c06d85bea4140e24b05c6762d645df3d03d0a7058383b559baa3ae34ad3ed2b06017e91a061632862911a823b

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Fingerprinting
Filesize
172B

MD5
3852430540e0356d1ba68f31be011533

SHA1
d3f622450bcf0ced36d9d9c0aad630ebccfcb7ff

SHA256
f1f413704c32a28a31a646f60cad36cc2da793e143f70eee72ae56f736df8054

SHA512
7a4faa493c141ea88d6cd933dfc0b50ef6d25983323db2b931c7512e039859d60c4935e56b771264ca72b45c035b1962ad8680d616eaaf04fbc5a6e0b674e435

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Other
Filesize
91B

MD5
09cedaa60eab8c7d7644d81cf792fe76

SHA1
e68e199c88ea96fcb94b720f300f7098b65d1858

SHA256
c8505ea2fe1b8f81a1225e4214ad07d8d310705be26b3000d7df8234e0d1f975

SHA512
564f8e5c85208adabb4b10763084b800022bb6d6d74874102e2f49cc8f17899ce18570af1f462aa592a911e49086a2d1c2d750b601eedd2f61d1731689a0a403

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Social
Filesize
3KB

MD5
318801ce3611c0d25c65b809dd9b5b3c

SHA1
b9d07f2aa9da1d83180dc24459093e20fe9cf1d8

SHA256
2458da5d79b393459520e1319937cfc39caadbc2294f175659fae5df804e1d03

SHA512
7daff0253da90f35bf00141b53d39c7cadacf451a7ecf1667c4ca6e8aed59a0c4a6b44ddc2afffa690e12c2134eddb9f46f72e4317ce99c307d9e524a5fd1103

Download Submit
C:\Users\Admin\Downloads\Solara.Dir\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Staging
Filesize
16KB

MD5
39bdf35ac4557a2d2a4efdeeb038723e

SHA1
9703ca8af3432b851cb5054036de32f8ba7b083f

SHA256
04441a10b0b1deee7996e298949ac3b029bd7c24257faf910fe14f9996ba12ae

SHA512
732337f7b955e6acaf1e3aaa3395bc44c80197d204bd3cbb3e201b6177af6153cc9d7b22ad0e90b36796f92b0022806c32ac763eaec733b234503890900bf284

Download Submit
\??\pipe\LOCAL\crashpad_3888_LOBBYEKKYRFLYGVH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/860-495-0x00007FF8C6023000-0x00007FF8C6025000-memory.dmp

Filesize
8KB

Download
memory/860-1261-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-288-0x00007FF8C6023000-0x00007FF8C6025000-memory.dmp

Filesize
8KB

Download
memory/860-289-0x000001B52F370000-0x000001B52F38A000-memory.dmp

Filesize
104KB

Download
memory/860-291-0x00007FF8C6020000-0x00007FF8C6AE2000-memory.dmp

Filesize
10.8MB

Download
memory/860-290-0x000001B549F30000-0x000001B54A46C000-memory.dmp

Filesize
5.2MB

Download
memory/860-292-0x000001B549BA0000-0x000001B549C5A000-memory.dmp

Filesize
744KB

Download
memory/860-293-0x000001B549C60000-0x000001B549D12000-memory.dmp

Filesize
712KB

Download
memory/860-294-0x00007FF8C6020000-0x00007FF8C6AE2000-memory.dmp

Filesize
10.8MB

Download
memory/860-299-0x000001B549B60000-0x000001B549B82000-memory.dmp

Filesize
136KB

Download
memory/860-305-0x000001B549B40000-0x000001B549B4E000-memory.dmp

Filesize
56KB

Download
memory/860-306-0x00007FF8C6020000-0x00007FF8C6AE2000-memory.dmp

Filesize
10.8MB

Download
memory/860-307-0x000001B54A770000-0x000001B54A7EE000-memory.dmp

Filesize
504KB

Download
memory/860-309-0x00007FF8C6020000-0x00007FF8C6AE2000-memory.dmp

Filesize
10.8MB

Download
memory/860-308-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-320-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-319-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-321-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-323-0x000001B549ED0000-0x000001B549ED8000-memory.dmp

Filesize
32KB

Download
memory/860-325-0x000001B54DA60000-0x000001B54DA6E000-memory.dmp

Filesize
56KB

Download
memory/860-324-0x000001B54DAA0000-0x000001B54DAD8000-memory.dmp

Filesize
224KB

Download
memory/860-409-0x00007FF8C6020000-0x00007FF8C6AE2000-memory.dmp

Filesize
10.8MB

Download
memory/860-484-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-4744-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-505-0x00007FF8C6020000-0x00007FF8C6AE2000-memory.dmp

Filesize
10.8MB

Download
memory/860-514-0x00007FF8C6020000-0x00007FF8C6AE2000-memory.dmp

Filesize
10.8MB

Download
memory/860-526-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-527-0x00007FF8C6020000-0x00007FF8C6AE2000-memory.dmp

Filesize
10.8MB

Download
memory/860-530-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-564-0x00007FF8C6020000-0x00007FF8C6AE2000-memory.dmp

Filesize
10.8MB

Download
memory/860-580-0x00007FF8C6020000-0x00007FF8C6AE2000-memory.dmp

Filesize
10.8MB

Download
memory/860-598-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-654-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-4956-0x00007FF8C6020000-0x00007FF8C6AE2000-memory.dmp

Filesize
10.8MB

Download
memory/860-5001-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-841-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-922-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-1014-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-1076-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-1095-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-1131-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-1160-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/860-1176-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/2004-4802-0x00007FF8E6960000-0x00007FF8E6970000-memory.dmp

