ac10a3ae90d450832300d24624ea8bd49c6ecff1de3539b793f6472f76d021fd

Analysis

max time kernel
23s
max time network
145s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 17:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SolaraBootstrapper.exe
Size

2.6MB
MD5

9e43cdfc9923cc453111634a65f04691
SHA1

e3f73d7e5cd4e557ac755558ad539c6d2a5547b0
SHA256

ac10a3ae90d450832300d24624ea8bd49c6ecff1de3539b793f6472f76d021fd
SHA512

068ec0a085c8229e4fba4d4b5437a20fe82704c93ad7511e8f0cc0f21190d8af938891fb253a23a59ef567288f30bc63f1526b08e92017ca97ebea3341a74eba
SSDEEP

49152:xLpTsEQQEQ5pc0BK/sXJS3KM5dIy3LZrpgqTSihRN6UuNyY:xezYAn/KvclFrprSwwN

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 35 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SolaraBootstrapper.exe

Checks BIOS information in registry 2 TTPs 64 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SolaraBootstrapper.exe

Executes dropped EXE 34 IoCs

pid	Process
1188	Solara.exe
2592	Solara.exe
2496	Solara.exe
2480	Solara.exe
264	Solara.exe
600	Solara.exe
1612	Solara.exe
748	Solara.exe
1608	Solara.exe
2764	Solara.exe
1184	Solara.exe
3056	Solara.exe
1380	Solara.exe
744	Solara.exe
1668	Solara.exe
1532	Solara.exe
2068	Solara.exe
2392	Solara.exe
2904	Solara.exe
2560	Solara.exe
2748	Solara.exe
2568	Solara.exe
2424	Solara.exe
1848	Solara.exe
2448	Solara.exe
1492	Solara.exe
2784	Solara.exe
2696	Solara.exe
752	Solara.exe
2508	Solara.exe
1672	Solara.exe
2768	Solara.exe
1428	Solara.exe
2920	Solara.exe

Loads dropped DLL 34 IoCs

pid	Process
2964	SolaraBootstrapper.exe
3040	SolaraBootstrapper.exe
2672	SolaraBootstrapper.exe
2868	SolaraBootstrapper.exe
2468	SolaraBootstrapper.exe
788	SolaraBootstrapper.exe
1632	SolaraBootstrapper.exe
2508	SolaraBootstrapper.exe
1840	SolaraBootstrapper.exe
1448	SolaraBootstrapper.exe
2924	SolaraBootstrapper.exe
2248	SolaraBootstrapper.exe
2352	SolaraBootstrapper.exe
668	SolaraBootstrapper.exe
1604	SolaraBootstrapper.exe
308	SolaraBootstrapper.exe
672	SolaraBootstrapper.exe
1740	SolaraBootstrapper.exe
1000	SolaraBootstrapper.exe
2080	SolaraBootstrapper.exe
3020	SolaraBootstrapper.exe
2572	SolaraBootstrapper.exe
1892	SolaraBootstrapper.exe
2868	SolaraBootstrapper.exe
1972	SolaraBootstrapper.exe
2452	SolaraBootstrapper.exe
2676	SolaraBootstrapper.exe
2820	SolaraBootstrapper.exe
2848	SolaraBootstrapper.exe
1632	SolaraBootstrapper.exe
1828	SolaraBootstrapper.exe
388	SolaraBootstrapper.exe
2756	SolaraBootstrapper.exe
1228	SolaraBootstrapper.exe

Themida packer 64 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2964-0-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2964-2-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2964-7-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/3040-11-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/3040-13-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2672-18-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/3040-19-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2672-20-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2868-25-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2672-26-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2868-27-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2868-30-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2468-32-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2468-34-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/788-39-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2468-37-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/788-40-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1632-46-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/788-44-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1632-48-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1632-53-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2508-54-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2508-57-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1840-75-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1840-78-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1448-79-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1448-81-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2924-84-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2924-86-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2248-88-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2248-90-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2352-92-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/668-96-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/668-99-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1604-101-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1604-103-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/308-105-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/308-108-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/672-112-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1740-116-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2080-125-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2572-131-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2572-133-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2868-143-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1972-144-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2452-149-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2676-152-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2848-156-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1632-158-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1828-160-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1828-161-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/388-162-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/388-163-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1632-159-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2848-157-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2820-155-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2820-154-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2676-153-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2452-151-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1972-147-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/2868-140-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1892-138-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/1892-136-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida
behavioral1/memory/3020-129-0x0000000000400000-0x0000000000ABF000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 35 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SolaraBootstrapper.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 35 IoCs

