quasar | hxxps://github[.]com/menlichme/Roblox-Solara[.]git

Analysis

max time kernel
162s
max time network
160s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
03-02-2025 09:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/menlichme/Roblox-Solara.git

Score

10^/10

quasar svhost32 discovery execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

svhost32

87.228.57.81:4782

Mutex

47b71fc0-b2c4-4112-b97a-39385a5399c1

Attributes

encryption_key
19A0FAF8459F69650B5965C225752D425C429EEC
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svhost32
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/files/0x00030000000006a1-644.dat	family_quasar
behavioral1/memory/5168-652-0x0000000000A30000-0x0000000000D54000-memory.dmp	family_quasar

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
3488	powershell.exe
5336	powershell.exe

Executes dropped EXE 3 IoCs

pid	Process
5168	bxoytrkxt.exe
4948	Client.exe
2504	ujfmdiqct.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
76	raw.githubusercontent.com
84	raw.githubusercontent.com
87	raw.githubusercontent.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Solara Executor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Solara Executor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133830489929568382"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Roblox-Solara-main.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Solara Executor.zip:Zone.Identifier	msedge.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
2040	schtasks.exe
5192	schtasks.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
3684	chrome.exe
3684	chrome.exe
2896	msedge.exe
2896	msedge.exe
2608	msedge.exe
2608	msedge.exe
3868	msedge.exe
3868	msedge.exe
920	identity_helper.exe
920	identity_helper.exe
1176	msedge.exe
1176	msedge.exe
3488	powershell.exe
3488	powershell.exe
3488	powershell.exe
5972	chrome.exe
5972	chrome.exe
5972	chrome.exe
5972	chrome.exe
5336	powershell.exe
5336	powershell.exe
5336	powershell.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3684	chrome.exe
3684	chrome.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
3684	chrome.exe
3684	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4948	Client.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3684 wrote to memory of 5036	3684	chrome.exe	78
PID 3684 wrote to memory of 5036	3684	chrome.exe	78
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2188	3684	chrome.exe	79
PID 3684 wrote to memory of 2612	3684	chrome.exe	80
PID 3684 wrote to memory of 2612	3684	chrome.exe	80
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81
PID 3684 wrote to memory of 2492	3684	chrome.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/menlichme/Roblox-Solara.git
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3662cc40,0x7ffd3662cc4c,0x7ffd3662cc58
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1728,i,15867677850140768060,3919884210958667956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1632 /prefetch:2
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1964,i,15867677850140768060,3919884210958667956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2020 /prefetch:3
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,15867677850140768060,3919884210958667956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,15867677850140768060,3919884210958667956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2740,i,15867677850140768060,3919884210958667956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4540,i,15867677850140768060,3919884210958667956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4428,i,15867677850140768060,3919884210958667956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=736,i,15867677850140768060,3919884210958667956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4400,i,15867677850140768060,3919884210958667956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4468,i,15867677850140768060,3919884210958667956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3084,i,15867677850140768060,3919884210958667956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5668,i,15867677850140768060,3919884210958667956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3476,i,15867677850140768060,3919884210958667956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5972

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3356

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3580

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Temp1_Roblox-Solara-main.zip\Roblox-Solara-main\index.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd20fc3cb8,0x7ffd20fc3cc8,0x7ffd20fc3cd8
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,16620519075771745356,17950232431199713247,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,16620519075771745356,17950232431199713247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,16620519075771745356,17950232431199713247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,16620519075771745356,17950232431199713247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,16620519075771745356,17950232431199713247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,16620519075771745356,17950232431199713247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,16620519075771745356,17950232431199713247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,16620519075771745356,17950232431199713247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,16620519075771745356,17950232431199713247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,16620519075771745356,17950232431199713247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,16620519075771745356,17950232431199713247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,16620519075771745356,17950232431199713247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,16620519075771745356,17950232431199713247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,16620519075771745356,17950232431199713247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3596 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,16620519075771745356,17950232431199713247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:72
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,16620519075771745356,17950232431199713247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,16620519075771745356,17950232431199713247,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2648 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:72

