23500bddbff92250b5ad38541348faef0244443b3295bca7a38d30ed8146fa82

Analysis

max time kernel
190s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Solara.zip
Size

437KB
MD5

aa3de0e040a9dda35d88231080353018
SHA1

746f759757b5f387a2d42799a01c455c7f385a8a
SHA256

23500bddbff92250b5ad38541348faef0244443b3295bca7a38d30ed8146fa82
SHA512

a094aa5309b3ec59b9ccb1cb7b203f6e97b3aa95471100f1cf1131d0ddb1adc4706c5450ec090cdafd1a726324d5b96f7c4a6999f64bc3edb7c88d3be70dba53
SSDEEP

12288:4C1tME2BK/QIOLYBaEN0bK1DVyQkx02fv:4KwijOLYKK1IQa/v

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1892	compiler.exe
4892	compiler.exe
4612	compiler.exe

Loads dropped DLL 3 IoCs

pid	Process
1892	compiler.exe
4892	compiler.exe
4612	compiler.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
84	ip-api.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1372	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1040	chrome.exe
1040	chrome.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3020	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
3768	7zG.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe
3020	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 1456	1040	chrome.exe	93
PID 1040 wrote to memory of 1456	1040	chrome.exe	93
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 1604	1040	chrome.exe	94
PID 1040 wrote to memory of 4068	1040	chrome.exe	95
PID 1040 wrote to memory of 4068	1040	chrome.exe	95
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96
PID 1040 wrote to memory of 3916	1040	chrome.exe	96

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Solara.zip
1⤵
PID:4692

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff0035cc40,0x7fff0035cc4c,0x7fff0035cc58
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,2454413912710170237,130007685998945181,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,2454413912710170237,130007685998945181,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,2454413912710170237,130007685998945181,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,2454413912710170237,130007685998945181,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3404,i,2454413912710170237,130007685998945181,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3716,i,2454413912710170237,130007685998945181,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4840,i,2454413912710170237,130007685998945181,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,2454413912710170237,130007685998945181,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4348,i,2454413912710170237,130007685998945181,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5052,i,2454413912710170237,130007685998945181,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4584 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3552,i,2454413912710170237,130007685998945181,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  - Drops file in System32 directory
  PID:3276

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4728

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:700

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Solara\" -spe -an -ai#7zMap21368:74:7zEvent7127
1⤵
- Suspicious use of FindShellTrayWindow
PID:3768

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Solara\Launcher.bat" "
1⤵
PID:404
- C:\Users\Admin\Downloads\Solara\compiler.exe
  compiler.exe config
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1892

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3020

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Solara\Launcher.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:1372

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Solara\Launcher.bat" "
1⤵
PID:3980
- C:\Users\Admin\Downloads\Solara\compiler.exe
  compiler.exe config
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4892

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:4060
- C:\Users\Admin\Downloads\Solara\compiler.exe
  compiler.exe config
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
437KB

MD5
aa3de0e040a9dda35d88231080353018

SHA1
746f759757b5f387a2d42799a01c455c7f385a8a

SHA256
23500bddbff92250b5ad38541348faef0244443b3295bca7a38d30ed8146fa82

SHA512
a094aa5309b3ec59b9ccb1cb7b203f6e97b3aa95471100f1cf1131d0ddb1adc4706c5450ec090cdafd1a726324d5b96f7c4a6999f64bc3edb7c88d3be70dba53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3e1e9b0710ddf2298776784264757943

SHA1
14863e81991717489bc684dcdbf74072d1c37c4f

SHA256
bac54a9685dac7e4f969b458f47041888abebaf3ed970d55e34bc02aa501a668

SHA512
e3ce53439412290cb47f2eb9787d0cd705f697455a418efa91d4682a5157119e026ec87a45b2a03ab7c8396a72816348d12e43e6dfe20df0c25d969e8a414d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
86579dca729d7f1c0b36412833412b1a

SHA1
244c8983b9c6c7731c8af4794f05cf440bdc8c18

SHA256
e2ff65f6b05023ecd74891488c1970a52d64cd02fe5b36e85d7bf7a53b7ef710

SHA512
45e21bfa5ab8f262ab5886cc2d1734177f3b45a7e6230a505a628c78a36bf9c93867afdb6166356d0d3f754f5259d7a209cf2669fc0bdbd844e62dcb1e1da145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
02b35856b0533a954450da09902ef732

SHA1
79db99a1417df888aa93177e88d9dee239431f11

SHA256
b390d083cc2bd55743c6ea4c6344762545f5f09c71956268b5d9b69845c35913

SHA512
8c7b97d5cb693a43610cee99039b16246da3d0a86217db9df04d16793d491f0cd3d7db600ce8c0173143d76b8a649e25032faf3d47d5ab6d5a50730c3dde37b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6cc8a9e866583b6a0c0819b540d0a616

