Malware Analysis Report

2024-10-10 07:51

Sample ID 240615-a9j9jatarc
Target https://cdn.discordapp.com/attachments/1247678872124788919/1251336967988183050/CrystalUPDATED.rar?ex=666e35dd&is=666ce45d&hm=1a921b2d1396611888ad9205788c2715a99b31e18d0acaed35c1d989abd7dccd&
Tags
agenttesla evasion keylogger spyware stealer themida trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://cdn.discordapp.com/attachments/1247678872124788919/1251336967988183050/CrystalUPDATED.rar?ex=666e35dd&is=666ce45d&hm=1a921b2d1396611888ad9205788c2715a99b31e18d0acaed35c1d989abd7dccd& was found to be: Known bad.

Malicious Activity Summary

agenttesla evasion keylogger spyware stealer themida trojan

AgentTesla

Identifies VirtualBox via ACPI registry values (likely anti-VM)

AgentTesla payload

Checks BIOS information in registry

Checks computer location settings

Executes dropped EXE

Themida packer

Loads dropped DLL

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Program Files directory

Enumerates physical storage devices

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-15 00:54

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 00:54

Reported

2024-06-15 00:56

Platform

win10v2004-20240611-es

Max time kernel

101s

Max time network

100s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1247678872124788919/1251336967988183050/CrystalUPDATED.rar?ex=666e35dd&is=666ce45d&hm=1a921b2d1396611888ad9205788c2715a99b31e18d0acaed35c1d989abd7dccd&

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Debug\Crystal.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\Debug\Crystal.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\side-channel\CHANGELOG.md C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\vs\basic-languages\csharp\csharp.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\Code Cache\js\index C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\Network\Trust Tokens C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\GraphiteDawnCache\index C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\BudgetDatabase\LOG C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\call-bind\.eslintrc C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\depd\Readme.md C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\vs\editor\editor.main.nls.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\es-errors\README.md C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\mime-types\package.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\side-channel\README.md C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\unpipe\package.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\min\vs\basic-languages\st\st.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\Extension Scripts\LOG C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\Network\Cookies-journal C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-de-ch-1901.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\CrystalExecutor.exe.WebView2\EBWebView\Default\History-journal C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\has-proto\tsconfig.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\set-function-length\.github\FUNDING.yml C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\vs\basic-languages\yaml\yaml.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\discounts_db\LOG.old C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\ExtensionActivityComp-journal C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\es-define-property\package.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\destroy\README.md C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\iconv-lite\encodings\utf7.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\CrystalExecutor.exe.WebView2\EBWebView\Default\Network\Trust Tokens-journal C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\GPUCache\data_0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\has-property-descriptors\.eslintrc C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\safer-buffer\Readme.md C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\min\vs\basic-languages\restructuredtext\restructuredtext.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\min\vs\basic-languages\lexon\lexon.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\CrystalExecutor.exe.WebView2\EBWebView\Default\DawnGraphiteCache\data_2 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\es-errors\ref.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\proxy-addr\package.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\vary\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\object-inspect\CHANGELOG.md C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\set-function-length\README.md C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\CrystalExecutor.exe.WebView2\EBWebView\Default\Session Storage\000003.log C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\has-proto\README.md C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\mime-types\index.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\min\vs\basic-languages\csharp\csharp.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\min\vs\editor\editor.main.css C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\Network\Cookies C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-hr.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\etag\README.md C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\object-inspect\test\fakes.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\qs\.eslintrc C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\min\vs\basic-languages\pgsql\pgsql.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\CrystalExecutor.exe.WebView2\EBWebView\Default\Code Cache\wasm\index C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\Local Storage\leveldb\LOCK C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Content C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\has-property-descriptors\test\index.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\express\lib\response.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\mime-db\HISTORY.md C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\qs\dist\qs.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\vs\editor\editor.main.nls.it.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-de-1901.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\define-data-property\tsconfig.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\encodeurl\package.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\express\lib\router\index.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\inherits\inherits.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Downloads\Debug\Crystal.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628865504592850" C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
N/A N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Debug\Crystal.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5100 wrote to memory of 3896 N/A C:\Users\Admin\Downloads\Debug\Crystal.exe C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
PID 5100 wrote to memory of 3896 N/A C:\Users\Admin\Downloads\Debug\Crystal.exe C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
PID 3896 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 3896 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 5100 wrote to memory of 3920 N/A C:\Users\Admin\Downloads\Debug\Crystal.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 5100 wrote to memory of 3920 N/A C:\Users\Admin\Downloads\Debug\Crystal.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 3920 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 3920 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 4708 wrote to memory of 5204 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 3920 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 3920 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
PID 3920 wrote to memory of 5228 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1247678872124788919/1251336967988183050/CrystalUPDATED.rar?ex=666e35dd&is=666ce45d&hm=1a921b2d1396611888ad9205788c2715a99b31e18d0acaed35c1d989abd7dccd&

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3916,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=4116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4388,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5292,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --field-trial-handle=5464,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=es --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5356,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=es --service-sandbox-type=collections --field-trial-handle=5296,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5936,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6632,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=6652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=es --service-sandbox-type=service --field-trial-handle=6208,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=3788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --field-trial-handle=6888,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=es --service-sandbox-type=audio --field-trial-handle=7056,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x380 0x2f8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=es --service-sandbox-type=none --field-trial-handle=7196,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=7184 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap14020:90:7zEvent32695

C:\Users\Admin\Downloads\Debug\Crystal.exe

"C:\Users\Admin\Downloads\Debug\Crystal.exe"

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

"C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=es --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5816,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=7088 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3896.4812.6282772164197026198

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=125.0.2535.92 --initial-client-data=0x17c,0x180,0x184,0x158,0x104,0x7ff868ad4ef8,0x7ff868ad4f04,0x7ff868ad4f10

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Crystal.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=5100.2204.16748028568094578536

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=125.0.2535.92 --initial-client-data=0x178,0x17c,0x180,0x154,0x188,0x7ff868ad4ef8,0x7ff868ad4f04,0x7ff868ad4f10