C:\Users\Admin\Downloads\Solara Executor.exe
"C:\Users\Admin\Downloads\Solara Executor.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2376
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" -Command Add-MpPreference -ExclusionPath 'C:\wpkdchyy'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3488
- C:\wpkdchyy\bxoytrkxt.exe
  "C:\wpkdchyy\bxoytrkxt.exe"
  2⤵
  - Executes dropped EXE
  PID:5168
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "svhost32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:5192
- - C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
    "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4948
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "svhost32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:2040

C:\Users\Admin\Downloads\Solara Executor.exe
"C:\Users\Admin\Downloads\Solara Executor.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1632
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" -Command Add-MpPreference -ExclusionPath 'C:\oyvvu'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5336
- C:\oyvvu\ujfmdiqct.exe
  "C:\oyvvu\ujfmdiqct.exe"
  2⤵
  - Executes dropped EXE
  PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5bc90cbb1257474a65e1a715e7ff3644

SHA1
fa900d9ba1dd7c22a529a19e6b445b934da1aa85

SHA256
1ef36874ce85b907d05461ea102e6288dc7f04b3fa61b37d0b82a783b6a41f8b

SHA512
161b307a0cc0090346c0c3b30983295fb3f34ebf60ebefed1f773d9236511961f6f7c9c0acb9731cc89d887307116df2a07aa54166fa727f5a6dffd16510b202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f877941763c6e318e4c394885eb55a3c

SHA1
a1c112599bf9eeca302b6450c4c0ebc42923fcb8

SHA256
9447d5930f1a7f6d04bb6c310b55fe10396ea2bc9bdeec93243568b5347fa727

SHA512
18a0179b8c27783f122080ea988abb0e20fdb4f717f47be74c41e54713b5373666b4e4b4923c6a7036048528bce08efb79a95d9bbe912d6aa0fe8108c0e48f71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5cc77a4514984679e4aa98472baf8160

SHA1
6e84c33a5baa44ba1fa97f1c6aa1b4c548b3d6a4

SHA256
947f009b15b8959c2666e29760d9373d43302136f7169e71b78d68632331f0a0

SHA512
0e2516548a83c531d7d584e30bea95f748ac417c728d0ac1a150f4d1ae64d44ccaa161454eedf391a251e489cd790d75e43a7b6f692e03a6d6c554e1db91d934

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
1d62496b3e33eb1fe2c8054ff454bd11

SHA1
e326cc592894797af1eedbca7a6e160c390a7bb7

SHA256
b66eff3461d3b15791f30532c5808d7ef4b4997d977dac1e5286393f5a69e270

SHA512
b6c7ecf73c5a87a880b7ed61c02dce2262afec64aaa38c6c73716c810d5b8c8518fefe30d8c32aae24f89b64985ecf63ed0bbcc3bd9ffb203982b10bb644c748

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1c4ebadfe7cbf8673818628986e6a59c

SHA1
03454e09af6f9e2d30c63569983f704af2a3e944

SHA256
4ac1638173c95e6c7915e19f01dd9e22bed1e0e5b047698f4119a61f11f5a703

SHA512
80ed2082677e2a57222a15ed0da1731516111ad5ab90aa1289ad4e35ada265431e63ccf2b3316f5c34722d46f239065546e4a041bc2efdf0d73984d1631c4c94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
212393b743ca24d389d4387becf11818

SHA1
487e0a05e0bb5d260a343da85c48354f0cb056bb

SHA256
d5cfeb254e3a3faae0b9f381d45b84fa0218865d35c383e1350fe1f5835c9958

SHA512
9e20fdd9b5d2af538cab484d27b6f3034a491379d62a90a1b919c30cbee5f69d2e83e7f543a5dc54e9b676aafee9a14f04032b2a8a75db386e1dd1eceb4a65b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d6bce8d7c26b02606e7102eb1af8e6d5