pid	Process
2964	SolaraBootstrapper.exe
3040	SolaraBootstrapper.exe
2672	SolaraBootstrapper.exe
2868	SolaraBootstrapper.exe
2468	SolaraBootstrapper.exe
788	SolaraBootstrapper.exe
1632	SolaraBootstrapper.exe
2508	SolaraBootstrapper.exe
1840	SolaraBootstrapper.exe
1448	SolaraBootstrapper.exe
2924	SolaraBootstrapper.exe
2248	SolaraBootstrapper.exe
2352	SolaraBootstrapper.exe
668	SolaraBootstrapper.exe
1604	SolaraBootstrapper.exe
308	SolaraBootstrapper.exe
672	SolaraBootstrapper.exe
1740	SolaraBootstrapper.exe
1000	SolaraBootstrapper.exe
2080	SolaraBootstrapper.exe
3020	SolaraBootstrapper.exe
2572	SolaraBootstrapper.exe
1892	SolaraBootstrapper.exe
2868	SolaraBootstrapper.exe
1972	SolaraBootstrapper.exe
2452	SolaraBootstrapper.exe
2676	SolaraBootstrapper.exe
2820	SolaraBootstrapper.exe
2848	SolaraBootstrapper.exe
1632	SolaraBootstrapper.exe
1828	SolaraBootstrapper.exe
388	SolaraBootstrapper.exe
2756	SolaraBootstrapper.exe
1228	SolaraBootstrapper.exe
1276	SolaraBootstrapper.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 3 IoCs

evasion

pid	Process
2020	timeout.exe
848	timeout.exe
1544	timeout.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
576	schtasks.exe