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,10695869611317532962,4763254597015875087,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1740 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView" --webview-exe-name=Crystal.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1752,i,2839148712816821838,10648532392265726322,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1732 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView" --webview-exe-name=Crystal.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --field-trial-handle=1956,i,2839148712816821838,10648532392265726322,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1948 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1616,i,10695869611317532962,4763254597015875087,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2056 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2236,i,10695869611317532962,4763254597015875087,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView" --webview-exe-name=Crystal.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --field-trial-handle=1840,i,2839148712816821838,10648532392265726322,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView" --webview-exe-name=Crystal.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3564,i,2839148712816821838,10648532392265726322,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3560,i,10695869611317532962,4763254597015875087,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 104.90.25.175:443 www.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 233.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.97:443 www.bing.com udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 app-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 app-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 app-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 app-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 app-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:53516 tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 kit-pro.fontawesome.com udp
US 8.8.8.8:53 kit-pro.fontawesome.com udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 172.64.147.188:443 kit-pro.fontawesome.com tcp
N/A 127.0.0.1:9561 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 188.147.64.172.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9911 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9911 tcp
N/A 127.0.0.1:9911 tcp
N/A 127.0.0.1:9911 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp
N/A 127.0.0.1:9561 tcp

Files

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Extension State\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\GraphiteDawnCache\data_1

MD5 963637bd6a2d4b357dbb10e10b716b34
SHA1 a48c30f13c0dbec3f93161eb2aaf29e89286cbb8
SHA256 52aaa4dad3c8bd7bcb3a5b58ba17c7d205e0dc93418d4de671cd539fe5b84006
SHA512 ae7a627c16fac857e594966697f83bcd4892799cbbe872fff129bbf17a6fee510c9965266e6946e44848f248bab645e2dc80104077092e90b8c938d49cfeac46

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\GraphiteDawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\Downloads\Debug\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc

MD5 d0104f79f0b4f03bbcd3b287fa04cf8c
SHA1 54f9d7adf8943cb07f821435bb269eb4ba40ccc2
SHA256 997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a
SHA512 daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

C:\Users\Admin\Downloads\Debug\Monaco\fileaccess\node_modules\hasown\.eslintrc

MD5 c28b0fe9be6e306cc2ad30fe00e3db10
SHA1 af79c81bd61c9a937fca18425dd84cdf8317c8b9
SHA256 0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641
SHA512 e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

C:\Users\Admin\Downloads\Debug\Monaco\fileaccess\node_modules\hasown\.nycrc

MD5 c2ab942102236f987048d0d84d73d960
SHA1 95462172699187ac02eaec6074024b26e6d71cff
SHA256 948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a
SHA512 e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

C:\Users\Admin\Downloads\Debug\Monaco\fileaccess\node_modules\vary\LICENSE

MD5 13babc4f212ce635d68da544339c962b
SHA1 4881ad2ec8eb2470a7049421047c6d076f48f1de
SHA256 bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400
SHA512 40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

C:\Users\Admin\Downloads\Debug\CrystalExecutor.exe.WebView2\EBWebView\Default\Network\Cookies

MD5 04d4c386aaf03e6dca3ac87334f03d3f
SHA1 74627631ce3bd2ba43a12aac39f232da662a32c5
SHA256 c130cf082fdce58c9055dba5775490ad8e41055ead5edb0b1e411330144c971d
SHA512 01bce1bbdf00825e19c23559ec41a0236b059cec2e891cf4729288b6275aaff62f442b4556c869bfbe17a91475f22dc98522381b2e4f3bef6d1611f7f9f9bc1a

C:\Users\Admin\Downloads\Debug\Crystal.exe

MD5 9e353bbaf855fd44edba02d747b6e9f4
SHA1 289146c6c89604690048b018638e147e8a53cbed
SHA256 2d0efe812711be404787e0c6832284bbacb0e16e35d241cb29d88f44e8bc336e
SHA512 13ebe39c7665b2d17d83f2df9d4241bcc2ddc7e086ab8b7b031ed56f8356611b92901f70e202d44e2d2d349e9c135202592dcc0ce3a45017576e0cde7d7760e5

memory/5100-2150-0x0000000000F00000-0x0000000000F2C000-memory.dmp

memory/5100-2151-0x0000000003220000-0x0000000003236000-memory.dmp

memory/5100-2152-0x000000000B410000-0x000000000B9B4000-memory.dmp

memory/5100-2153-0x000000000AF00000-0x000000000AF92000-memory.dmp

C:\Users\Admin\Downloads\Debug\Microsoft.Web.WebView2.WinForms.dll

MD5 ca1529f9891c243b11934d156dc35bce
SHA1 fa82bd19c2835443bc9ea55644017b5d68ff7a4b
SHA256 b12d2c15e93a0fc29a731bec998e7ddf073b3ae2454f3afdd9934bbe6a223d4a
SHA512 95deee9fbca5bcff0d534f187e003780ff4358a24b5407701a46d5c8109f6d31e7a637b204a30ae5ed6d63caa42a5628a9aab693cbbf892cea60dae05a45c5ab

memory/5100-2157-0x000000000AEA0000-0x000000000AEAE000-memory.dmp

C:\Users\Admin\Downloads\Debug\Microsoft.Web.WebView2.Core.dll

MD5 2ab84dc690059b2bd34d2f00561d6af4
SHA1 49b665b40a5ae995edfec80caf7e409c9795e9dd
SHA256 a1e096c6842b9f443679f47e321379d15e1f93c77fd0b6d32b9eb0e93e25ac89
SHA512 80d1c0fbe937655f1e78549c4bdaaa7d8aa55a74945c16f3663fe270c0a715eb7f89dc66490a0164f33444aece768a41e894bdcaa50ce2f88a6dab77b9809afa

