Analysis Overview
Threat Level: Known bad
The file https://cdn.discordapp.com/attachments/1247678872124788919/1251336967988183050/CrystalUPDATED.rar?ex=666e35dd&is=666ce45d&hm=1a921b2d1396611888ad9205788c2715a99b31e18d0acaed35c1d989abd7dccd& was found to be: Known bad.
Malicious Activity Summary
AgentTesla
Identifies VirtualBox via ACPI registry values (likely anti-VM)
AgentTesla payload
Checks BIOS information in registry
Checks computer location settings
Executes dropped EXE
Themida packer
Loads dropped DLL
Checks whether UAC is enabled
Legitimate hosting services abused for malware hosting/C2
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
Enumerates physical storage devices
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-15 00:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 00:54
Reported
2024-06-15 00:56
Platform
win10v2004-20240611-es
Max time kernel
101s
Max time network
100s
Command Line
Signatures
AgentTesla
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Debug\Crystal.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Debug\Crystal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Loads dropped DLL
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\Debug\Crystal.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\side-channel\CHANGELOG.md | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\vs\basic-languages\csharp\csharp.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\Code Cache\js\index | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\Network\Trust Tokens | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\GraphiteDawnCache\index | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\BudgetDatabase\LOG | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\call-bind\.eslintrc | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\depd\Readme.md | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\vs\editor\editor.main.nls.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\es-errors\README.md | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\mime-types\package.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\side-channel\README.md | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\unpipe\package.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\min\vs\basic-languages\st\st.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\Extension Scripts\LOG | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\Network\Cookies-journal | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-de-ch-1901.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\CrystalExecutor.exe.WebView2\EBWebView\Default\History-journal | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\has-proto\tsconfig.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\set-function-length\.github\FUNDING.yml | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\vs\basic-languages\yaml\yaml.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\discounts_db\LOG.old | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\ExtensionActivityComp-journal | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\es-define-property\package.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\destroy\README.md | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\iconv-lite\encodings\utf7.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\CrystalExecutor.exe.WebView2\EBWebView\Default\Network\Trust Tokens-journal | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\GPUCache\data_0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\has-property-descriptors\.eslintrc | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\safer-buffer\Readme.md | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\min\vs\basic-languages\restructuredtext\restructuredtext.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\min\vs\basic-languages\lexon\lexon.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\CrystalExecutor.exe.WebView2\EBWebView\Default\DawnGraphiteCache\data_2 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\es-errors\ref.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\proxy-addr\package.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\vary\LICENSE | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\object-inspect\CHANGELOG.md | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\set-function-length\README.md | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\CrystalExecutor.exe.WebView2\EBWebView\Default\Session Storage\000003.log | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\has-proto\README.md | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\mime-types\index.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\min\vs\basic-languages\csharp\csharp.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\min\vs\editor\editor.main.css | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\Network\Cookies | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-hr.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\etag\README.md | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\object-inspect\test\fakes.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\qs\.eslintrc | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\min\vs\basic-languages\pgsql\pgsql.