SHA1
6d6e54b26589e5fd88b103e5fc8ecf194603fe31

SHA256
b87032f2cf1c879dd42099731a6295a31544b524aaa72fe41ef643246b4b5219

SHA512
de89697927bf37b71d14e6d73f1d6ce1a7e176cdb2c5da71098a427406c42c042226787cf11de062dd1801c0b0bc262bf57c7781939f368d64e4aaeb1cb11269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d2fa85f0e9ed11ce189c8e62564db311

SHA1
e0a3957f8fd5b87148e99c7433b47c33cc7f6a6c

SHA256
9e7c531db1ae7bf80e77e362eca6962e28c2420d50852d35c87333047cccd5b6

SHA512
1fc2f9d18881e423b1f6e5ec652c86ee65c1446a85bb50940146c410644138657ca8d2413d90a74a137f6c7fbe8aa3ecb6d7c6a04d84b67cacddf5e6f37e8f91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
412af6b24158097b776df88983fdf32f

SHA1
94173dc37d3ad73433e84e4717f51a217010f30e

SHA256
497db9dfa1bdee26de5cc652b7edd7e3f86028e1160256a939e12ee611cb1913

SHA512
579efce39f7ff6bdcf762cf64b22e7258f402411aa999036f4b35eaccdf1eccdc7800179663a06ab03f12bb9c43ea08e8930c421638035ce68399cb2efc8fcd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
da05763d9f1038582b9b5aedc2959e14

SHA1
33ede1be554ad4e49ac0f0e24d8d6a7a19f6c35c

SHA256
3ba77a85467cd8192a6b7ead5186322badde47de926c39e5ff8ec7830760707c

SHA512
4630925014cea74aeca0f2f4424bd25c7cf30b4c34d5748ecde77addb44e98614d16d3b468546e1f5cadeb6a19cf9660afcacdd51a1d870d14aa0da4a96fd80f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8872779c4c93e8e8da939aee79ed81ff

SHA1
dd6f2c3abd2315a901c64433924cca34c4e20f63

SHA256
4536b6cf31350a54592077193066672aa284d19412c4ef1dc2c6f86dea351f4c

SHA512
60e5bd3dbe6f76f7f63ecfecf1673a99be24965229e125da2de8744b568fc54e65ddaa0b4b23b9c92768aea2188f3cef421ce20b24297dec4e8d98fae268f717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
14d813c55dff53c55443e82d6334a312

SHA1
0b0c2d296807589f725013e5cb40bb6b6e36199c

SHA256
332dcc5d75710ec3d1a5d81f4d6493657ae323f24e62e8204ecf3885138fc5b7

SHA512
4666e3dc149c18b5eeff8780054dfdfc5f1f67a5fab6b65a2dd2d7a4ce024586d9115709589cd05e17e7d3103f4d74ccd0a10ca3dc4bbf626080a20d058e9ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b5ce774439de94ad21666184207b9458

SHA1
b9598a6251af4a74b7eb3743e12d69e7903e85aa

SHA256
dbd54242345b78339873f627c03de4ea87dc07c59489a6a97cb59140ac533c11

SHA512
dab22957d6c25acd5201dc19f6a1b926b14b81a18cf36f99c7c0fceb12768958ee8c3eabc6c31363d1b309ecc6412b688e4a98f49f27c4a991b5fe859ba5037c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fa10166dad8f715e04cc8c99133e47f3

SHA1
986004e895081e5210c5aa982386adbc68d4e716

SHA256
21e972bea5df893ddbdc3da8563c9c576461e2f18e3cfb26654e523eb47afffe

SHA512
47bfcc547e9e27146819544c7601dc282bfd5a4fcb205e974c851348e511286c34a6999fff449b47de2bec3b156359f0ef19f7bce267650f4bcac276f96b8106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c0326a1e62c4b07fe7c8ecc7892f581a