memory/5100-2161-0x000000000BAC0000-0x000000000BB50000-memory.dmp

memory/5100-2162-0x000000000B350000-0x000000000B35A000-memory.dmp

C:\Users\Admin\Downloads\Debug\Guna.UI2.dll

MD5 c97f23b52087cfa97985f784ea83498f
SHA1 d364618bec9cd6f8f5d4c24d3cc0f4c1a8e06b89
SHA256 e658e8a5616245dbe655e194b59f1bb704aaeafbd0925d6eebbe70555a638cdd
SHA512 ecfa83596f99afde9758d1142ff8b510a090cba6f42ba6fda8ca5e0520b658943ad85829a07bf17411e26e58432b74f05356f7eaeb3949a8834faa5de1a4f512

memory/5100-2166-0x000000000BD70000-0x000000000BF82000-memory.dmp

C:\Users\Admin\Downloads\Debug\SolaraAPI.dll

MD5 a430b95b219c525e77cdb4b684e866e3
SHA1 935a4de89b05d54ca1688aadf7b48d2ccb6b0427
SHA256 8b0446d547abb698ba457789e4ddec67d618148298ea609a3d8b2815a6b6df9f
SHA512 0ea2677441169c77cccfcdd52276b9bc9672b1600908802c95be16feff8f475d21ba1add3a1f77b7754c22aec143fb2190a24022cec59654ffdd28420e43f160

memory/5100-2170-0x000000000E660000-0x000000000E66A000-memory.dmp

memory/5100-2171-0x000000000E770000-0x000000000E77A000-memory.dmp

memory/5100-2173-0x000000000EFF0000-0x000000000F002000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\accepts\LICENSE

MD5 bf1f9ad1e2e1d507aef4883fff7103de
SHA1 f027af3e61af3880fd7f7b8ba9452a85dd215738
SHA256 71f83c4c0621102a56d9853812777b85751bce7e9726f686f5b056c1f8a4b0e6
SHA512 a1a293eb0097fe87875f3bf908cc0b0ee8f15e995c68e984b6a24e247b2e954407d7941ea96abd7fe002a1bdfb713fdfb0d3839d948a334603f05e644829f606

C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\array-flatten\LICENSE

MD5 44088ba57cb871a58add36ce51b8de08
SHA1 3a7f886b632d2197676a40020d354e84b7860604
SHA256 4eeb3271453a891df609e5a9f4ee79a68307f730c13417a3bfeffa604ac8cf25
SHA512 6d8b9708bfa1f3cfa2b63f90152cb6f26960c2ba54fa11a16c13e1d5a3f85f4121516699025b6b759e051b276509b1d69510b644241434e6f8f81b3dfa5a8e63

C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\body-parser\LICENSE

MD5 0afd201e48c7d095454eed4ac1184e40
SHA1 6a4ed3b5e9cff68af7593dfcb8be3c1cbea837d0
SHA256 23d466b1b134b415b66fa50c6526b4cf3e7b9258554da88d3abb371721e7ce68
SHA512 ebc137c01c13da9d90fd411729b10cb15e6b7ea3f31a6b9dd23d0a769aefe61cbea7368c36698b0d562e85dca08ebcaa59996f9653295a1c79252cba3da3d3ad

C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\call-bind\LICENSE

MD5 0eb2c73daa0ecf037cbdf3d0bb0c98d5
SHA1 7087a92577c86806338a363a88a9a3b4f762e26d
SHA256 39c5ec504cf6bd5cd782a7c695828e09189df79f5d94840e4f08feb97b9fd416
SHA512 12a2a3bf2abafa5e3f669278ee332c87e4a164cfe54ef6019ca8b5f3d41f38f10224d52f471d0256aad6600dec9fb3a1edf3c84f38cc9f1cfd4eb9a2af8a0066

C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\es-define-property\LICENSE

MD5 8fe23ea421aaf9f9d687709f6a6a09b7
SHA1 a47868ab90b532df82abe3e4f507bcb2ea441364
SHA256 5e325595b4ea8cfec3802f545b1def5d7b73e4a5b8e9ba63e32a320f67732292
SHA512 8acd3b84f3afa8c6ff9c1a58ab774ea33aec7701c022ba8f4d36218a8d1c03e80ef2ee1d692dbd43dbf5883153137c5e000f113b98da23d870dfab6f71b78afa

C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\es-define-property\tsconfig.json

MD5 d8a043c42fc4d89057f4dd4be72c3ea9
SHA1 47d00b1a54afd2080104036e09a565c8f9f670df
SHA256 55d3ca9ee2a017d8d9a969c47fd7623b4619cdd29010b5cdecbf7c88b42d23a7
SHA512 c9966a66202e6f816ae76a855b0e116e2e1c09c2d81bd42d940b3464467e526de85ad0f2db320dbb5fdeda6793b750e2d445f7510c743031fb3bf13d94441b42

C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\etag\LICENSE

MD5 6e8686b7b13dd7ac8733645a81842c4a
SHA1 b058a139cb239c658c8f1f841a475a50818b5f73
SHA256 a7996721249a136fbcfc1c201bcb5f414f38a701d4a24f28abe65e16cfcce813
SHA512 1cacd9111b9eb27a0fd326dd19d61bdf767e443ee1dd09d983af81199ecda0d7cf047fbd18b900c7d773972b1278d5d3c19fa753591333c04c27ddac71af6422

C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\has-property-descriptors\LICENSE

MD5 d237eac07663bde2409de740ba75ec97
SHA1 74cee463c60de7e0bfd342362e2a4ddf5f1883d9
SHA256 0f0ca96f50793990031ebc488a38f7292ff70bce8ab6a8e5eeda674abc32ccdf
SHA512 d7a2f0dac429abc40834b1887cbffec6487330328aefed4a84ed2da8fcd687a489c7e25c981b99ef0ec5c0b71efbf6c30489d8204f295045afaa488dd98d644e

C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\hasown\LICENSE

MD5 19283ee92f78c91154834571c1f05a94
SHA1 acbff97b52a807a3661247328dc45df636d7b8f7
SHA256 bf9b0d665be2a689851eea667ca9f42066ea1d903b38349c51e6a44b2577680a
SHA512 22369cc02af1d2a345a70a415de9e690f3f14ad6567f216924bf05dcf01dbbde7c6b3a08cf87d5edf1ca3b5a793d504e532f3a7c828964e97024334135b57369