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\CrystalExecutor.exe.WebView2\EBWebView\Default\Code Cache\wasm\index | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Default\Local Storage\leveldb\LOCK | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Content | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\has-property-descriptors\test\index.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\express\lib\response.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\mime-db\HISTORY.md | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\qs\dist\qs.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\vs\editor\editor.main.nls.it.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Crystal.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-de-1901.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\define-data-property\tsconfig.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\encodeurl\package.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\express\lib\router\index.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\Debug\Monaco\fileaccess\node_modules\inherits\inherits.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\Debug\Crystal.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Downloads\Debug\Crystal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Downloads\Debug\Crystal.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628865504592850" | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Debug\Crystal.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1247678872124788919/1251336967988183050/CrystalUPDATED.rar?ex=666e35dd&is=666ce45d&hm=1a921b2d1396611888ad9205788c2715a99b31e18d0acaed35c1d989abd7dccd&
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3916,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=4116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4388,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5292,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --field-trial-handle=5464,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=es --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5356,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=es --service-sandbox-type=collections --field-trial-handle=5296,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5936,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6632,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=6652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=es --service-sandbox-type=service --field-trial-handle=6208,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=3788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --field-trial-handle=6888,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=es --service-sandbox-type=audio --field-trial-handle=7056,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x380 0x2f8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=es --service-sandbox-type=none --field-trial-handle=7196,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=7184 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap14020:90:7zEvent32695
C:\Users\Admin\Downloads\Debug\Crystal.exe
"C:\Users\Admin\Downloads\Debug\Crystal.exe"
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=es --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5816,i,7720891702167348240,5300847294515474023,262144 --variations-seed-version --mojo-platform-channel-handle=7088 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3896.4812.6282772164197026198
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=125.0.2535.92 --initial-client-data=0x17c,0x180,0x184,0x158,0x104,0x7ff868ad4ef8,0x7ff868ad4f04,0x7ff868ad4f10
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Crystal.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=5100.2204.16748028568094578536
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=125.0.2535.92 --initial-client-data=0x178,0x17c,0x180,0x154,0x188,0x7ff868ad4ef8,0x7ff868ad4f04,0x7ff868ad4f10
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,10695869611317532962,4763254597015875087,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1740 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView" --webview-exe-name=Crystal.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1752,i,2839148712816821838,10648532392265726322,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1732 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView" --webview-exe-name=Crystal.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --field-trial-handle=1956,i,2839148712816821838,10648532392265726322,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1948 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1616,i,10695869611317532962,4763254597015875087,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2056 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2236,i,10695869611317532962,4763254597015875087,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView" --webview-exe-name=Crystal.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --field-trial-handle=1840,i,2839148712816821838,10648532392265726322,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView" --webview-exe-name=Crystal.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3564,i,2839148712816821838,10648532392265726322,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3560,i,10695869611317532962,4763254597015875087,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:53516 | tcp | |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 172.64.147.188:443 | kit-pro.fontawesome.com | tcp |