SHA1
2ab09e9609dcb9558da04ea434ba904403552564

SHA256
1fcd7935386baad3104d4424543fbd119513fd69f7372996e449f9de4c205b08

SHA512
acf24d40f574664893961002fe9f7837a2065df3fd97e76285302b96c5198932846707cfb4a71fb6acdac03f9a895bb6326aa7906ba1b2e3413039164b6f00cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4ebb91aa781193235f35c4d216f03c0e

SHA1
ceef1996c7f7c7070aeaff4d4d58ec28e5197f53

SHA256
80715ccb5e6532089f5546c0ae0a768169b48af468dd1aa8b19d8d097671a985

SHA512
c7fcdd3675ef58940b51c2a49f60d3601b57e9b420da1401630f478438b0ee466c5ea33ae0ff7d8a92073fa4ff2d072b1e391a1a79edbdf3be723f392f146281

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d2b5d70ed9a896b799af717f21d6763d

SHA1
1d056398e7feecce3bf9073ff76a000d40e73fe9

SHA256
b10c1cfc73e83b4a2b38d65e99cf349e52a82b401ae4b09e6fdbb7df25e1eae7

SHA512
1c761f13e533bd89789bd1fd3e2c6bfde3ee88d36eedb8f7bbf1cb6113b64af544dca66b477d4f56884d9aa6a2f95427ba565c27c73db9e664b347bcaa3be679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1f9b8f48d3b9fbecf364f0ce8eb8e960

SHA1
444c445a04844604dba91c2f8cd36a3fd705b14a

SHA256
c3b3867f67b506458145e11b88cfc26331dca44536d76891c945775659333f6e

SHA512
eb8c2220000b3cc94b8c24227c8bff78c429779bb5659715ac5c90534dbade4d6f04793524b2224662cc73b6f10fe4260e4e7d9af0848f14dfbd237552151c36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b196cf0a5686c41983677ea74195fab

SHA1
d929a8d2caa47267fc9fb19e178c63997845e9aa

SHA256
ec3a25ded61aa64ca12afc5ca7c01fda1328e134e98947ef4795350a79f01bfa

SHA512
38a3f68cc496829c63dc95acfd591ab78f3b89f9233e078e808878c065f283af9dbf3dc041bc077a415893c2cbc416cd483c56415c2afd926a86b835a40f2dff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f800987e0e8a2832a0a47ba501a76fbb

SHA1
c77d55e1f2c62068b73e5c8ade82e482424caf6d

SHA256
f9c82ea0e96626ea3d68c25e1a25dc43a34cb3e03cf382f300cb8d7030aa427b

SHA512
c6ca0085eae3034088fa3ee9387baa2c4c4cd5c4276cdc6b443edc9a8dd333eac2eb67d24e572611999abb79118d0f6e6ba64e4ce0fde564da504ecf6ffb2d8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c4857fdda60461b768788fe47ff5e69

SHA1
a52e61b67411a7aa9978acadd7dbb108a6183f72

SHA256
ebea94efedd5c033108919d905fec9bc4d508dc3ca403da80e54b04ff8ed559b

SHA512
872246cdfe63c154590328f03f1b37126f95eaf5707b19b9e2d746ab868adea4081d422c4f419ee02ae87f8c8534fd974641a8c8d4c6c23d6526b2226439551f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
e11d3344d9c4823a8fd9c133d71a752a

SHA1
111d70ddb0fca747f7b523111a3f81f061b27e96

SHA256
f24046005e001a40bd844ea53bbb3d36f487e7a9eee8a6067345ac220773ab91

SHA512
e2a9f87ed6f191ffaec0a8d06d8a7f6d07d5d95f021b5c3be55250b331ae7758c3e3b50058bf8f7d8c24f73a0ac46518a9c470f5505215788fb39409b491fa41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
95ab4245e99c2b40cef199364ca4528e