SHA1
0ff7a91728d6d79c6d2d9aecc45a50e3f08b416b

SHA256
b159062326d5532b78ff4ed24e123e2944c9372810dc56e90b0a1ba4204ab52e

SHA512
f613bb898294825792b3ca691b8ea534847b1470b10ada968b91350fbafb3d44742a2f4c1807396c767c75139f0c354bfdfb51322857f42d55a07d531db70fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
34e885918060cdc31d20b4f6d7427fe5

SHA1
37a44f46568ea99766066ffe5b27d3de1ab4eb15

SHA256
d5cf8e4e53a695553381e224a0dcfe2bb60ee1564b78dd0f0d9279fcb14e4fc3

SHA512
4ffa0aa9a69356e88a6497a23121ef312c390291035e075c535ef4987d9a62908fb7077dc5610122289f412a6930b7e787c9d38a6159171208d0ad10f57dafd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ad609ffaaa88c8ebff1c086dbd774d0d

SHA1
7be7454c9a4ad2ad8ce2a41032fa6a690c06dcac

SHA256
300acfc3e6485a07ced90935dedbdc90b72390e8919e9cfd0190de5417e4aa3f

SHA512
401596bb4d3139d87208e3af9b82c6792d91d196493dad229cd0b66466ac5ba70a82160e5b35d6a419975d1f4be46ac4c88f1215def16b46dc958982190156df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3ce2d4f833e96d0a627335d62d1c395f

SHA1
82b5cd0e1f9a443dda2f36410808dcda1262fb41

SHA256
4ef37c34294eba10e1e5497e0e44a2d2cbd5575630e492eb8a53fc1f54ea13f6

SHA512
a4c3995b165ebd5d0b8a192254b0b309039a588d50585db4dda30008c846d75f9bf7db0e83925ebc47241ae20e9305bb055070522ff7603fd6eb7c3657b0e1ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
dd18461876b733c5e42dab87f5706dd7

SHA1
71292215763459909f16cf27f3c7a340b1fd52bb

SHA256
4c8426729cb5aefa8c894fdcf37adb3eeced492f262475ece18ea3b991cf8432

SHA512
e62cf2e16220e22cd8feacaec12659eadef4319104129d53105ba51842f96184feefa7bb47c0a80ae80fbc3b355a497ba87d392499adb42a7fc030c60cf99137

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f9d62a55f516156d9237cf5adc7a72f9

SHA1
a76bb686184bcd7fef0b286b2583330e0249f620

SHA256
3ef424082b25d58e75d05549e43ef7c274053cdf3501adfacd894a6fde029014

SHA512
b9dbfde6e4028a515d69a3b7ca4c7eff07002c8c0c44bed7915aca8dc60d2dde15301b011ca7a7aa2e48392b050cd33adb56b68768d65d84de564c2bf8584d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ebf1482f7aca4972da5efc586c33b644

SHA1
d08eaec0ea5f9759793da9e0433993e09cd1ad6d

SHA256
0a912056ad7183fc4277c6f31444b56c739ad8cd451e863e35220876301d01f3

SHA512
9b78cce45eeb979ae8b2582d31eca76927bb0dfed066795766d3ea4a7a3b68baf8f90870db47f82cc690ac7a16425b4226e08ac8607dd3cbee989314849cb369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7cf6acb164d3915822ee578c211b0808

SHA1
275e7d63d443d9e4d6df6bdaeb86252331f17b35

SHA256
0e97bd2ff8626e8f059b9784a9532ebe82c4d2b4c3588f0f82e7bad3b7dc40f3

SHA512
46ca8f8ab3d542bfd68e0d2ef356154746ba2361eae9088a45a174618f7b871b405eb2b03a3c33752323e44f342f3d221b9d58171d36c96c748c5bd77461aa93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb7519927b4ec00fb133bd1ec1d3e86f

SHA1
3f40dc31be40f5a7c8219f7037768a664c612ce2

SHA256
8e0c09a1265f46c477b79102ef138f936e119c60a61a5fbcb6f7ba4f94d4e36b

SHA512
bb3dd0bfba85aa656186cb297bb4c341690d383ceedce5ab05ccbf965c95520f4771d929c2455c772abe7dc4e9349c0d843f01ebf9223fa40ffe9d6f067d6db3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0de9e7eb1fa5c6db090c8cbcc326c610

SHA1
cdb08ac3308566cc873e0bcbc4d882807e8e6fdc

SHA256
5dcf41415fe47e4c047675727d11946f57efc98ae9cff526591ef127b28e168d

SHA512
0e26280e275ae70fe3dbdf5a732767a3997f27a489eff8489bd036e55ada7b67b5e718be01a80461cc6346d4c9794b0e45cb46ebe146b0e17f613294bb31a941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c97ce7738c019da28f89d54881f3fbd5

SHA1
561c0361524ce722a4d4f5ab30efccde212f2e2d

SHA256
24d77a844bb8abd625a287c976948e1c8d49ae60e9c94aa4a92e5012aade3729

SHA512
6171ee658c98a3d7c202bb1c9bdedaa05f4a03a1d6fd1f29ebd5dbda88a635fed84f93fbd8e2abb3aa2fafea1b05e47be2d7f8e7e9f0934180c1a85c8f919dc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d42f625b1756228585db293e2fae3e4