| N/A | 127.0.0.1:9561 | tcp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.147.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9911 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9911 | tcp | |
| N/A | 127.0.0.1:9911 | tcp | |
| N/A | 127.0.0.1:9911 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp |
Files
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Extension State\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\GraphiteDawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\GraphiteDawnCache\data_1
| MD5 | 963637bd6a2d4b357dbb10e10b716b34 |
| SHA1 | a48c30f13c0dbec3f93161eb2aaf29e89286cbb8 |
| SHA256 | 52aaa4dad3c8bd7bcb3a5b58ba17c7d205e0dc93418d4de671cd539fe5b84006 |
| SHA512 | ae7a627c16fac857e594966697f83bcd4892799cbbe872fff129bbf17a6fee510c9965266e6946e44848f248bab645e2dc80104077092e90b8c938d49cfeac46 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\GraphiteDawnCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\GraphiteDawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\Downloads\Debug\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
| MD5 | d0104f79f0b4f03bbcd3b287fa04cf8c |
| SHA1 | 54f9d7adf8943cb07f821435bb269eb4ba40ccc2 |
| SHA256 | 997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a |
| SHA512 | daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6 |
C:\Users\Admin\Downloads\Debug\Monaco\fileaccess\node_modules\hasown\.eslintrc
| MD5 | c28b0fe9be6e306cc2ad30fe00e3db10 |
| SHA1 | af79c81bd61c9a937fca18425dd84cdf8317c8b9 |
| SHA256 | 0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641 |
| SHA512 | e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9 |
C:\Users\Admin\Downloads\Debug\Monaco\fileaccess\node_modules\hasown\.nycrc
| MD5 | c2ab942102236f987048d0d84d73d960 |
| SHA1 | 95462172699187ac02eaec6074024b26e6d71cff |
| SHA256 | 948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a |
| SHA512 | e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479 |
C:\Users\Admin\Downloads\Debug\Monaco\fileaccess\node_modules\vary\LICENSE
| MD5 | 13babc4f212ce635d68da544339c962b |
| SHA1 | 4881ad2ec8eb2470a7049421047c6d076f48f1de |
| SHA256 | bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400 |
| SHA512 | 40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182 |
C:\Users\Admin\Downloads\Debug\CrystalExecutor.exe.WebView2\EBWebView\Default\Network\Cookies
| MD5 | 04d4c386aaf03e6dca3ac87334f03d3f |
| SHA1 | 74627631ce3bd2ba43a12aac39f232da662a32c5 |
| SHA256 | c130cf082fdce58c9055dba5775490ad8e41055ead5edb0b1e411330144c971d |
| SHA512 | 01bce1bbdf00825e19c23559ec41a0236b059cec2e891cf4729288b6275aaff62f442b4556c869bfbe17a91475f22dc98522381b2e4f3bef6d1611f7f9f9bc1a |
C:\Users\Admin\Downloads\Debug\Crystal.exe
| MD5 | 9e353bbaf855fd44edba02d747b6e9f4 |
| SHA1 | 289146c6c89604690048b018638e147e8a53cbed |
| SHA256 | 2d0efe812711be404787e0c6832284bbacb0e16e35d241cb29d88f44e8bc336e |
| SHA512 | 13ebe39c7665b2d17d83f2df9d4241bcc2ddc7e086ab8b7b031ed56f8356611b92901f70e202d44e2d2d349e9c135202592dcc0ce3a45017576e0cde7d7760e5 |
memory/5100-2150-0x0000000000F00000-0x0000000000F2C000-memory.dmp
memory/5100-2151-0x0000000003220000-0x0000000003236000-memory.dmp
memory/5100-2152-0x000000000B410000-0x000000000B9B4000-memory.dmp
memory/5100-2153-0x000000000AF00000-0x000000000AF92000-memory.dmp
C:\Users\Admin\Downloads\Debug\Microsoft.Web.WebView2.WinForms.dll
| MD5 | ca1529f9891c243b11934d156dc35bce |
| SHA1 | fa82bd19c2835443bc9ea55644017b5d68ff7a4b |
| SHA256 | b12d2c15e93a0fc29a731bec998e7ddf073b3ae2454f3afdd9934bbe6a223d4a |
| SHA512 | 95deee9fbca5bcff0d534f187e003780ff4358a24b5407701a46d5c8109f6d31e7a637b204a30ae5ed6d63caa42a5628a9aab693cbbf892cea60dae05a45c5ab |
memory/5100-2157-0x000000000AEA0000-0x000000000AEAE000-memory.dmp
C:\Users\Admin\Downloads\Debug\Microsoft.Web.WebView2.Core.dll
| MD5 | 2ab84dc690059b2bd34d2f00561d6af4 |
| SHA1 | 49b665b40a5ae995edfec80caf7e409c9795e9dd |
| SHA256 | a1e096c6842b9f443679f47e321379d15e1f93c77fd0b6d32b9eb0e93e25ac89 |
| SHA512 | 80d1c0fbe937655f1e78549c4bdaaa7d8aa55a74945c16f3663fe270c0a715eb7f89dc66490a0164f33444aece768a41e894bdcaa50ce2f88a6dab77b9809afa |
memory/5100-2161-0x000000000BAC0000-0x000000000BB50000-memory.dmp
memory/5100-2162-0x000000000B350000-0x000000000B35A000-memory.dmp
C:\Users\Admin\Downloads\Debug\Guna.UI2.dll
| MD5 | c97f23b52087cfa97985f784ea83498f |
| SHA1 | d364618bec9cd6f8f5d4c24d3cc0f4c1a8e06b89 |
| SHA256 | e658e8a5616245dbe655e194b59f1bb704aaeafbd0925d6eebbe70555a638cdd |
| SHA512 | ecfa83596f99afde9758d1142ff8b510a090cba6f42ba6fda8ca5e0520b658943ad85829a07bf17411e26e58432b74f05356f7eaeb3949a8834faa5de1a4f512 |
memory/5100-2166-0x000000000BD70000-0x000000000BF82000-memory.dmp
C:\Users\Admin\Downloads\Debug\SolaraAPI.dll
| MD5 | a430b95b219c525e77cdb4b684e866e3 |
| SHA1 | 935a4de89b05d54ca1688aadf7b48d2ccb6b0427 |
| SHA256 | 8b0446d547abb698ba457789e4ddec67d618148298ea609a3d8b2815a6b6df9f |
| SHA512 | 0ea2677441169c77cccfcdd52276b9bc9672b1600908802c95be16feff8f475d21ba1add3a1f77b7754c22aec143fb2190a24022cec59654ffdd28420e43f160 |
memory/5100-2170-0x000000000E660000-0x000000000E66A000-memory.dmp
memory/5100-2171-0x000000000E770000-0x000000000E77A000-memory.dmp