Suspicious behavior: EnumeratesProcesses 41 IoCs

pid	Process
2964	SolaraBootstrapper.exe
3040	SolaraBootstrapper.exe
2672	SolaraBootstrapper.exe
2592	Solara.exe
2592	Solara.exe
2592	Solara.exe
2496	Solara.exe
2496	Solara.exe
2496	Solara.exe
2868	SolaraBootstrapper.exe
2468	SolaraBootstrapper.exe
788	SolaraBootstrapper.exe
1632	SolaraBootstrapper.exe
2508	SolaraBootstrapper.exe
1840	SolaraBootstrapper.exe
1448	SolaraBootstrapper.exe
2924	SolaraBootstrapper.exe
2248	SolaraBootstrapper.exe
2352	SolaraBootstrapper.exe
668	SolaraBootstrapper.exe
1604	SolaraBootstrapper.exe
308	SolaraBootstrapper.exe
672	SolaraBootstrapper.exe
1740	SolaraBootstrapper.exe
1000	SolaraBootstrapper.exe
2080	SolaraBootstrapper.exe
3020	SolaraBootstrapper.exe
2572	SolaraBootstrapper.exe
1892	SolaraBootstrapper.exe
2868	SolaraBootstrapper.exe
1972	SolaraBootstrapper.exe
2452	SolaraBootstrapper.exe
2676	SolaraBootstrapper.exe
2820	SolaraBootstrapper.exe
2848	SolaraBootstrapper.exe
1632	SolaraBootstrapper.exe
1828	SolaraBootstrapper.exe
388	SolaraBootstrapper.exe
2756	SolaraBootstrapper.exe
1228	SolaraBootstrapper.exe
1276	SolaraBootstrapper.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2592	Solara.exe
Token: SeDebugPrivilege	2496	Solara.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 3040	2964	SolaraBootstrapper.exe	28
PID 2964 wrote to memory of 3040	2964	SolaraBootstrapper.exe	28
PID 2964 wrote to memory of 3040	2964	SolaraBootstrapper.exe	28
PID 2964 wrote to memory of 3040	2964	SolaraBootstrapper.exe	28
PID 2964 wrote to memory of 1188	2964	SolaraBootstrapper.exe	270
PID 2964 wrote to memory of 1188	2964	SolaraBootstrapper.exe	270
PID 2964 wrote to memory of 1188	2964	SolaraBootstrapper.exe	270
PID 2964 wrote to memory of 1188	2964	SolaraBootstrapper.exe	270
PID 3040 wrote to memory of 2672	3040	SolaraBootstrapper.exe	30
PID 3040 wrote to memory of 2672	3040	SolaraBootstrapper.exe	30
PID 3040 wrote to memory of 2672	3040	SolaraBootstrapper.exe	30
PID 3040 wrote to memory of 2672	3040	SolaraBootstrapper.exe	30
PID 3040 wrote to memory of 2592	3040	SolaraBootstrapper.exe	31
PID 3040 wrote to memory of 2592	3040	SolaraBootstrapper.exe	31
PID 3040 wrote to memory of 2592	3040	SolaraBootstrapper.exe	31
PID 3040 wrote to memory of 2592	3040	SolaraBootstrapper.exe	31
PID 2672 wrote to memory of 2868	2672	SolaraBootstrapper.exe	79
PID 2672 wrote to memory of 2868	2672	SolaraBootstrapper.exe	79
PID 2672 wrote to memory of 2868	2672	SolaraBootstrapper.exe	79
PID 2672 wrote to memory of 2868	2672	SolaraBootstrapper.exe	79
PID 2672 wrote to memory of 2496	2672	SolaraBootstrapper.exe	33