SHA1
5f05980a916e39cce2c9cbdf90f3b73bb2ac034a

SHA256
432c558ed3c446a3a3424bacee58c8d1aaf63639c2284291340a1d4a28524c52

SHA512
70147ca00241342d5df498d23c9a22ecc590d4cfdbc3ccd2720291edc6c6093f8c8da9bf9e2f97b9e051be84165f6fa305851b98cb2304337b2060b44f6e605f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Solara Executor.exe.log

Filesize
847B

MD5
ef375f28c91db0202bf7db29c0cbc2ce

SHA1
5a3f5d4ec75a468b908c2eb2b9e6f4b1e76c1017

SHA256
f4d1c038db378dec10e7e2fc81ccc2e2d4b8132ef0d66905e3625a0b0cbbde5f

SHA512
f18141e352fcd253e02cb25fa0cff29ab06dec62bafd5aa80ca48c959d1dba97deae830d01bf521f851a8143b9416747eb170d0cedafa32b59155027c02f244d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d0c46cad6c0778401e21910bd6b56b70

SHA1
7be418951ea96326aca445b8dfe449b2bfa0dca6

SHA256
9600b3fdf0565ccb49e21656aa4b24d7c18f776bfd04d9ee984b134707550f02

SHA512
057531b468f7fbbb2175a696a8aab274dec0d17d9f71df309edcff35e064f3378050066a3df47ccd03048fac461594ec75e3d4fe64f9dd79949d129f51e02949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0182dc75-da91-45e5-9179-416a84cc294a.tmp

Filesize
5KB

MD5
be17fefd5d57b55014cd73a45ee9715c

SHA1
82c9397f61f9bdac3aa825631bc5082f58ad8c16

SHA256
8b3ea4ffe076b77d9b6e8ac721ead8a43053e133aa2227d906554ace4ef51b80

SHA512
ed11d666f6b14598c1124ca59fa313f2d77bc7c7b54de58c201af4bd7c1b279f38a087e099e2ac52ff18aaaa911880cda62b9f32eef3270edac7b60797ce4055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
715cdd07d8eb9127e459489681fc4a1f

SHA1
41506097ccb24f1c2b68eb70a09c9dbb38899cfe

SHA256
55a734d6e695284b712fc670e7d7a78eb9e60708fce1c074ae41f0978c4b700d

SHA512
0ff18172160495eedd07ff4e7023d42bccb7db34aaad8d7a51059c5a743b74d8d4464511eca9707162aa5c5b7bb07f482df28d68e170b593d35ff1a4c8e261f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
710B

MD5
707adec20a1353900d5e13e883ebf41c

SHA1
e7c772b74b8551b476dee142dbd56f7239ef94ec

SHA256
1baa031d0558bc20db75048737a513dd57180e750c674f78c17ad922965c5f22

SHA512
7c469aa658406dfa5fff70f7bfb345b924c9bc317904097a95c750644b323469c83c963ff3d9651429da5a9056f5218cdd08b4e7b3048a0b7f661a3afe8306f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d651204e70a5dadb5e1dbfded99b8ee4

SHA1
6cad59ed29103ac14dfe6025039371136109e7ac

SHA256
e83ca59b11e297360fa84451908a6ae7c990e2a8e3336e1b733ca5be76b4f8fc

SHA512
25d04d666bb3b99d68f7094868817afe5cda2e0d319039ce4b157d909f0cb981f8cb286ff18ad47aec1e53fd62000898d30186141cc752d0c216a06765665080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
55fae778ef0e41722cb43c2d6a98b703

SHA1
af6a70901c0cbec02a4d09f770c6824394505bc8

SHA256
4d3febc96f0bb1e88250b941aea33062297e7099a08a66a63fdd81da88fd6db9

SHA512
8c37db76f2f2c7ff2b588db298903ecf09806b71a03033e4a264d192f26f28ff504b0c3738a72e870b579a793456f3d9a0d2dc2359037031cb2a19fe898f4ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e8fd481004db45aebcd93264b8fa5865