memory/5100-2173-0x000000000EFF0000-0x000000000F002000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\accepts\LICENSE
| MD5 | bf1f9ad1e2e1d507aef4883fff7103de |
| SHA1 | f027af3e61af3880fd7f7b8ba9452a85dd215738 |
| SHA256 | 71f83c4c0621102a56d9853812777b85751bce7e9726f686f5b056c1f8a4b0e6 |
| SHA512 | a1a293eb0097fe87875f3bf908cc0b0ee8f15e995c68e984b6a24e247b2e954407d7941ea96abd7fe002a1bdfb713fdfb0d3839d948a334603f05e644829f606 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\array-flatten\LICENSE
| MD5 | 44088ba57cb871a58add36ce51b8de08 |
| SHA1 | 3a7f886b632d2197676a40020d354e84b7860604 |
| SHA256 | 4eeb3271453a891df609e5a9f4ee79a68307f730c13417a3bfeffa604ac8cf25 |
| SHA512 | 6d8b9708bfa1f3cfa2b63f90152cb6f26960c2ba54fa11a16c13e1d5a3f85f4121516699025b6b759e051b276509b1d69510b644241434e6f8f81b3dfa5a8e63 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\body-parser\LICENSE
| MD5 | 0afd201e48c7d095454eed4ac1184e40 |
| SHA1 | 6a4ed3b5e9cff68af7593dfcb8be3c1cbea837d0 |
| SHA256 | 23d466b1b134b415b66fa50c6526b4cf3e7b9258554da88d3abb371721e7ce68 |
| SHA512 | ebc137c01c13da9d90fd411729b10cb15e6b7ea3f31a6b9dd23d0a769aefe61cbea7368c36698b0d562e85dca08ebcaa59996f9653295a1c79252cba3da3d3ad |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\call-bind\LICENSE
| MD5 | 0eb2c73daa0ecf037cbdf3d0bb0c98d5 |
| SHA1 | 7087a92577c86806338a363a88a9a3b4f762e26d |
| SHA256 | 39c5ec504cf6bd5cd782a7c695828e09189df79f5d94840e4f08feb97b9fd416 |
| SHA512 | 12a2a3bf2abafa5e3f669278ee332c87e4a164cfe54ef6019ca8b5f3d41f38f10224d52f471d0256aad6600dec9fb3a1edf3c84f38cc9f1cfd4eb9a2af8a0066 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\es-define-property\LICENSE
| MD5 | 8fe23ea421aaf9f9d687709f6a6a09b7 |
| SHA1 | a47868ab90b532df82abe3e4f507bcb2ea441364 |
| SHA256 | 5e325595b4ea8cfec3802f545b1def5d7b73e4a5b8e9ba63e32a320f67732292 |
| SHA512 | 8acd3b84f3afa8c6ff9c1a58ab774ea33aec7701c022ba8f4d36218a8d1c03e80ef2ee1d692dbd43dbf5883153137c5e000f113b98da23d870dfab6f71b78afa |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\es-define-property\tsconfig.json
| MD5 | d8a043c42fc4d89057f4dd4be72c3ea9 |
| SHA1 | 47d00b1a54afd2080104036e09a565c8f9f670df |
| SHA256 | 55d3ca9ee2a017d8d9a969c47fd7623b4619cdd29010b5cdecbf7c88b42d23a7 |
| SHA512 | c9966a66202e6f816ae76a855b0e116e2e1c09c2d81bd42d940b3464467e526de85ad0f2db320dbb5fdeda6793b750e2d445f7510c743031fb3bf13d94441b42 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\etag\LICENSE
| MD5 | 6e8686b7b13dd7ac8733645a81842c4a |
| SHA1 | b058a139cb239c658c8f1f841a475a50818b5f73 |
| SHA256 | a7996721249a136fbcfc1c201bcb5f414f38a701d4a24f28abe65e16cfcce813 |
| SHA512 | 1cacd9111b9eb27a0fd326dd19d61bdf767e443ee1dd09d983af81199ecda0d7cf047fbd18b900c7d773972b1278d5d3c19fa753591333c04c27ddac71af6422 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\has-property-descriptors\LICENSE
| MD5 | d237eac07663bde2409de740ba75ec97 |
| SHA1 | 74cee463c60de7e0bfd342362e2a4ddf5f1883d9 |
| SHA256 | 0f0ca96f50793990031ebc488a38f7292ff70bce8ab6a8e5eeda674abc32ccdf |
| SHA512 | d7a2f0dac429abc40834b1887cbffec6487330328aefed4a84ed2da8fcd687a489c7e25c981b99ef0ec5c0b71efbf6c30489d8204f295045afaa488dd98d644e |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\hasown\LICENSE
| MD5 | 19283ee92f78c91154834571c1f05a94 |
| SHA1 | acbff97b52a807a3661247328dc45df636d7b8f7 |
| SHA256 | bf9b0d665be2a689851eea667ca9f42066ea1d903b38349c51e6a44b2577680a |
| SHA512 | 22369cc02af1d2a345a70a415de9e690f3f14ad6567f216924bf05dcf01dbbde7c6b3a08cf87d5edf1ca3b5a793d504e532f3a7c828964e97024334135b57369 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\index (1).html
| MD5 | 08d9ac1e35385587b0c3c8a73ea97234 |
| SHA1 | d1db15b5e97152be999339d90630f68ed06a6b78 |
| SHA256 | 016cadaa9a8494b15efea920a5ea9c02b441e90dbc7c444e73db3b307f93a741 |
| SHA512 | 8061a5a92f828642ea2fcb319571efa406ed67a75b4d4da1aeb3da96391a72fcde670e3e52efef62d37ddc17f7eca5afa0d35aa02bfd1bcadd8e86240cb802a6 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
| MD5 | d213a75b1956398e4c36bcc2f93339bf |
| SHA1 | 6a2739cc0e67f5593c744fbcbc8f00f12eef9954 |
| SHA256 | ece75d080f94df4b3699389021337b1536cfed229d1325f09b03f0b0d6d85ab4 |
| SHA512 | d32ddaf4c6f8f8df6c390d683e6c039f3b0d8f35f68f690b28bf88b17caedf0e11abd3aeb2e46238d0cd0a91b2db095cca0782b4e27f04453ea4cb6db38f4dd7 |
memory/3896-3637-0x0000020B96800000-0x0000020B9681A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Wpf.Ui.dll
| MD5 | aead90ab96e2853f59be27c4ec1e4853 |
| SHA1 | 43cdedde26488d3209e17efff9a51e1f944eb35f |
| SHA256 | 46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed |
| SHA512 | f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d |
memory/3896-3639-0x0000020BB2230000-0x0000020BB276C000-memory.dmp
memory/3896-3640-0x0000020BB1DE0000-0x0000020BB1E9A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Microsoft.Web.WebView2.Wpf.dll
| MD5 | 0be1da3ff37f50fd3b3e9af672823566 |
| SHA1 | 6613d92e19bd889e0c330686526ea0fc9596bd33 |
| SHA256 | aaeff04c720c3c7df94beb7f670a0f992dcbb23a1f5283980084462a7f6e65a8 |
| SHA512 | 600381e32ac6b379ee34beb5a938b4a4a2f69cfbd8cf086a1c57bb84876b02db050506a9fdac7fa028957a7ff21d911e15e8b85c4c0db1803d038f04efd3b2b8 |
memory/3896-3642-0x0000020B985D0000-0x0000020B985E0000-memory.dmp
memory/3896-3643-0x0000020BB2120000-0x0000020BB2222000-memory.dmp