PID 2672 wrote to memory of 2496	2672	SolaraBootstrapper.exe	33
PID 2672 wrote to memory of 2496	2672	SolaraBootstrapper.exe	33
PID 2672 wrote to memory of 2496	2672	SolaraBootstrapper.exe	33
PID 2868 wrote to memory of 2468	2868	SolaraBootstrapper.exe	422
PID 2868 wrote to memory of 2468	2868	SolaraBootstrapper.exe	422
PID 2868 wrote to memory of 2468	2868	SolaraBootstrapper.exe	422
PID 2868 wrote to memory of 2468	2868	SolaraBootstrapper.exe	422
PID 2868 wrote to memory of 2480	2868	SolaraBootstrapper.exe	35
PID 2868 wrote to memory of 2480	2868	SolaraBootstrapper.exe	35
PID 2868 wrote to memory of 2480	2868	SolaraBootstrapper.exe	35
PID 2868 wrote to memory of 2480	2868	SolaraBootstrapper.exe	35
PID 2496 wrote to memory of 2324	2496	Solara.exe	36
PID 2496 wrote to memory of 2324	2496	Solara.exe	36
PID 2496 wrote to memory of 2324	2496	Solara.exe	36
PID 2468 wrote to memory of 788	2468	SolaraBootstrapper.exe	412
PID 2468 wrote to memory of 788	2468	SolaraBootstrapper.exe	412
PID 2468 wrote to memory of 788	2468	SolaraBootstrapper.exe	412
PID 2468 wrote to memory of 788	2468	SolaraBootstrapper.exe	412
PID 2468 wrote to memory of 264	2468	SolaraBootstrapper.exe	39
PID 2468 wrote to memory of 264	2468	SolaraBootstrapper.exe	39
PID 2468 wrote to memory of 264	2468	SolaraBootstrapper.exe	39
PID 2468 wrote to memory of 264	2468	SolaraBootstrapper.exe	39
PID 2496 wrote to memory of 576	2496	Solara.exe	303
PID 2496 wrote to memory of 576	2496	Solara.exe	303
PID 2496 wrote to memory of 576	2496	Solara.exe	303
PID 788 wrote to memory of 1632	788	SolaraBootstrapper.exe	380
PID 788 wrote to memory of 1632	788	SolaraBootstrapper.exe	380
PID 788 wrote to memory of 1632	788	SolaraBootstrapper.exe	380
PID 788 wrote to memory of 1632	788	SolaraBootstrapper.exe	380
PID 788 wrote to memory of 600	788	SolaraBootstrapper.exe	280
PID 788 wrote to memory of 600	788	SolaraBootstrapper.exe	280
PID 788 wrote to memory of 600	788	SolaraBootstrapper.exe	280
PID 788 wrote to memory of 600	788	SolaraBootstrapper.exe	280
PID 2496 wrote to memory of 2840	2496	Solara.exe	330
PID 2496 wrote to memory of 2840	2496	Solara.exe	330
PID 2496 wrote to memory of 2840	2496	Solara.exe	330
PID 1632 wrote to memory of 2508	1632	SolaraBootstrapper.exe	94
PID 1632 wrote to memory of 2508	1632	SolaraBootstrapper.exe	94
PID 1632 wrote to memory of 2508	1632	SolaraBootstrapper.exe	94
PID 1632 wrote to memory of 2508	1632	SolaraBootstrapper.exe	94
PID 1632 wrote to memory of 1612	1632	SolaraBootstrapper.exe	263
PID 1632 wrote to memory of 1612	1632	SolaraBootstrapper.exe	263
PID 1632 wrote to memory of 1612	1632	SolaraBootstrapper.exe	263