C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\index (1).html

MD5 08d9ac1e35385587b0c3c8a73ea97234
SHA1 d1db15b5e97152be999339d90630f68ed06a6b78
SHA256 016cadaa9a8494b15efea920a5ea9c02b441e90dbc7c444e73db3b307f93a741
SHA512 8061a5a92f828642ea2fcb319571efa406ed67a75b4d4da1aeb3da96391a72fcde670e3e52efef62d37ddc17f7eca5afa0d35aa02bfd1bcadd8e86240cb802a6

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

MD5 d213a75b1956398e4c36bcc2f93339bf
SHA1 6a2739cc0e67f5593c744fbcbc8f00f12eef9954
SHA256 ece75d080f94df4b3699389021337b1536cfed229d1325f09b03f0b0d6d85ab4
SHA512 d32ddaf4c6f8f8df6c390d683e6c039f3b0d8f35f68f690b28bf88b17caedf0e11abd3aeb2e46238d0cd0a91b2db095cca0782b4e27f04453ea4cb6db38f4dd7

memory/3896-3637-0x0000020B96800000-0x0000020B9681A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Api.Solara\Wpf.Ui.dll

MD5 aead90ab96e2853f59be27c4ec1e4853
SHA1 43cdedde26488d3209e17efff9a51e1f944eb35f
SHA256 46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512 f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

memory/3896-3639-0x0000020BB2230000-0x0000020BB276C000-memory.dmp

memory/3896-3640-0x0000020BB1DE0000-0x0000020BB1E9A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Api.Solara\Microsoft.Web.WebView2.Wpf.dll

MD5 0be1da3ff37f50fd3b3e9af672823566
SHA1 6613d92e19bd889e0c330686526ea0fc9596bd33
SHA256 aaeff04c720c3c7df94beb7f670a0f992dcbb23a1f5283980084462a7f6e65a8
SHA512 600381e32ac6b379ee34beb5a938b4a4a2f69cfbd8cf086a1c57bb84876b02db050506a9fdac7fa028957a7ff21d911e15e8b85c4c0db1803d038f04efd3b2b8

memory/3896-3642-0x0000020B985D0000-0x0000020B985E0000-memory.dmp

memory/3896-3643-0x0000020BB2120000-0x0000020BB2222000-memory.dmp

memory/3896-3645-0x0000020BB29F0000-0x0000020BB2A6E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Api.Solara\Microsoft.Web.WebView2.Core.dll

MD5 851fee9a41856b588847cf8272645f58
SHA1 ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA256 5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512 cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

C:\Users\Admin\AppData\Local\Temp\Api.Solara\WebView2Loader.dll

MD5 a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1 dd109ac34beb8289030e4ec0a026297b793f64a3
SHA256 79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA512 2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.dll

MD5 0df8e80fd47cee0af8a6fb8ae2fd2237
SHA1 3780465816d176d162dc32895284aeb631efefd0
SHA256 2bf8ee57bc984b47d8662dc580c4aa97aa48807b5f7d5953d72c14e7277da045
SHA512 1864cc3cdea3ff3262bac5f1e308f9c937f329516b9f48c1a69eda9246d3ed0c8cdc51b4129c73bd766166327060eb4002d96a28f9e7ed361210b4a869aa1194

C:\Users\Admin\AppData\Local\Temp\Api.Solara\libcurl.dll

MD5 e31f5136d91bad0fcbce053aac798a30
SHA1 ee785d2546aec4803bcae08cdebfd5d168c42337
SHA256 ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
SHA512 a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

C:\Users\Admin\AppData\Local\Temp\Api.Solara\vcruntime140.dll

MD5 7a2b8cfcd543f6e4ebca43162b67d610
SHA1 c1c45a326249bf0ccd2be2fbd412f1a62fb67024
SHA256 7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f
SHA512 e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

memory/3896-3656-0x0000000180000000-0x0000000180A63000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Api.Solara\zlib1.dll

MD5 75365924730b0b2c1a6ee9028ef07685
SHA1 a10687c37deb2ce5422140b541a64ac15534250f
SHA256 945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b
SHA512 c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

memory/3896-3658-0x0000000180000000-0x0000000180A63000-memory.dmp

memory/3896-3659-0x0000000180000000-0x0000000180A63000-memory.dmp

memory/3896-3657-0x0000000180000000-0x0000000180A63000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Api.Solara\bin\path.txt

MD5 7207978deac3d2df817c0efb6de01f45
SHA1 1b547cb35c2e709dcf4132452cdb5b6ccd66044f
SHA256 14056051c638d943e3f6cd8ae99b7b8b8b4419f6e6193861081e519eeb4dc808
SHA512 d38226a5eb755aafe7e8e3d707b00841aea985bd8dedf20556800f1bb7ac7c807fa195bdd1e21014087f89b319ab278bec922951b7c682e9edd3fbee147834ed

memory/3896-3662-0x0000020BB57A0000-0x0000020BB57A8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

MD5 9e4e94633b73f4a7680240a0ffd6cd2c
SHA1 e68e02453ce22736169a56fdb59043d33668368f
SHA256 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

C:\Users\Admin\Downloads\Debug\runtimes\win-x86\native\WebView2Loader.dll

MD5 df6b6e71cb65552cd9fb283b91ef9908
SHA1 e10f9cccaa4666f070db8209fb99f6fcaf9d9075
SHA256 256510c2872a3a96a8e0a7db0db6c6e7b31ebed34cd6b7c430712ca640c73842
SHA512 80561a65c7dc7dee4517240718d85ffa59782fb8c5be744862d041759db8fd818fefcdeff87a98f904ded0674b873e7f39b1e53d549aab96ff15a88cc85c93a0

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

MD5 1be45f1d517480dcc4ec964f7bc88a4c
SHA1 7b24846d7cf7b9b44965748f9a013cf551dfea92
SHA256 c570347c719d4f87470812f443bd6c7d155eba2f41e31111a6927b47747acd03
SHA512 d14d2a9eb66be559bdf68d09cd979f97d1fbbbdbc2af51d7492ee4903fb8f28c0aa8a8caf4b7c8e20a32f5c92f1a308edc37df6920767b2b37239fd4492b9e54