memory/3896-3645-0x0000020BB29F0000-0x0000020BB2A6E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Microsoft.Web.WebView2.Core.dll
| MD5 | 851fee9a41856b588847cf8272645f58 |
| SHA1 | ee185a1ff257c86eb19d30a191bf0695d5ac72a1 |
| SHA256 | 5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca |
| SHA512 | cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\WebView2Loader.dll
| MD5 | a0bd0d1a66e7c7f1d97aedecdafb933f |
| SHA1 | dd109ac34beb8289030e4ec0a026297b793f64a3 |
| SHA256 | 79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36 |
| SHA512 | 2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.dll
| MD5 | 0df8e80fd47cee0af8a6fb8ae2fd2237 |
| SHA1 | 3780465816d176d162dc32895284aeb631efefd0 |
| SHA256 | 2bf8ee57bc984b47d8662dc580c4aa97aa48807b5f7d5953d72c14e7277da045 |
| SHA512 | 1864cc3cdea3ff3262bac5f1e308f9c937f329516b9f48c1a69eda9246d3ed0c8cdc51b4129c73bd766166327060eb4002d96a28f9e7ed361210b4a869aa1194 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\libcurl.dll
| MD5 | e31f5136d91bad0fcbce053aac798a30 |
| SHA1 | ee785d2546aec4803bcae08cdebfd5d168c42337 |
| SHA256 | ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671 |
| SHA512 | a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\vcruntime140.dll
| MD5 | 7a2b8cfcd543f6e4ebca43162b67d610 |
| SHA1 | c1c45a326249bf0ccd2be2fbd412f1a62fb67024 |
| SHA256 | 7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f |
| SHA512 | e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8 |
memory/3896-3656-0x0000000180000000-0x0000000180A63000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\zlib1.dll
| MD5 | 75365924730b0b2c1a6ee9028ef07685 |
| SHA1 | a10687c37deb2ce5422140b541a64ac15534250f |
| SHA256 | 945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b |
| SHA512 | c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1 |
memory/3896-3658-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3896-3659-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3896-3657-0x0000000180000000-0x0000000180A63000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\bin\path.txt
| MD5 | 7207978deac3d2df817c0efb6de01f45 |
| SHA1 | 1b547cb35c2e709dcf4132452cdb5b6ccd66044f |
| SHA256 | 14056051c638d943e3f6cd8ae99b7b8b8b4419f6e6193861081e519eeb4dc808 |
| SHA512 | d38226a5eb755aafe7e8e3d707b00841aea985bd8dedf20556800f1bb7ac7c807fa195bdd1e21014087f89b319ab278bec922951b7c682e9edd3fbee147834ed |
memory/3896-3662-0x0000020BB57A0000-0x0000020BB57A8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\Downloads\Debug\runtimes\win-x86\native\WebView2Loader.dll
| MD5 | df6b6e71cb65552cd9fb283b91ef9908 |
| SHA1 | e10f9cccaa4666f070db8209fb99f6fcaf9d9075 |
| SHA256 | 256510c2872a3a96a8e0a7db0db6c6e7b31ebed34cd6b7c430712ca640c73842 |
| SHA512 | 80561a65c7dc7dee4517240718d85ffa59782fb8c5be744862d041759db8fd818fefcdeff87a98f904ded0674b873e7f39b1e53d549aab96ff15a88cc85c93a0 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | 1be45f1d517480dcc4ec964f7bc88a4c |
| SHA1 | 7b24846d7cf7b9b44965748f9a013cf551dfea92 |
| SHA256 | c570347c719d4f87470812f443bd6c7d155eba2f41e31111a6927b47747acd03 |
| SHA512 | d14d2a9eb66be559bdf68d09cd979f97d1fbbbdbc2af51d7492ee4903fb8f28c0aa8a8caf4b7c8e20a32f5c92f1a308edc37df6920767b2b37239fd4492b9e54 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\BrowserMetrics-spare.pma
| MD5 | c23f06df5f09ad94ef1d3825f5d72cf0 |
| SHA1 | 2871170941068704501ed6814bea109261ea5f0c |
| SHA256 | 8460bd3bda4e2079b98991c4b542c7e44cf13ccba0eec3d12d513ed638c16d20 |
| SHA512 | 6c6470b38095385661c2996b927a48921fdc464efe2476f0282f4100fed0197b9235e6234f09aa2653b6ef3ccee2c2596aaead0bf01fb7d3dd577c6cd0ac8836 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | 3c5c5443e8187ee344e8b22af02be1e7 |
| SHA1 | 6f3942d9cc851c1e5a4940128f91ec5a45cb08e7 |
| SHA256 | a7e1ceaa8e223070e06d7001da65de4440ba5d9679325042be3c884f2ff989c8 |
| SHA512 | 581ab8f470b0a71a71f7855ebd3a061cf66e0a73730fc9634d959fb0fcfef6b04512f951606075f263990a2e0dc625c00062cde8304386bb862c3f37d353f2f8 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Local State
| MD5 | 4f8a2a16e1274ebdb5c66c2e9d83aa2e |
| SHA1 | 5205e0af2e6b991a5462f55d8616124d516aeee5 |
| SHA256 | 2d6f85d0f3cdc73672c48e9c518969a74aa43f8aba489735d984a9e65d60c0ab |
| SHA512 | c4e2755490bc2200e529225a331007940f2b7035e558d3b010502b4bdc8609041e17b453818d3eef8e2c03261f4c537cd09eec8c6c189557a94e954ca8b0d9e7 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Last Version
| MD5 | 754f1eae8d950f937197f3edaa4637fb |
| SHA1 | 4572f845999bfba664611bd72683eccdc16b420b |
| SHA256 | 801bc3c3e5ee87fdf8c5dfa78fdeaeb013ddfa8530f542ffa7e4dff10c6ee384 |
| SHA512 | 7d1ba8d9d7823ec70284a6e9042cce7272233b3512e95230da39fb822c933851f32427f97ab1685770b77e2a46b7b3f86f15a873e79585c7ad599b4a3cc90928 |
memory/5204-3714-0x00007FF88F580000-0x00007FF88F581000-memory.dmp
\??\pipe\crashpad_3920_YQUWSWVKLIYETUYO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\index
| MD5 | 78ab5dc78582be6255324cf3c94f7fc3 |
| SHA1 | 18532a64165d7d921310b454373ebc6001615903 |
| SHA256 | b745ac0d27a7d801ad680ebdffa42ea97ed60e9f1dc654dab0f23da5e06a1e77 |
| SHA512 | c803f01cd4d39990d1dc782b03f36025363476a6aef72177584762e6d5e20834f629bfa1349ad959bc5969315978b8385a7f44afc33ee24b9843e754201e99d4 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000007
| MD5 | 885d32cf40294b2d69b2f58bb27468b7 |
| SHA1 | c1c9db162121048bf585aa8915ad88c2820d17c4 |