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
  "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
    "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
      "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
      4⤵
      Identifies VirtualBox via ACPI registry values (likely anti-VM)
      Checks BIOS information in registry
      Loads dropped DLL
      Checks whether UAC is enabled
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        5⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        6⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        7⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        8⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        9⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        10⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        11⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        12⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        13⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        14⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        15⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        16⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        17⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        18⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        19⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        20⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        21⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        22⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        23⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        24⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        25⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        26⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        27⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        28⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        29⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        30⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        31⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        32⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        33⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        34⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        35⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        36⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        37⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        38⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        39⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        40⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        41⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        42⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        43⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        44⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        45⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        46⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        47⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        48⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        49⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        50⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        51⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        52⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        53⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        54⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        55⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        56⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        57⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        58⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        59⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        60⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        61⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        62⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        63⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        64⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        65⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        66⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        67⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        68⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        69⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        70⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        71⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        72⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        73⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        74⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        75⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        76⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        77⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        78⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        79⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        80⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        81⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        82⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        83⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        84⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        85⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        86⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        87⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        88⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        89⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        90⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        91⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        92⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        93⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        94⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        95⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        96⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        97⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        98⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        99⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        100⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        101⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        102⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        103⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        104⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        105⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        106⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        107⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        108⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        109⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        110⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        111⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        112⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        113⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        114⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        115⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        116⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        117⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        118⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        119⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        120⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        121⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        122⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        123⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        124⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        125⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        126⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        127⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        128⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        129⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        130⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        131⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        132⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        133⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        134⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        135⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        136⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        137⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        138⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        139⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        140⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        141⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        142⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        143⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        144⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        145⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        146⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        147⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        148⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        149⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        150⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        151⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        152⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        153⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        154⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        155⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        156⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        157⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        158⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        159⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        160⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        161⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        162⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        163⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        164⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        165⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        166⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        167⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        168⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        169⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        170⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        171⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        172⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        173⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        174⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        175⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        176⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        177⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        178⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        179⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        180⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        181⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        182⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        183⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        184⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        185⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        186⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        187⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        188⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        189⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        190⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        191⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        192⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        193⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        194⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        195⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        196⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        197⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        198⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        199⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        200⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        201⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        202⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        203⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        204⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        205⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        206⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        207⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        208⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        209⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        210⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        211⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        212⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        213⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        214⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        215⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        216⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        217⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        218⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        219⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        220⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        221⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        222⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        223⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        224⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        225⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        226⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        227⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        228⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        229⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        230⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        231⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        232⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        233⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        234⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        235⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        236⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        237⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        238⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        239⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        240⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        241⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        242⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        243⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        244⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        245⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        246⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        247⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        248⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        249⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        250⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        251⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        252⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        253⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        254⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        255⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        256⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        257⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        258⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        259⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        260⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        261⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        262⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        263⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        264⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        265⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        266⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        267⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        268⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        269⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        270⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        271⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        272⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        273⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        274⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        275⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        276⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        277⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        278⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        279⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        280⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        281⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        282⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        283⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        284⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        285⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        286⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        287⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        288⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        289⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        290⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        291⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        292⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        293⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        294⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        295⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        296⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        297⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        298⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        299⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        300⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        301⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        302⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        303⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        304⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        305⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        306⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        307⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        308⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        309⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        310⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        311⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        312⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        313⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        314⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        315⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        316⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        317⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        318⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        319⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        320⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        321⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        322⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        323⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        324⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        325⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        326⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        327⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        328⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        329⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        330⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        331⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        332⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        333⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        334⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        335⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        336⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        337⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        338⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        339⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        340⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        341⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        342⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        343⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        344⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        345⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        346⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        347⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        348⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        349⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        350⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        351⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        352⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
        353⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        353⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        352⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        351⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        350⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        349⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        348⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        347⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        346⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        345⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        344⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        343⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        342⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        341⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        340⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        339⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        338⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        337⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        336⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        335⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        334⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        333⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        332⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        331⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        330⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        329⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        328⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        327⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        326⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        325⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        324⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        323⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        322⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        321⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        320⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        319⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        318⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        317⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        316⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        315⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        314⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        313⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        312⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        311⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        310⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        309⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        308⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        307⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        306⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        305⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        304⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        303⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        302⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        301⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        300⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        299⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        298⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        297⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        296⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        295⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        294⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        293⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        292⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        291⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        290⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        289⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        288⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        287⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        286⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        285⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        284⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        283⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        282⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        281⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        280⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        279⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        278⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        277⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        276⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        275⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        274⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        273⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        272⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        271⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        270⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        269⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        268⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        267⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        266⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        265⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        264⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        263⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        262⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        261⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        260⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        259⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        258⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        257⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        256⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        255⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        254⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        253⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        252⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        251⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        250⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        249⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        248⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        247⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        246⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        245⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        244⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        243⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        242⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        241⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        240⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        239⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        238⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        237⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        236⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        235⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        234⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        233⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        232⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        231⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        230⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        229⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        228⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        227⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        226⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        225⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        224⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        223⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        222⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        221⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        220⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        219⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        218⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        217⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        216⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        215⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        214⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        213⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        212⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        211⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        210⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        209⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        208⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        207⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        206⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        205⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        204⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        203⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        202⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        201⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        200⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        199⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        198⤵
        