Filesize
64KB

Download
memory/2004-4800-0x00007FF8E68F0000-0x00007FF8E6900000-memory.dmp

Filesize
64KB

Download
memory/2004-4789-0x00007FF8E7AD0000-0x00007FF8E7ADC000-memory.dmp

Filesize
48KB

Download
memory/2004-4778-0x00007FF8E8670000-0x00007FF8E86A0000-memory.dmp

Filesize
192KB

Download
memory/2004-4799-0x00007FF8E5FF0000-0x00007FF8E6000000-memory.dmp

Filesize
64KB

Download
memory/2004-4798-0x00007FF8E5FF0000-0x00007FF8E6000000-memory.dmp

Filesize
64KB

Download
memory/2004-4808-0x00007FF8E69A0000-0x00007FF8E69AD000-memory.dmp

Filesize
52KB

Download
memory/2004-4810-0x00007FF8E80A0000-0x00007FF8E80B0000-memory.dmp

Filesize
64KB

Download
memory/2004-4809-0x00007FF8E80A0000-0x00007FF8E80B0000-memory.dmp

Filesize
64KB

Download
memory/2004-4807-0x00007FF8E69A0000-0x00007FF8E69AD000-memory.dmp

Filesize
52KB

Download
memory/2004-4806-0x00007FF8E69A0000-0x00007FF8E69AD000-memory.dmp

Filesize
52KB

Download
memory/2004-4805-0x00007FF8E69A0000-0x00007FF8E69AD000-memory.dmp

Filesize
52KB

Download
memory/2004-4779-0x00007FF8E8700000-0x00007FF8E8709000-memory.dmp

Filesize
36KB

Download
memory/2004-4804-0x00007FF8E69A0000-0x00007FF8E69AD000-memory.dmp

Filesize
52KB

Download
memory/2004-4803-0x00007FF8E6960000-0x00007FF8E6970000-memory.dmp

Filesize
64KB

Download
memory/2004-4770-0x00007FF8E8500000-0x00007FF8E8510000-memory.dmp

Filesize
64KB

Download
memory/2004-4771-0x00007FF8E8500000-0x00007FF8E8510000-memory.dmp

Filesize
64KB

Download
memory/2004-4776-0x00007FF8E8670000-0x00007FF8E86A0000-memory.dmp

Filesize
192KB

Download
memory/2004-4773-0x00007FF8E8620000-0x00007FF8E8630000-memory.dmp

Filesize
64KB

Download
memory/2004-4774-0x00007FF8E8670000-0x00007FF8E86A0000-memory.dmp

Filesize
192KB

Download
memory/2004-4775-0x00007FF8E8670000-0x00007FF8E86A0000-memory.dmp

Filesize
192KB

Download
memory/2004-4801-0x00007FF8E68F0000-0x00007FF8E6900000-memory.dmp

Filesize
64KB

Download
memory/2004-4788-0x00007FF8E79E0000-0x00007FF8E7A00000-memory.dmp

Filesize
128KB

Download
memory/2004-4785-0x00007FF8E79E0000-0x00007FF8E7A00000-memory.dmp

Filesize
128KB

Download
memory/2004-4772-0x00007FF8E8620000-0x00007FF8E8630000-memory.dmp

Filesize
64KB

Download
memory/2004-4777-0x00007FF8E8670000-0x00007FF8E86A0000-memory.dmp

Filesize
192KB

Download
memory/2004-4780-0x00007FF8E7930000-0x00007FF8E7940000-memory.dmp

Filesize
64KB

Download
memory/2004-4781-0x00007FF8E7930000-0x00007FF8E7940000-memory.dmp

Filesize
64KB

Download
memory/2004-4797-0x00007FF8E5FF0000-0x00007FF8E6000000-memory.dmp

Filesize
64KB

Download
memory/2004-4782-0x00007FF8E79C0000-0x00007FF8E79D0000-memory.dmp

Filesize
64KB

Download
memory/2004-4796-0x00007FF8E5FD0000-0x00007FF8E5FE0000-memory.dmp

Filesize
64KB

Download
memory/2004-4783-0x00007FF8E79C0000-0x00007FF8E79D0000-memory.dmp

Filesize
64KB

Download
memory/2004-4784-0x00007FF8E79E0000-0x00007FF8E7A00000-memory.dmp

Filesize
128KB

Download
memory/2004-4786-0x00007FF8E79E0000-0x00007FF8E7A00000-memory.dmp

Filesize
128KB

Download
memory/2004-4787-0x00007FF8E79E0000-0x00007FF8E7A00000-memory.dmp

Filesize
128KB

Download
memory/2004-4790-0x00007FF8E5CB0000-0x00007FF8E5CC0000-memory.dmp

Filesize
64KB

Download
memory/2004-4791-0x00007FF8E5CB0000-0x00007FF8E5CC0000-memory.dmp

Filesize
64KB

Download
memory/2004-4792-0x00007FF8E5E20000-0x00007FF8E5E30000-memory.dmp

Filesize
64KB

Download
memory/2004-4793-0x00007FF8E5E20000-0x00007FF8E5E30000-memory.dmp

Filesize
64KB

Download
memory/2004-4794-0x00007FF8E5FD0000-0x00007FF8E5FE0000-memory.dmp

Filesize
64KB

Download
memory/2004-4795-0x00007FF8E5FD0000-0x00007FF8E5FE0000-memory.dmp

Filesize
64KB

Download
memory/5216-354-0x00007FF8E69B0000-0x00007FF8E69B1000-memory.dmp

Filesize
4KB

Download
memory/6472-5616-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/6472-5555-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download
memory/6472-5415-0x0000000180000000-0x0000000180B0D000-memory.dmp

Filesize
11.1MB

Download