SHA1
7db8b345b8617df6f8063e1cf70361a48639a380

SHA256
f73d51cb6f7d81255901673e59cef72084fe287608b9609ab5da71634454a633

SHA512
fd2a6154dcf8dc9db1bee8b70ae62d32a6fa90e4120a20f6d5aeb1b5bc5d2e81f0f8e27d252f2b156f98ab5dfd33812af68b888560b64a1a05060abd123d03e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6ddf105528d81e6479ef9000af85373f

SHA1
59b55142acc38696efe4c7dd860761f5873ba686

SHA256
f3dbeca0060be1da2e955f3ac65e90408830f46cc2bfd86841f227f8584545cd

SHA512
9203ed5c1b609521040bb6b70e7b44b690ec97adc6ebd5b20cecc25feaf7145c738d2f05113d4d72bd594d4750039cfb16ae7448f0e32cdea4d82817cf07269e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aa93c093e7f37c62fa9561f1a336e631

SHA1
c6ac0f78925f23aec4a039cf0a5d3abd1bcfed10

SHA256
01efc9ed13e26097d7274c6ce1e768523455f839a5279737761dc744f99385f3

SHA512
26b0f0627311f3491cea743fa50b0d6331403fa5929bc6beb69fe8ad642e6fe83f2d6f67ff6ac5c7ff236e8b3a4d0e4d88a7949ea4d026a9a8dccb8b959c6611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
6bf561045d62f1f7aca7f7d39f3e7ee5

SHA1
e74e0ed3e6fecd5cb862360ba86e0bc38abe8dd8

SHA256
c8d8a8e87526fbcf7c4b96e733183551cf5ae866d98e6177b861d73f7ee5083e

SHA512
5988e5937110483bfebaa539f15a02eb3e1fe9e2f5e451cc8f9eb5dc691802ca91f1b36c5ed1c7dc02796e17425bc9f41ae91ce044637a9a283965024d06c0a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ug0oooik.cmx.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Roblox-Solara-main.zip.crdownload

Filesize
1.2MB

MD5
f619b631e8d75ae6eabcb55a7cb1d0b9

SHA1
72491d2d35e0e7e36f783716ed527d17538dca05

SHA256
bf492e1a7028aa7e1745c916ffbfd03c589db74aa2c2de159dfe2a27a207fbc3

SHA512
9170978854ee959f9646807f86fac29abf2b454e0dfd9fc2ec97728b0de86b96b5d7ec3c64169a9cd9ae5f00b70587362f9c73531782c220eb2ee6d2debc75ae

Download Submit
C:\Users\Admin\Downloads\Roblox-Solara-main.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Solara Executor.zip

Filesize
23KB

MD5
c56064494703742a97e85f2af29bf497

SHA1
18ffbbe76a4d5324d25d0975f73d9f22402cf708

SHA256
ae6ec274f3ba5cba4adf8fc11019d44e21defbde41a4b85ec1613d5cc42cb3c0

SHA512
96024779acf9faa2d149f9bee94c1812c052b71e270b31fb0ada63b3d9efcf3f39fac5f09cd3fa99acf5fe66204aab1fd8c396a250764acae67aaec285f6fe64

Download Submit
C:\Users\Admin\Downloads\Solara Executor.zip:Zone.Identifier

Filesize
201B

MD5
365bde70315bc56c7361912141371d74

SHA1
3a23641b99a2556e49f9bc7ef28c917a089c938b

SHA256
3cdf8d5f2b5b4abb3829e49f53d0fe4c405735e1b63b9f5a992cd0b76a681461

SHA512
4137f22b4fa2eddd74e220e426ba9938e5e19a6498830cc992c4785884a884a4662629647209cdbf4d45f099ed7ce81a1865bfaa191b974a70a6eec301fee19c

Download Submit
C:\wpkdchyy\bxoytrkxt.exe

Filesize
3.1MB

MD5
fbb44da2d0860af30fc45116529832df

SHA1
44377732b9959172cdb261d366069801adafd52a

SHA256
3dc3c88ce100a2f6d16e8c0fbd096b622810bb62dd6dcf5719c657254129ec31

SHA512
b1cdda7f3b67f1bedfbf896a4e7e8af0d12aa78a8709604d1262cc68ff0b0bdb3a326e7325075210f4d4e22e43fd7a7fa4bfbc90fc4c032bc3f3304f79157909