        PID:360
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        197⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        196⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        195⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        194⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        193⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        192⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        191⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        190⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        189⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        188⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        187⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        186⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        185⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        184⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        183⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        182⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        181⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        180⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        179⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        178⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        177⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        176⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        175⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        174⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        173⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        172⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        171⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        170⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        169⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        168⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        167⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        166⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        165⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        164⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        163⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        162⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        161⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        160⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        159⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        158⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        157⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        156⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        155⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        154⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        153⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        152⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        151⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        150⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        149⤵
        
        PID:360
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        148⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        147⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        146⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        145⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        144⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        143⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        142⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        141⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        140⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        139⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        138⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        137⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        136⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        135⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        134⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        133⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        132⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        131⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        130⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        129⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        128⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        127⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        126⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        125⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        124⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        123⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        122⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        121⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        120⤵
        
        PID:548
        
        C:\Windows\system32\schtasks.exe
        
        "schtasks.exe" /query /TN Solara.exe
        121⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        119⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        118⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        117⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        116⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        115⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        114⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        113⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        112⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        111⤵
        
        PID:2184
        
        C:\Windows\system32\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmpA15E.tmp.bat""
        112⤵
        
        PID:912
        
        C:\Windows\system32\timeout.exe
        
        timeout 3
        113⤵
        Delays execution with timeout.exe
        
        PID:848
        
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\test\Solara.exe
        
        "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\test\Solara.exe"
        113⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        110⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        109⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        108⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        107⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        106⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        105⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        104⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        103⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        102⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        101⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        100⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        99⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        98⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        97⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        96⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        95⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        94⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        93⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        92⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        91⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        90⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        89⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        88⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        87⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        86⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        85⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        84⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        83⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        82⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        81⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        80⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        79⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        78⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        77⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        76⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        75⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        74⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        73⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        72⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        71⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        70⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        69⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        68⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        67⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        66⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        65⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        64⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        63⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        62⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        61⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        60⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        59⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        58⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        57⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        56⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        55⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        54⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        53⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        52⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        51⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        50⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        49⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        48⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        47⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        46⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        45⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        44⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        43⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        42⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        41⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        40⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        39⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        38⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        37⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        36⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        35⤵
        Executes dropped EXE
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        34⤵
        Executes dropped EXE
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        33⤵
        Executes dropped EXE
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        32⤵
        Executes dropped EXE
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        31⤵
        Executes dropped EXE
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        30⤵
        Executes dropped EXE
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        29⤵
        Executes dropped EXE
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        28⤵
        Executes dropped EXE
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        27⤵
        Executes dropped EXE
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        26⤵
        Executes dropped EXE
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        25⤵
        Executes dropped EXE
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        24⤵
        Executes dropped EXE
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        23⤵
        Executes dropped EXE
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        22⤵
        Executes dropped EXE
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        21⤵
        Executes dropped EXE
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        20⤵
        Executes dropped EXE
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        19⤵
        Executes dropped EXE
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        18⤵
        Executes dropped EXE
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        17⤵
        Executes dropped EXE
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        16⤵
        Executes dropped EXE
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        15⤵
        Executes dropped EXE
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        14⤵
        Executes dropped EXE
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        13⤵
        Executes dropped EXE
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        12⤵
        Executes dropped EXE
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        11⤵
        Executes dropped EXE
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        10⤵
        Executes dropped EXE
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        9⤵
        Executes dropped EXE
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        8⤵
        Executes dropped EXE
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        7⤵
        Executes dropped EXE
        
        PID:600
      - C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        6⤵
        Executes dropped EXE
        
        PID:264
    - - C:\Users\Admin\AppData\Local\Temp\Solara.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
        5⤵
        Executes dropped EXE
        
        PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Solara.exe
      "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2496
    - - C:\Windows\system32\schtasks.exe
        
        "schtasks.exe" /query /TN Solara.exe
        5⤵
        
        PID:2324
    - - C:\Windows\system32\schtasks.exe
        
        "schtasks.exe" /Create /SC ONCE /TN "Solara.exe" /TR "C:\Users\Admin\AppData\Local\Temp\Solara.exe \"\Solara.exe\" /AsAdmin" /ST 00:01 /IT /F /RL HIGHEST
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:576
    - - C:\Windows\system32\schtasks.exe
        
        "schtasks.exe" /query /TN Solara.exe
        5⤵
        
        PID:2840
    - - C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Solara_Task"
        5⤵
        
        PID:2400
      - C:\Windows\system32\schtasks.exe
        
        schtasks /delete /f /tn "Solara_Task"
        6⤵
        
        PID:1612
    - - C:\Windows\system32\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp45DE.tmp.bat""
        5⤵
        
        PID:1000
      - C:\Windows\system32\timeout.exe
        
        timeout 3
        6⤵
        Delays execution with timeout.exe
        
        PID:2020
- - C:\Users\Admin\AppData\Local\Temp\Solara.exe
    "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2592
  - - C:\Windows\system32\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmpCBB8.tmp.bat""
      4⤵
      PID:3060
    - - C:\Windows\system32\timeout.exe
        
        timeout 3
        5⤵
        Delays execution with timeout.exe
        
        PID:1544
    - - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\test\Solara.exe
        
        "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\test\Solara.exe"
        5⤵
        
        PID:1044
- C:\Users\Admin\AppData\Local\Temp\Solara.exe
  "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
  2⤵
  - Executes dropped EXE
  PID:1188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cab97FD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.exe

Filesize
36KB

MD5
3b68e964af63cff75b9c96120ff42ed8

SHA1
582aa7c9bfb074fefb8e60163dd11d130fa4b35b

SHA256
9e51f5eb528d437bde55d4b68c114877dcb5f3a4c885731085ffe0b038e65f86

SHA512
a01fcdfdfcbbae7cd5d1dad535df05cb84f0a66267850931f8f44e174c1389185d9ac315eef85b2e2ae84552df6fb4cdf3191b047e39a377ec36b88ae783af95

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF617.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp45DE.tmp.bat