| SHA256 | c8545021ffd4b062ea76df6ab092f50a7c0de35d61132769dc7b43afcdb0fc75 |
| SHA512 | ee625ed97724a5e4861ef595a962d42e2e9ab935db201fd7a320ac0dffcec82ff11ffd20bdace74a7eaf6d61e1da01a7a9481a0d1cbbd7168d011ce0f9d9ef18 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000006
| MD5 | 435a4fd590eb82d976b39224488e057a |
| SHA1 | 21c428bdb0c21b159daaa5afe9d7bd582712e03b |
| SHA256 | 8caf1dba6cbd53db7046e5560555f239e7bb255481e80f2f856d30d760f98dad |
| SHA512 | 7b826041fe2a088f8b42bf0483f5b6216296dafa10be7debb616904c9b1560fe1714c3343e40cf1a6dea508a3405d2d84e0c0326e2cb8138ea6bf82ffddcfe07 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000005
| MD5 | 5a5602fe5bdfff54ce95f1681d935255 |
| SHA1 | 518be4e4a4aa33a2e3842b73410906f74fd0a466 |
| SHA256 | e567f8a857cb3871c7f2a1c00ae73d85bedea2a79cdac80fba9562b88b0c577a |
| SHA512 | ee79ca8cd5f8d2a0bc5cc7c20c1eba0023e2921c141017173c326648eb5948becdb99cdf2f8b18215a1f44048b4c51954088d6babfc10a66d9fb8757eb792ac9 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000004
| MD5 | 2b27616c587c24e472219004662ac426 |
| SHA1 | 0eadf7488e618c4515dd6659299ce9014707c90e |
| SHA256 | 8ae6202421d5615f8ce03de0a506c651a3b9082e33e63d2dbaeb9d4ab68d3acd |
| SHA512 | e8d3ea7a478e22cb08c53de5270e9d5050b38809e54797443d086f75b74d1f4a6507e22c7ab91d5b8f61784bf1959e70c8be44f2dbf0974a3b061a7241dc9550 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000003
| MD5 | 9c700e17e974d4ab2dfde82f6451dbbb |
| SHA1 | d5b85e82e10c2d96b36316670c76b8a0112bf246 |
| SHA256 | 3ec0462dbcae8561ca0465558845da248d434dc6205cbde99c47ae3be2ac99c0 |
| SHA512 | 1428b7401d281ad3d635eb007e45b6e5798be6b029f270874af2312627c496407ec7440df4a3028f3cd6c1ec587b0805425ae5de4bcb04b90d942145e26966fb |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000002
| MD5 | 55ab99995a2292864c7c11c519642c3b |
| SHA1 | 744867443cea56c05d7c3f93848205f052b38e77 |
| SHA256 | 3f2dc4ef90c9a94734d362e3d6ecd119a86b4be83798e20454a25ce1bf985eca |
| SHA512 | d92378863c378ff11840aa988abdb74e01bd7bef95408052488862efe2e2e9bd8b64b73a79fbc4c14238b43df6bb2d6083336d0469d8fa0e1e5a2575c66eae58 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000001
| MD5 | 2bb63bc961589fa265d96c64959719f1 |
| SHA1 | 342a2503343edc2693a193eb8cde67296d366c0b |
| SHA256 | e01c8fbda53cd25b4bb153924b4076090139d390727517c60edd4e3b849103a4 |
| SHA512 | b2aa26a6cab3d90f5b65a7c617d7b8dcd2332934c38a432837765132fd4803415813d3643b91f008d3a0f855c2856dd8b745258ec6e65ca7153646b089f426e4 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_3
| MD5 | 074976591c55f46925c18055f02675c6 |
| SHA1 | d721c4672811007ac715f334905b9f99d55bd624 |
| SHA256 | 7683675f990ef60d83812231a26670346633eeaedbef1b6b0eb7a91337dace59 |
| SHA512 | 3a3b1ef4ac88fce1ad6358b6a0df7d7b12b957fdb6d5e40eebfd60403a326622574a77dbc6eea578bc0ee3a07f88cb9fd82289b9f776608ff8b2cb39e276aa2b |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_2
| MD5 | df9a7c3f3383c3f1e59497321f6e4f76 |
| SHA1 | ea346080eb035e026525f7ad36161be172613489 |
| SHA256 | c9f13442deb990e0434f7e67f37da70e8b05c289fba66d3d1e054c192c76e448 |
| SHA512 | e4aeac17f13565bc675d9da7c8653b27d8212461da92255211a90fa60c3a5b23041c74fa5027f5d7e4f1f92f9a2109710480d35d451ba92ee8eb227ec30560f8 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_1
| MD5 | a5f3a2df6d8c207a503e6f662a0e41a7 |
| SHA1 | 4da84dbd034ec1b8c54323b2e80811e452e3b4b0 |
| SHA256 | 90163a6d85d3c90068fc03490c73db2d6b618c413f9fa26b974214985fc382b6 |
| SHA512 | cb22f314b696520b2ee8d4d70fac25f0b0960e4fc61460b308bf39e650bed76c7e9879e6c01cc7cc9b7637b3d7ea259a7cb64cddd6542bde7d0e89468f3d7010 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_0
| MD5 | 899b13815b2c07f190304b2e379fdc75 |
| SHA1 | b2e61b74283e5fe4aa7a6bd04a77c134d64b9c8a |
| SHA256 | ffdd4a06a8bcb3b0f4764c36f0dd483b318b269bf1915403a700b02162bcd752 |
| SHA512 | ed89247cff8d2db1fc477cd1e2c13ca59e886645b3f60429b7d8812bae0382c4ffbfab53eb90932a49edad6d82af1b512b576681f2fec896cee35a3ba1672172 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Web Data
| MD5 | 0959d8633c2c9007bf0d27fc7aa739e2 |
| SHA1 | 700ef20a203d37b06c3a14ab7b81f7597e0eb878 |
| SHA256 | 385c558d227108a306141fd93ab66e2b6c1bc5855a08b48b5cfd63ffe55416ec |
| SHA512 | 2edade688490a31a3172348ff6eecf1c3497d13f8b77b4f579b2f2767a4087b1c53a3ca3f93cc8fa27fe5b197d9c9aac6df00677deed5e9024e1a6413e2a73f5 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\History
| MD5 | 50c15d9df114c989bf2c0b6a5fb326bc |
| SHA1 | 6a05bfe64155c0c0bca3b84317b7e4a75075ddb7 |
| SHA256 | 644d072afba66b3632eff8fb11270cd135186bd621f18571e8db30197d5759ff |
| SHA512 | 312e4e972688775cca0384041e1b3739c1195bc4903237e642b2985e76622ad2d8247bd4678e6719bc92bdf50eb90b880406c6dae9be35a8e0affe461879466a |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Secure Preferences
| MD5 | 8675f8518259101def39f279686abb19 |
| SHA1 | 37c94b4d24300e531a9ede21975a03cfb11d1e1c |
| SHA256 | cc8ed9febd03a68d12b7440ae9104ecd1bd6a5a9d59a55889ad90e09382522c5 |
| SHA512 | fdb1e2d7f4cfbf1fcb11aa0d005ffd3638ca0652b728c4e544a405e12beeeffe694ad50c5e61abf75060e230260e22b06efcc715c4f624dec0c3ddd1cb690e3e |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Preferences
| MD5 | 45f5a837b089a8ffa8280bcca681ee0c |
| SHA1 | 00773dfd384e984bf68e8fe483ded5e773ed475d |
| SHA256 | 07379445ff0b3e151a7092ae5743a89d18898ca6b3b357643d8f82beaa68a9e6 |