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\BrowserMetrics-spare.pma

MD5 c23f06df5f09ad94ef1d3825f5d72cf0
SHA1 2871170941068704501ed6814bea109261ea5f0c
SHA256 8460bd3bda4e2079b98991c4b542c7e44cf13ccba0eec3d12d513ed638c16d20
SHA512 6c6470b38095385661c2996b927a48921fdc464efe2476f0282f4100fed0197b9235e6234f09aa2653b6ef3ccee2c2596aaead0bf01fb7d3dd577c6cd0ac8836

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Crashpad\settings.dat

MD5 3c5c5443e8187ee344e8b22af02be1e7
SHA1 6f3942d9cc851c1e5a4940128f91ec5a45cb08e7
SHA256 a7e1ceaa8e223070e06d7001da65de4440ba5d9679325042be3c884f2ff989c8
SHA512 581ab8f470b0a71a71f7855ebd3a061cf66e0a73730fc9634d959fb0fcfef6b04512f951606075f263990a2e0dc625c00062cde8304386bb862c3f37d353f2f8

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Local State

MD5 4f8a2a16e1274ebdb5c66c2e9d83aa2e
SHA1 5205e0af2e6b991a5462f55d8616124d516aeee5
SHA256 2d6f85d0f3cdc73672c48e9c518969a74aa43f8aba489735d984a9e65d60c0ab
SHA512 c4e2755490bc2200e529225a331007940f2b7035e558d3b010502b4bdc8609041e17b453818d3eef8e2c03261f4c537cd09eec8c6c189557a94e954ca8b0d9e7

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Last Version

MD5 754f1eae8d950f937197f3edaa4637fb
SHA1 4572f845999bfba664611bd72683eccdc16b420b
SHA256 801bc3c3e5ee87fdf8c5dfa78fdeaeb013ddfa8530f542ffa7e4dff10c6ee384
SHA512 7d1ba8d9d7823ec70284a6e9042cce7272233b3512e95230da39fb822c933851f32427f97ab1685770b77e2a46b7b3f86f15a873e79585c7ad599b4a3cc90928

memory/5204-3714-0x00007FF88F580000-0x00007FF88F581000-memory.dmp

\??\pipe\crashpad_3920_YQUWSWVKLIYETUYO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\index

MD5 78ab5dc78582be6255324cf3c94f7fc3
SHA1 18532a64165d7d921310b454373ebc6001615903
SHA256 b745ac0d27a7d801ad680ebdffa42ea97ed60e9f1dc654dab0f23da5e06a1e77
SHA512 c803f01cd4d39990d1dc782b03f36025363476a6aef72177584762e6d5e20834f629bfa1349ad959bc5969315978b8385a7f44afc33ee24b9843e754201e99d4

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000007

MD5 885d32cf40294b2d69b2f58bb27468b7
SHA1 c1c9db162121048bf585aa8915ad88c2820d17c4
SHA256 c8545021ffd4b062ea76df6ab092f50a7c0de35d61132769dc7b43afcdb0fc75
SHA512 ee625ed97724a5e4861ef595a962d42e2e9ab935db201fd7a320ac0dffcec82ff11ffd20bdace74a7eaf6d61e1da01a7a9481a0d1cbbd7168d011ce0f9d9ef18

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000006

MD5 435a4fd590eb82d976b39224488e057a
SHA1 21c428bdb0c21b159daaa5afe9d7bd582712e03b
SHA256 8caf1dba6cbd53db7046e5560555f239e7bb255481e80f2f856d30d760f98dad
SHA512 7b826041fe2a088f8b42bf0483f5b6216296dafa10be7debb616904c9b1560fe1714c3343e40cf1a6dea508a3405d2d84e0c0326e2cb8138ea6bf82ffddcfe07

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000005

MD5 5a5602fe5bdfff54ce95f1681d935255
SHA1 518be4e4a4aa33a2e3842b73410906f74fd0a466
SHA256 e567f8a857cb3871c7f2a1c00ae73d85bedea2a79cdac80fba9562b88b0c577a
SHA512 ee79ca8cd5f8d2a0bc5cc7c20c1eba0023e2921c141017173c326648eb5948becdb99cdf2f8b18215a1f44048b4c51954088d6babfc10a66d9fb8757eb792ac9

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000004

MD5 2b27616c587c24e472219004662ac426
SHA1 0eadf7488e618c4515dd6659299ce9014707c90e
SHA256 8ae6202421d5615f8ce03de0a506c651a3b9082e33e63d2dbaeb9d4ab68d3acd
SHA512 e8d3ea7a478e22cb08c53de5270e9d5050b38809e54797443d086f75b74d1f4a6507e22c7ab91d5b8f61784bf1959e70c8be44f2dbf0974a3b061a7241dc9550

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000003

MD5 9c700e17e974d4ab2dfde82f6451dbbb
SHA1 d5b85e82e10c2d96b36316670c76b8a0112bf246
SHA256 3ec0462dbcae8561ca0465558845da248d434dc6205cbde99c47ae3be2ac99c0
SHA512 1428b7401d281ad3d635eb007e45b6e5798be6b029f270874af2312627c496407ec7440df4a3028f3cd6c1ec587b0805425ae5de4bcb04b90d942145e26966fb

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000002

MD5 55ab99995a2292864c7c11c519642c3b
SHA1 744867443cea56c05d7c3f93848205f052b38e77
SHA256 3f2dc4ef90c9a94734d362e3d6ecd119a86b4be83798e20454a25ce1bf985eca
SHA512 d92378863c378ff11840aa988abdb74e01bd7bef95408052488862efe2e2e9bd8b64b73a79fbc4c14238b43df6bb2d6083336d0469d8fa0e1e5a2575c66eae58