Filesize
240B

MD5
069d4b16ad90108bf5d55d2c43177810

SHA1
73ca34cca51fb6720dd9973a3d0158e515c103e1

SHA256
f70c4e2787e0e9fb30a3a7351f794b6b4f8e12428f48ce050a75a7e595d7c1ac

SHA512
7fd533900f79d2b64a60731da16184b14538db935860896bf2780e83103f93e837bc42b72752fdb495dc9cc27b2ff4b29dc199bc8c3697a6230980f2b9eaf7f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA15E.tmp.bat

Filesize
183B

MD5
9f753531e7ecb6616099e9241aa92569

SHA1
e4830b8777c84ce9c0e67412dafd578b47a4be89

SHA256
ef8f81ec6a6ba50065b4fcd299283cb3a49f8e141548056ff08a204742c1a444

SHA512
37abdc341a008c50704ea898cc3e190215cd84d40082f571fbb7465e8a303cf860b95b14086af37b8af909ce216557b3d811278f271c1ead7d38e8e200a49475

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpCBB8.tmp.bat

Filesize
183B

MD5
830781aa459778d498c282347b26f571

SHA1
03cb37719760f305e47295735167abcb80b7872e

SHA256
3d5dfaeaf5c01028e5a3c1fe6e0a79ebea3e08ff6b78225da2bf12073313955c

SHA512
71a56000ff8b827a201f70c07866e658d8651b27b4403287a060f0f2f1fa000b1964c2808595155f09d248aeeb2d655d62cdce5eaec8f7d02c2b3f637300e445

Download Submit
memory/308-108-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/308-105-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/388-162-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/388-163-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/668-99-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/668-96-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/672-110-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/672-112-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/788-308-0x0000000002D20000-0x00000000033DF000-memory.dmp

Filesize
6.7MB

Download
memory/788-44-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/788-45-0x0000000002D20000-0x00000000033DF000-memory.dmp

Filesize
6.7MB

Download
memory/788-40-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/788-527-0x000000013FC30000-0x000000013FC3E000-memory.dmp

Filesize
56KB

Download
memory/788-39-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1000-121-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1000-118-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1044-182-0x000000013FD50000-0x000000013FD5E000-memory.dmp

Filesize
56KB

Download
memory/1188-12-0x000000013FAD0000-0x000000013FADE000-memory.dmp

Filesize
56KB

Download
memory/1448-79-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1448-81-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1604-101-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1604-103-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1632-159-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1632-53-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1632-48-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1632-49-0x0000000002EE0000-0x000000000359F000-memory.dmp

Filesize
6.7MB

Download
memory/1632-158-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1632-46-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1740-114-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1740-116-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1828-161-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1828-160-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1840-75-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1840-78-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1892-138-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1892-136-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1972-147-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/1972-144-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2080-123-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2080-125-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2184-361-0x000000013F510000-0x000000013F51E000-memory.dmp

Filesize
56KB

Download
memory/2248-90-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2248-88-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2352-92-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2352-94-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2452-151-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2452-149-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2468-35-0x0000000002D20000-0x00000000033DF000-memory.dmp

Filesize
6.7MB

Download
memory/2468-37-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2468-32-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2468-34-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2496-213-0x00000000005E0000-0x0000000000600000-memory.dmp

Filesize
128KB

Download
memory/2508-57-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2508-54-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2572-133-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2572-131-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2672-26-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2672-22-0x0000000002EE0000-0x000000000359F000-memory.dmp

Filesize
6.7MB

Download
memory/2672-18-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2672-20-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2676-152-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2676-153-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2820-155-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2820-154-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2848-157-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2848-156-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2868-140-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2868-30-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2868-27-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2868-29-0x0000000002BB0000-0x000000000326F000-memory.dmp

Filesize
6.7MB

Download
memory/2868-143-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2868-25-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2924-84-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2924-86-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2964-0-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2964-7-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2964-10-0x0000000002BC0000-0x000000000327F000-memory.dmp

Filesize
6.7MB

Download
memory/2964-2-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/2964-1-0x0000000076F20000-0x0000000076F22000-memory.dmp

Filesize
8KB

Download
memory/3020-127-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/3020-129-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/3040-19-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/3040-14-0x0000000002C00000-0x00000000032BF000-memory.dmp

Filesize
6.7MB

Download
memory/3040-13-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download
memory/3040-11-0x0000000000400000-0x0000000000ABF000-memory.dmp

Filesize
6.7MB

Download