| SHA512 | 407c3a11c6625532d562898f1d4b41e33fff3658bdc1a778efb596035486cd1cedf4fd67e8b07ad83fd2a37240fab4a12c292c6a941371c89b306dd081322e6c |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | c5c90c86f8ab7d904ed356431083d18b |
| SHA1 | 7da742c2cf199867f87ff9c4c5bccd46f2ba6ad2 |
| SHA256 | a4f9c263c6575d514dc392a8029e4bc0f77c42ad2be55aedae975fe48c1521bc |
| SHA512 | 042021c91cda29eb0f7f5fbd1c854dc47127b74f4246f9f9093f7cce6e8996579f66666cc4d475b560b01241cd8f4c9779f99c744c9cb098f789b8efca07b7b7 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | 7b50c385c5d22dc163c23c9943675486 |
| SHA1 | 1f1e23087a53a5b7e855f00be4fef0b54f1776c0 |
| SHA256 | 36ba8934bc12c61c894049793bd394e4ed945d8af2aae557f15a52dda8b295cd |
| SHA512 | 99167f21e566ed7860b561922c905db097bde08334a2e7c137ba5d335d2e267ee00f8cdcc8dfce58df24d6e9332b287123b68d616a57be0c611e3359aab79f6b |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\README
| MD5 | 643e00b0186aa80523f8a6bed550a925 |
| SHA1 | ec4056125d6f1a8890ffe01bffc973c2f6abd115 |
| SHA256 | a0c9abae18599f0a65fc654ad36251f6330794bea66b718a09d8b297f3e38e87 |
| SHA512 | d91a934eaf7d9d669b8ad4452234de6b23d15237cb4d251f2c78c8339cee7b4f9ba6b8597e35fe8c81b3d6f64ae707c68ff492903c0edc3e4baf2c6b747e247d |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Visited Links
| MD5 | f07ee9a5dc4a855f838f7f5d48366cff |
| SHA1 | 1a57e20ad0837f0d04efe2eebd8c3d37c47c9079 |
| SHA256 | 6adead84cdb362c52b6617b09de0390138d218299d5dafbe58dc0955ca8627b2 |
| SHA512 | bf93907c371fca5971bf35f716136db5b22bdfeba18c0bab258fc9664b81c452a8b88744048c4a09553207bd5db0573907872afd904c0d5c37cd6f962358fb18 |
memory/5860-3844-0x00007FF88F580000-0x00007FF88F581000-memory.dmp
memory/5336-3784-0x00007FF890EB0000-0x00007FF890EB1000-memory.dmp
memory/5336-3783-0x00007FF890840000-0x00007FF890841000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | f56f1d8eeaf446ab4f0d280c7375fb21 |
| SHA1 | fb986904f349f245b84be98f3c8169f0709735f6 |
| SHA256 | 003bbcc82061a08e07021aeb1a837290cb4abfb96a814476b468229f66a67552 |
| SHA512 | eee26f370d87c244106ea1c42719f60df6be0a41c3918dc135d38c45832bbc2c9542add86f6500025c9230f23a6ab8d1dba5e08a12bf3d09ea22ae839fddf0e1 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | bf8ac65de552218981e31eda57cd062e |
| SHA1 | 03b38969933c419caf35fd2c2f550e35b84bb029 |
| SHA256 | 9aa50ea35642564cf4bf7f199697cd200cf438ffa86fa3435b4fdc3849ca5caa |
| SHA512 | 0e6284041c76b875b0b98bfb2a77387edad33a14d32e401fa880b87cb01c6dce580874b4eafc6686cfac4cd2b09b0a766c02f2bce8f8abc77d5827a30ebffbe4 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\ShaderCache\index
| MD5 | 6edb2db1fbf231f7622af630d7a59310 |
| SHA1 | 498ca9f75d64cbfcbff064451d6a02784703574a |
| SHA256 | a41315dfe0d4276d94264bf11394da572051b5c0954509b01c859fa8436092e5 |
| SHA512 | 203596f1ca2a8d8262ccd27268f78790806d3f669cedfd75c98b630c174fdb42f6820c07e3845900defd3754a0ae4597b4cd624df239a75120813d86f745a92a |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\ShaderCache\data_1
| MD5 | 06e01b083b3b80286fb0a225593dde17 |
| SHA1 | 5cf663719469549113fac07783ed30b224740631 |
| SHA256 | 1fb933b4ff1ff99537271fa614b43269d9bbd1ee79fa909ccc7dd203ce8ea000 |
| SHA512 | 5272e24a6f49c73857e76669ad094b25a005f4c7b38143194d2d722b5aae6fe7f4f54968b52e7092b4557c66e0802edb5c99ffab498d126e1e5ab9e846ad9253 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\dbcf3db6-c3c4-4e83-8ccf-aae678a318b3.tmp
| MD5 | 548c5fecad0475490c038a15ffac1009 |
| SHA1 | e0dca95018772959db4298ea3254115c694eef29 |
| SHA256 | b9dfc8607d5c16a86199145e4bcf9b45202a2a5e13bda6da0404c0a1e0fbafb2 |
| SHA512 | e3af2d83e12cb0ffa7a9589b4c02436bc0e419d77c553f9cfbb1f91391065c2004c7759260cae70634e4ab998dddb66310fb1b7ac416bec53159d20066258a99 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | ad2be57561b2727c87a163d3fe19e9c2 |
| SHA1 | 1887905bc52fe868c7ec99ca3c2aa3cf1c8b6b7c |
| SHA256 | cce595ef6861b65b344489206f04f34138dd48758ae10f8579a1b58899cd13f5 |
| SHA512 | 57359fc10ab4b9b5e0345cf30e44efaecd30cfcd49c8c8f5fcf5bebb14fe16807c55ec71ada893b6a71c6a437355dfcf6522c21df10e25243ef44f4019261403 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe589594.TMP
| MD5 | 4c589ab7f939c0c11ec19266c69f0475 |
| SHA1 | 37b1785cdb2a703eae74beeaa9ad1293d250f1fc |
| SHA256 | 7b9bf8a337ac2390401706634086ecd9414379e6b32cb8d7d1e09fbc93538d4b |
| SHA512 | b498917dca2c1755b1515b746d6bf16c6e287970bf869b6904b950d4c4c3af7e7c18f931816825fd9d485980ab7517ce3c189ac39a8d9c014669ead4319fd0f0 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2
| MD5 | 0e06e28c3536360de3486b1a9e5195e8 |
| SHA1 | eb768267f34ec16a6ccd1966dca4c3c2870268ab |
| SHA256 | f2658b1c913a96e75b45e6adb464c8d796b34ac43baf1635aa32e16d1752971c |
| SHA512 | 45f1e909599e2f63372867bc359cf72fd846619dfeb5359e52d5700e0b1bcffe5ff07606511a3bffddd933a0507195439457e4e29a49eb6451f26186b7240041 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\SmartScreen\RemoteData\synchronousLookupUris
| MD5 | 3f90757b200b52dcf5fdac696efd3d60 |
| SHA1 | 569a2e1bed9eccdf7cd03e270aef2bd7ff9b0e77 |
| SHA256 | 1ee63f0a3502cfb7df195fabba41a7805008ab2cccdaeb9af990409d163d60c8 |
| SHA512 | 39252bbaa33130df50f36178a8eab1d09165666d8a229fbb3495dd01cbe964f87cd2e6fcd479dfca36be06309ef18feda7f14722c57545203bba24972d4835c8 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\SmartScreen\RemoteData\edgeSettings_2.0-0
| MD5 | 981a7576b40b55b909a9f17ee5117ff6 |