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000001

MD5 2bb63bc961589fa265d96c64959719f1
SHA1 342a2503343edc2693a193eb8cde67296d366c0b
SHA256 e01c8fbda53cd25b4bb153924b4076090139d390727517c60edd4e3b849103a4
SHA512 b2aa26a6cab3d90f5b65a7c617d7b8dcd2332934c38a432837765132fd4803415813d3643b91f008d3a0f855c2856dd8b745258ec6e65ca7153646b089f426e4

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_3

MD5 074976591c55f46925c18055f02675c6
SHA1 d721c4672811007ac715f334905b9f99d55bd624
SHA256 7683675f990ef60d83812231a26670346633eeaedbef1b6b0eb7a91337dace59
SHA512 3a3b1ef4ac88fce1ad6358b6a0df7d7b12b957fdb6d5e40eebfd60403a326622574a77dbc6eea578bc0ee3a07f88cb9fd82289b9f776608ff8b2cb39e276aa2b

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_2

MD5 df9a7c3f3383c3f1e59497321f6e4f76
SHA1 ea346080eb035e026525f7ad36161be172613489
SHA256 c9f13442deb990e0434f7e67f37da70e8b05c289fba66d3d1e054c192c76e448
SHA512 e4aeac17f13565bc675d9da7c8653b27d8212461da92255211a90fa60c3a5b23041c74fa5027f5d7e4f1f92f9a2109710480d35d451ba92ee8eb227ec30560f8

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_1

MD5 a5f3a2df6d8c207a503e6f662a0e41a7
SHA1 4da84dbd034ec1b8c54323b2e80811e452e3b4b0
SHA256 90163a6d85d3c90068fc03490c73db2d6b618c413f9fa26b974214985fc382b6
SHA512 cb22f314b696520b2ee8d4d70fac25f0b0960e4fc61460b308bf39e650bed76c7e9879e6c01cc7cc9b7637b3d7ea259a7cb64cddd6542bde7d0e89468f3d7010

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_0

MD5 899b13815b2c07f190304b2e379fdc75
SHA1 b2e61b74283e5fe4aa7a6bd04a77c134d64b9c8a
SHA256 ffdd4a06a8bcb3b0f4764c36f0dd483b318b269bf1915403a700b02162bcd752
SHA512 ed89247cff8d2db1fc477cd1e2c13ca59e886645b3f60429b7d8812bae0382c4ffbfab53eb90932a49edad6d82af1b512b576681f2fec896cee35a3ba1672172

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Web Data

MD5 0959d8633c2c9007bf0d27fc7aa739e2
SHA1 700ef20a203d37b06c3a14ab7b81f7597e0eb878
SHA256 385c558d227108a306141fd93ab66e2b6c1bc5855a08b48b5cfd63ffe55416ec
SHA512 2edade688490a31a3172348ff6eecf1c3497d13f8b77b4f579b2f2767a4087b1c53a3ca3f93cc8fa27fe5b197d9c9aac6df00677deed5e9024e1a6413e2a73f5

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\History

MD5 50c15d9df114c989bf2c0b6a5fb326bc
SHA1 6a05bfe64155c0c0bca3b84317b7e4a75075ddb7
SHA256 644d072afba66b3632eff8fb11270cd135186bd621f18571e8db30197d5759ff
SHA512 312e4e972688775cca0384041e1b3739c1195bc4903237e642b2985e76622ad2d8247bd4678e6719bc92bdf50eb90b880406c6dae9be35a8e0affe461879466a

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Secure Preferences

MD5 8675f8518259101def39f279686abb19
SHA1 37c94b4d24300e531a9ede21975a03cfb11d1e1c
SHA256 cc8ed9febd03a68d12b7440ae9104ecd1bd6a5a9d59a55889ad90e09382522c5
SHA512 fdb1e2d7f4cfbf1fcb11aa0d005ffd3638ca0652b728c4e544a405e12beeeffe694ad50c5e61abf75060e230260e22b06efcc715c4f624dec0c3ddd1cb690e3e

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Preferences

MD5 45f5a837b089a8ffa8280bcca681ee0c
SHA1 00773dfd384e984bf68e8fe483ded5e773ed475d
SHA256 07379445ff0b3e151a7092ae5743a89d18898ca6b3b357643d8f82beaa68a9e6
SHA512 407c3a11c6625532d562898f1d4b41e33fff3658bdc1a778efb596035486cd1cedf4fd67e8b07ad83fd2a37240fab4a12c292c6a941371c89b306dd081322e6c

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Crashpad\settings.dat

MD5 c5c90c86f8ab7d904ed356431083d18b
SHA1 7da742c2cf199867f87ff9c4c5bccd46f2ba6ad2
SHA256 a4f9c263c6575d514dc392a8029e4bc0f77c42ad2be55aedae975fe48c1521bc
SHA512 042021c91cda29eb0f7f5fbd1c854dc47127b74f4246f9f9093f7cce6e8996579f66666cc4d475b560b01241cd8f4c9779f99c744c9cb098f789b8efca07b7b7

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

MD5 7b50c385c5d22dc163c23c9943675486
SHA1 1f1e23087a53a5b7e855f00be4fef0b54f1776c0
SHA256 36ba8934bc12c61c894049793bd394e4ed945d8af2aae557f15a52dda8b295cd
SHA512 99167f21e566ed7860b561922c905db097bde08334a2e7c137ba5d335d2e267ee00f8cdcc8dfce58df24d6e9332b287123b68d616a57be0c611e3359aab79f6b

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\README

MD5 643e00b0186aa80523f8a6bed550a925
SHA1 ec4056125d6f1a8890ffe01bffc973c2f6abd115
SHA256 a0c9abae18599f0a65fc654ad36251f6330794bea66b718a09d8b297f3e38e87
SHA512 d91a934eaf7d9d669b8ad4452234de6b23d15237cb4d251f2c78c8339cee7b4f9ba6b8597e35fe8c81b3d6f64ae707c68ff492903c0edc3e4baf2c6b747e247d