Download Submit
memory/2376-575-0x0000000000D60000-0x0000000000D68000-memory.dmp

Filesize
32KB

Download
memory/3488-615-0x0000000007980000-0x000000000798A000-memory.dmp

Filesize
40KB

Download
memory/3488-602-0x0000000070510000-0x000000007055C000-memory.dmp

Filesize
304KB

Download
memory/3488-614-0x0000000007900000-0x000000000791A000-memory.dmp

Filesize
104KB

Download
memory/3488-612-0x00000000077D0000-0x0000000007874000-memory.dmp

Filesize
656KB

Download
memory/3488-616-0x0000000007B90000-0x0000000007C26000-memory.dmp

Filesize
600KB

Download
memory/3488-620-0x0000000007B10000-0x0000000007B21000-memory.dmp

Filesize
68KB

Download
memory/3488-621-0x0000000007B40000-0x0000000007B4E000-memory.dmp

Filesize
56KB

Download
memory/3488-622-0x0000000007B50000-0x0000000007B65000-memory.dmp

Filesize
84KB

Download
memory/3488-623-0x0000000007C50000-0x0000000007C6A000-memory.dmp

Filesize
104KB

Download
memory/3488-624-0x0000000007C40000-0x0000000007C48000-memory.dmp

Filesize
32KB

Download
memory/3488-611-0x0000000006BB0000-0x0000000006BCE000-memory.dmp

Filesize
120KB

Download
memory/3488-589-0x0000000005FA0000-0x0000000006006000-memory.dmp

Filesize
408KB

Download
memory/3488-601-0x0000000007580000-0x00000000075B4000-memory.dmp

Filesize
208KB

Download
memory/3488-600-0x00000000065E0000-0x000000000662C000-memory.dmp

Filesize
304KB

Download
memory/3488-585-0x0000000005120000-0x0000000005156000-memory.dmp

Filesize
216KB

Download
memory/3488-613-0x0000000007F40000-0x00000000085BA000-memory.dmp

Filesize
6.5MB

Download
memory/3488-586-0x0000000005890000-0x0000000005EBA000-memory.dmp

Filesize
6.2MB

Download
memory/3488-599-0x00000000065B0000-0x00000000065CE000-memory.dmp

Filesize
120KB

Download
memory/3488-587-0x0000000005800000-0x0000000005822000-memory.dmp

Filesize
136KB

Download
memory/3488-598-0x0000000006090000-0x00000000063E7000-memory.dmp

Filesize
3.3MB

Download
memory/3488-588-0x0000000005F30000-0x0000000005F96000-memory.dmp

Filesize
408KB

Download
memory/4948-659-0x000000001C820000-0x000000001C870000-memory.dmp

Filesize
320KB

Download
memory/4948-660-0x000000001C930000-0x000000001C9E2000-memory.dmp

Filesize
712KB

Download
memory/5168-652-0x0000000000A30000-0x0000000000D54000-memory.dmp

Filesize
3.1MB

Download
memory/5336-682-0x0000000006E90000-0x0000000006F34000-memory.dmp

Filesize
656KB

Download
memory/5336-683-0x0000000007150000-0x0000000007161000-memory.dmp

Filesize
68KB

Download
memory/5336-684-0x0000000007190000-0x00000000071A5000-memory.dmp

Filesize
84KB

Download
memory/5336-673-0x00000000705B0000-0x00000000705FC000-memory.dmp

Filesize
304KB

Download
memory/5336-672-0x0000000005C30000-0x0000000005C7C000-memory.dmp

Filesize
304KB

Download
memory/5336-670-0x0000000005690000-0x00000000059E7000-memory.dmp

Filesize
3.3MB

Download