| SHA1 | b53f0f96d6ab89f75b8dd4c593792469ce12224d |
| SHA256 | 7ad00f023e54cf078509018e55afcb136cf783656c7d20db7c126d8aac76277c |
| SHA512 | 443aa286bdcc5d39017eeb74f8631c9de24f56d165e7f0456dec26e9cbe59b69aadbdfe0fd593f7ed650b58b150872c7503c1538384e120d450c90e0b1a085d6 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\SmartScreen\RemoteData\edgeSettings
| MD5 | 5692162977b015e31d5f35f50efab9cf |
| SHA1 | 705dc80e8b32ac8b68f7e13cf8a75dccb251ed7d |
| SHA256 | 42ccb5159b168dbe5d5ddf026e5f7ed3dbf50873cfe47c7c3ef0677bb07b90d4 |
| SHA512 | 32905a4cc5bce0fe8502ddd32096f40106625218bedc4e218a344225d6df2595a7b70eeb3695dcefdd894ecb2b66bed479654e8e07f02526648e07acfe47838c |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Network\b7b7ecc7-9ee8-4916-bf04-758e99265302.tmp
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\ExtensionActivityEdge
| MD5 | f2e899a1979707236795c099f6175cc6 |
| SHA1 | f7a4db3caa6240a60cee9e5cc13438cf435d944c |
| SHA256 | 11008907ff1692730ef09708c932a8461d595661f0ad86df29796ef1bc637354 |
| SHA512 | 1b5618ed85185985255c78caf5a7f22d8d4277cedf3e4ac755b37dc4a101a317e9f917d69af6c585b63c57ada048951bafeb5b3f05b769e793aacd5aa011d351 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Action Predictor
| MD5 | b4658f0ac4d1a96ff23e9edd0de90b1e |
| SHA1 | 752b065125d6fd91e8eba3fcbcb32ae2d1d1c1f9 |
| SHA256 | 8f6bc4d06d8f3f8424d8856fbcd03034a61cb4170f409973dabfefec21d5ae7f |
| SHA512 | 4a35569e6334f50d8c879f4985fdcb43f9e4e0927bb6f133360ae541de1e41cc9024d551b33d2114f97a53a07837e62dca24e2a45b9d7b47b1642a384d6e5bd1 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\PreferredApps
| MD5 | 2b432fef211c69c745aca86de4f8e4ab |
| SHA1 | 4b92da8d4c0188cf2409500adcd2200444a82fcc |
| SHA256 | 42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de |
| SHA512 | 948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf |
memory/3896-3917-0x00007FF873190000-0x00007FF8731B4000-memory.dmp
memory/3896-3916-0x0000000180000000-0x0000000180A63000-memory.dmp
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Secure Preferences
| MD5 | 83323dfb94c1861a4e38db3bfcf919e2 |
| SHA1 | 4fd423b27313c538bbcf0b1cf7d465e630a1c939 |
| SHA256 | 74f9af0748f66d225eb6de8c5eae74902ab745d790470619fd2a69543aa7c697 |
| SHA512 | 4cd708f2f18206dc77a0d41276f39d7b6a5f7a30073d740ed7ab79a8b33fc694357433dc943478b29227fb07e54d30d5a8a7cbf8377a2297468a7c818bdc6068 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Preferences
| MD5 | 1681a03b27b9eb6db7f4ac27b1c5c80f |
| SHA1 | 54311d684629aa02847dd3316afcfe4a399ad1f4 |
| SHA256 | c893f52d6c2bd23a1d8ca38599d09ca510e9d0a2c337928722fe0ea7264ecbba |
| SHA512 | 055215481e3b7035e7a5ca4ad93b218ecea4bd0c82d9539ae470255a157f03b58abcc1b394ecd659c075823089c46472d05cd60ea9de57b812537ecf418c729a |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | a342c9c1587a66a255bbf3ef52a112c8 |
| SHA1 | dfd9e9ee57f7e62a55772fea8f5d15e5214e21a3 |
| SHA256 | 0b6df7090299d017cc88ddbf7e1bdf5b490513d63e489a837db38f6d457a3e52 |
| SHA512 | a5c8a5ffd5dc56dc2362391c419b36a3d6ef133d4a122d4474ff9ff00d1fad5188c9fb2ff027503e8e51e7731605940438577db0af927e9fe217c71f5b642397 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\74ff1218-42cb-493e-8691-17ab593323f9.tmp
| MD5 | f8abff1eaf27c869e79ff7eca1083cd2 |
| SHA1 | 9313bb3b9cfe03b50a1704f6a619b6269027a5bd |
| SHA256 | b87f766f9102d31e2243355697ea7aeff8e030cb66d20a3af6ad91753cc15da8 |
| SHA512 | e8562619770fe44d74178d3828088b91d9c08f1ff3704d8c0aec0627bdb1c5124ad99c37334054760d89818c379ba56c4fcf6737b172e0276b4a5754a7326e1a |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\e5503fef-28f1-4268-be80-96c6dade9796.tmp
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Default\Network\TransportSecurity
| MD5 | e8172ab64db1a30bbf2dd8f3e6b74e9c |
| SHA1 | 510190ab2eb0c911d4e0d104581944e52ed4066e |
| SHA256 | b6a7ee4ad63e3fedd02976e012e802f4634e87070624df9cf2af3d4fd294359e |
| SHA512 | ac7eff19f716bb1989716b75a98c06078a84862b1b0b69be8483784cba1be5ade805bb07b9780521ab0835bff7601f2c068e77e39dc314e0e4f86b4514577727 |
memory/3896-3966-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3896-3968-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3896-3969-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3896-3971-0x0000000180000000-0x0000000180A63000-memory.dmp
C:\Users\Admin\Downloads\Debug\Crystal.exe.WebView2\EBWebView\Local State
| MD5 | b028f91e5a9934dd962e10dde1156d6d |
| SHA1 | e01b0ad05a0102035550a4f9323c5139b740232e |
| SHA256 | 882017426cd045f3e5f2651edc6070344205caf176a996d2682bc270bcc35ca7 |
| SHA512 | b28497472fcca144c8f8e7640f60f7bdb602850ddc030fd3dfd68bb877c4475c7990141bb9dac87af4a6fd358fa00fdf0c131d9c4543c14c72b7afdbf517a8be |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\ea47c6ae-c0de-48b1-a7f0-b7d439aa25a7.tmp
| MD5 | ed9b5f9de9ab95756917f4bcfb9741c9 |
| SHA1 | 018d93d94ea858dec3bb1e7941c05275134d4bb8 |
| SHA256 | bee1e9c30543df2aeca953b1c24384e7e0bf90244d984f1427d1d545af06c98d |
| SHA512 | b3a65e074e27600992574f9da040f8bb1a244804ca7e9b0ea142e9f65b9c7576bc532bae2e6df6e60b0291079cf237999531320b2d3dc618a2903f23c046243d |
memory/5100-4009-0x0000000005D70000-0x0000000005E22000-memory.dmp
memory/5100-4010-0x00000000058B0000-0x00000000058D2000-memory.dmp
memory/5100-4011-0x0000000005E30000-0x0000000006184000-memory.dmp
memory/3896-4012-0x0000000180000000-0x0000000180A63000-memory.dmp