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Visited Links

MD5 f07ee9a5dc4a855f838f7f5d48366cff
SHA1 1a57e20ad0837f0d04efe2eebd8c3d37c47c9079
SHA256 6adead84cdb362c52b6617b09de0390138d218299d5dafbe58dc0955ca8627b2
SHA512 bf93907c371fca5971bf35f716136db5b22bdfeba18c0bab258fc9664b81c452a8b88744048c4a09553207bd5db0573907872afd904c0d5c37cd6f962358fb18

memory/5860-3844-0x00007FF88F580000-0x00007FF88F581000-memory.dmp

memory/5336-3784-0x00007FF890EB0000-0x00007FF890EB1000-memory.dmp

memory/5336-3783-0x00007FF890840000-0x00007FF890841000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

MD5 f56f1d8eeaf446ab4f0d280c7375fb21
SHA1 fb986904f349f245b84be98f3c8169f0709735f6
SHA256 003bbcc82061a08e07021aeb1a837290cb4abfb96a814476b468229f66a67552
SHA512 eee26f370d87c244106ea1c42719f60df6be0a41c3918dc135d38c45832bbc2c9542add86f6500025c9230f23a6ab8d1dba5e08a12bf3d09ea22ae839fddf0e1

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

MD5 bf8ac65de552218981e31eda57cd062e
SHA1 03b38969933c419caf35fd2c2f550e35b84bb029
SHA256 9aa50ea35642564cf4bf7f199697cd200cf438ffa86fa3435b4fdc3849ca5caa
SHA512 0e6284041c76b875b0b98bfb2a77387edad33a14d32e401fa880b87cb01c6dce580874b4eafc6686cfac4cd2b09b0a766c02f2bce8f8abc77d5827a30ebffbe4

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\ShaderCache\index

MD5 6edb2db1fbf231f7622af630d7a59310
SHA1 498ca9f75d64cbfcbff064451d6a02784703574a
SHA256 a41315dfe0d4276d94264bf11394da572051b5c0954509b01c859fa8436092e5
SHA512 203596f1ca2a8d8262ccd27268f78790806d3f669cedfd75c98b630c174fdb42f6820c07e3845900defd3754a0ae4597b4cd624df239a75120813d86f745a92a

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\ShaderCache\data_1

MD5 06e01b083b3b80286fb0a225593dde17
SHA1 5cf663719469549113fac07783ed30b224740631
SHA256 1fb933b4ff1ff99537271fa614b43269d9bbd1ee79fa909ccc7dd203ce8ea000
SHA512 5272e24a6f49c73857e76669ad094b25a005f4c7b38143194d2d722b5aae6fe7f4f54968b52e7092b4557c66e0802edb5c99ffab498d126e1e5ab9e846ad9253

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\dbcf3db6-c3c4-4e83-8ccf-aae678a318b3.tmp

MD5 548c5fecad0475490c038a15ffac1009
SHA1 e0dca95018772959db4298ea3254115c694eef29
SHA256 b9dfc8607d5c16a86199145e4bcf9b45202a2a5e13bda6da0404c0a1e0fbafb2
SHA512 e3af2d83e12cb0ffa7a9589b4c02436bc0e419d77c553f9cfbb1f91391065c2004c7759260cae70634e4ab998dddb66310fb1b7ac416bec53159d20066258a99

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

MD5 ad2be57561b2727c87a163d3fe19e9c2
SHA1 1887905bc52fe868c7ec99ca3c2aa3cf1c8b6b7c
SHA256 cce595ef6861b65b344489206f04f34138dd48758ae10f8579a1b58899cd13f5
SHA512 57359fc10ab4b9b5e0345cf30e44efaecd30cfcd49c8c8f5fcf5bebb14fe16807c55ec71ada893b6a71c6a437355dfcf6522c21df10e25243ef44f4019261403

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe589594.TMP

MD5 4c589ab7f939c0c11ec19266c69f0475
SHA1 37b1785cdb2a703eae74beeaa9ad1293d250f1fc
SHA256 7b9bf8a337ac2390401706634086ecd9414379e6b32cb8d7d1e09fbc93538d4b
SHA512 b498917dca2c1755b1515b746d6bf16c6e287970bf869b6904b950d4c4c3af7e7c18f931816825fd9d485980ab7517ce3c189ac39a8d9c014669ead4319fd0f0

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

MD5 0e06e28c3536360de3486b1a9e5195e8
SHA1 eb768267f34ec16a6ccd1966dca4c3c2870268ab
SHA256 f2658b1c913a96e75b45e6adb464c8d796b34ac43baf1635aa32e16d1752971c
SHA512 45f1e909599e2f63372867bc359cf72fd846619dfeb5359e52d5700e0b1bcffe5ff07606511a3bffddd933a0507195439457e4e29a49eb6451f26186b7240041

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\SmartScreen\RemoteData\synchronousLookupUris

MD5 3f90757b200b52dcf5fdac696efd3d60
SHA1 569a2e1bed9eccdf7cd03e270aef2bd7ff9b0e77
SHA256 1ee63f0a3502cfb7df195fabba41a7805008ab2cccdaeb9af990409d163d60c8
SHA512 39252bbaa33130df50f36178a8eab1d09165666d8a229fbb3495dd01cbe964f87cd2e6fcd479dfca36be06309ef18feda7f14722c57545203bba24972d4835c8

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\SmartScreen\RemoteData\edgeSettings_2.0-0

MD5 981a7576b40b55b909a9f17ee5117ff6
SHA1 b53f0f96d6ab89f75b8dd4c593792469ce12224d
SHA256 7ad00f023e54cf078509018e55afcb136cf783656c7d20db7c126d8aac76277c
SHA512 443aa286bdcc5d39017eeb74f8631c9de24f56d165e7f0456dec26e9cbe59b69aadbdfe0fd593f7ed650b58b150872c7503c1538384e120d450c90e0b1a085d6

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\SmartScreen\RemoteData\edgeSettings

MD5 5692162977b015e31d5f35f50efab9cf
SHA1 705dc80e8b32ac8b68f7e13cf8a75dccb251ed7d
SHA256 42ccb5159b168dbe5d5ddf026e5f7ed3dbf50873cfe47c7c3ef0677bb07b90d4
SHA512 32905a4cc5bce0fe8502ddd32096f40106625218bedc4e218a344225d6df2595a7b70eeb3695dcefdd894ecb2b66bed479654e8e07f02526648e07acfe47838c

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Network\b7b7ecc7-9ee8-4916-bf04-758e99265302.tmp

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\ExtensionActivityEdge

MD5 f2e899a1979707236795c099f6175cc6
SHA1 f7a4db3caa6240a60cee9e5cc13438cf435d944c
SHA256 11008907ff1692730ef09708c932a8461d595661f0ad86df29796ef1bc637354
SHA512 1b5618ed85185985255c78caf5a7f22d8d4277cedf3e4ac755b37dc4a101a317e9f917d69af6c585b63c57ada048951bafeb5b3f05b769e793aacd5aa011d351

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Action Predictor

MD5 b4658f0ac4d1a96ff23e9edd0de90b1e
SHA1 752b065125d6fd91e8eba3fcbcb32ae2d1d1c1f9
SHA256 8f6bc4d06d8f3f8424d8856fbcd03034a61cb4170f409973dabfefec21d5ae7f
SHA512 4a35569e6334f50d8c879f4985fdcb43f9e4e0927bb6f133360ae541de1e41cc9024d551b33d2114f97a53a07837e62dca24e2a45b9d7b47b1642a384d6e5bd1

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\PreferredApps

MD5 2b432fef211c69c745aca86de4f8e4ab
SHA1 4b92da8d4c0188cf2409500adcd2200444a82fcc
SHA256 42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de
SHA512 948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

memory/3896-3917-0x00007FF873190000-0x00007FF8731B4000-memory.dmp

memory/3896-3916-0x0000000180000000-0x0000000180A63000-memory.dmp

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Secure Preferences

MD5 83323dfb94c1861a4e38db3bfcf919e2
SHA1 4fd423b27313c538bbcf0b1cf7d465e630a1c939
SHA256 74f9af0748f66d225eb6de8c5eae74902ab745d790470619fd2a69543aa7c697
SHA512 4cd708f2f18206dc77a0d41276f39d7b6a5f7a30073d740ed7ab79a8b33fc694357433dc943478b29227fb07e54d30d5a8a7cbf8377a2297468a7c818bdc6068

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Preferences

MD5 1681a03b27b9eb6db7f4ac27b1c5c80f
SHA1 54311d684629aa02847dd3316afcfe4a399ad1f4
SHA256 c893f52d6c2bd23a1d8ca38599d09ca510e9d0a2c337928722fe0ea7264ecbba
SHA512 055215481e3b7035e7a5ca4ad93b218ecea4bd0c82d9539ae470255a157f03b58abcc1b394ecd659c075823089c46472d05cd60ea9de57b812537ecf418c729a

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

MD5 a342c9c1587a66a255bbf3ef52a112c8
SHA1 dfd9e9ee57f7e62a55772fea8f5d15e5214e21a3
SHA256 0b6df7090299d017cc88ddbf7e1bdf5b490513d63e489a837db38f6d457a3e52
SHA512 a5c8a5ffd5dc56dc2362391c419b36a3d6ef133d4a122d4474ff9ff00d1fad5188c9fb2ff027503e8e51e7731605940438577db0af927e9fe217c71f5b642397

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\74ff1218-42cb-493e-8691-17ab593323f9.tmp

MD5 f8abff1eaf27c869e79ff7eca1083cd2
SHA1 9313bb3b9cfe03b50a1704f6a619b6269027a5bd
SHA256 b87f766f9102d31e2243355697ea7aeff8e030cb66d20a3af6ad91753cc15da8
SHA512 e8562619770fe44d74178d3828088b91d9c08f1ff3704d8c0aec0627bdb1c5124ad99c37334054760d89818c379ba56c4fcf6737b172e0276b4a5754a7326e1a

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\e5503fef-28f1-4268-be80-96c6dade9796.tmp

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Network\TransportSecurity

MD5 e8172ab64db1a30bbf2dd8f3e6b74e9c
SHA1 510190ab2eb0c911d4e0d104581944e52ed4066e
SHA256 b6a7ee4ad63e3fedd02976e012e802f4634e87070624df9cf2af3d4fd294359e
SHA512 ac7eff19f716bb1989716b75a98c06078a84862b1b0b69be8483784cba1be5ade805bb07b9780521ab0835bff7601f2c068e77e39dc314e0e4f86b4514577727

memory/3896-3966-0x0000000180000000-0x0000000180A63000-memory.dmp

memory/3896-3968-0x0000000180000000-0x0000000180A63000-memory.dmp

memory/3896-3969-0x0000000180000000-0x0000000180A63000-memory.dmp

memory/3896-3971-0x0000000180000000-0x0000000180A63000-memory.dmp

C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Local State

MD5 b028f91e5a9934dd962e10dde1156d6d
SHA1 e01b0ad05a0102035550a4f9323c5139b740232e
SHA256 882017426cd045f3e5f2651edc6070344205caf176a996d2682bc270bcc35ca7
SHA512 b28497472fcca144c8f8e7640f60f7bdb602850ddc030fd3dfd68bb877c4475c7990141bb9dac87af4a6fd358fa00fdf0c131d9c4543c14c72b7afdbf517a8be

C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\ea47c6ae-c0de-48b1-a7f0-b7d439aa25a7.tmp

MD5 ed9b5f9de9ab95756917f4bcfb9741c9
SHA1 018d93d94ea858dec3bb1e7941c05275134d4bb8
SHA256 bee1e9c30543df2aeca953b1c24384e7e0bf90244d984f1427d1d545af06c98d
SHA512 b3a65e074e27600992574f9da040f8bb1a244804ca7e9b0ea142e9f65b9c7576bc532bae2e6df6e60b0291079cf237999531320b2d3dc618a2903f23c046243d

memory/5100-4009-0x0000000005D70000-0x0000000005E22000-memory.dmp

memory/5100-4010-0x00000000058B0000-0x00000000058D2000-memory.dmp

memory/5100-4011-0x0000000005E30000-0x0000000006184000-memory.dmp

memory/3896-4012-0x0000000180000000-0x0000000180A63000-memory.dmp