SHA1
70f6bb779e91fcac4b99f83b951395c3013c87fa

SHA256
e153814a5eafeaeba9e5b1d56471724aa0a846fa18aa3b3b6023e7a92b527810

SHA512
79007f94e8f704ad7d248c0aebdd537555394c9de5bb98f289c309edf19d806925be89bd8593e3285080f3dd5553418a61f5b6ca23fb1dcff14468359a744d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea221db985a642ace96a193f2a621c9c

SHA1
42917d0a95e5667c7247029a2ea27de48640f753

SHA256
ee032afd063c140ad88c0dfd5bf6e6b95e3397f3331502ff8709e4d15c44fabe

SHA512
7b211d2776f0e56402e7cd43025c43800b9326d4acea9b1f33e339bfcebc183a38248e031cd9922627d37411cd196c64952d6d91b46b3262a8f45409723b92fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0b0a559ac9452ccb454d7ab6dd9aaab3

SHA1
5c0dcd44fa06b9345618535d109f8b4c8cfa9de1

SHA256
5f35d77fa67c01a39aadba39e7e8bb4b5670c2d2a9d3279f8f8ed76e091c59f8

SHA512
3474b0a44938e05d6d2d894767ead8526f7325f6744551a254d5af3a3b08608409e7377e6bf660e83e795dc52f474599b399101bd98015b85d0c5a18624381db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
3e783ebd306ae1df3a5f0fcf4ac7cec5

SHA1
3fa22e49eb852f10ea99f7c4466226f706ecc8b0

SHA256
04825ce0c0eff45e016da5e62abde75e163e7aa98edfa5f2a9dabf31e9796e05

SHA512
3f0187ac0c280b564dcfa422917ee840ba694707c631b2198e263cefa184e9770a5e05e7a84260a0a39b35ff584801524f8391f4f4798ff8d25977d7370f48e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
3b1e4a910819cccd778c666d5f7643e0

SHA1
db1974552db30713ad23fca044121408ea8410d2

SHA256
f881279545673864c710c6643ba4419b73e28e54fdd645d6c55d4eb3ecd44b7b

SHA512
400c894510f7606ab8211251ec7a7c9934bb96205596edc2c0f301d7378ac08fe79e76f30f12dd97a607df7ca56efa47f2b169be6a37434cbf3c3ba7ed07584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I0E3LJN0\json[1].json

Filesize
311B

MD5
9105750f17d90587cfdb3073e3db4b41

SHA1
68299e57ccb94050710511c9fba7f144af55038d

SHA256
325bea9d40295cd711d613b7dcb0958e04a537f751b177573a9c40303a4879f9

SHA512
07fcd8e2811bc7d8a481694d32a8d220a03ec99dfd8b9f55de99ff8327d392c6afbd821358b5087e29120b5a6d706f258c723585d3c69a26c1b0c385722256de

Download Submit
C:\Users\Admin\Downloads\Solara\Launcher.bat

Filesize
31B

MD5
41132bf2fe575a1b1e4c1504afe5324a

SHA1
2531a3b6534495510d727cfd179805b1eb68d7fe

SHA256
a6a10d3ad76f6ac73ddb8026cea7024523b67210cad1ff64e0deea00bbf54df5

SHA512
a5514a7a7749233d0c37c8d6be628ca3e5ac4e36a187fccda53569430eaa9723f704c0597f79dee5ddf1e507407ec087cf70cccd8fddcbedad50d6a6d1ed1b6a

Download Submit
C:\Users\Admin\Downloads\Solara\compiler.exe

Filesize
203KB

MD5
86a5ca3d3047cf565ff86ea815da9fdd

SHA1
a8e71c779862d3b4188f8dd6eac44afdf37d0ad8

SHA256
d8dfaed0bd2f45c5f8cff47c680efcb1441b0856f0f6de954a1095450d3ec0e2

SHA512
0ade956d8386f07352757a459581b880663c58b79345441a0eaafae0d41da92e42861423c4a918cf4b2121dbc1bbdaa71eb44952be402fe82ac9ac30dd83e07f

Download Submit
C:\Users\Admin\Downloads\Solara\config

Filesize
298KB

MD5
4ad602c68eb3aa4c84c73834e653605f

SHA1
3afe93611642a34da843e91db323fbec18ac7887

SHA256
aa2ac19e959beca447e34da002cc63149c208d8427bb8631344ea069f4bbccba

SHA512
9cbb57a762f924768a1ff05cec2f0a05e4c4b6d145a51bec8246bae4f9de382f95809cc71bb6a0592ee97172cf020bdecf00d6997ff4f0242a8ad6458ae7f2d5

Download Submit
C:\Users\Admin\Downloads\Solara\lua51.dll

Filesize
389KB

MD5
fb2b8675cf63baddf4430bf7f53ff218

SHA1
502b193ec72eb71192f6b783cffe9b6eb8bc944a

SHA256
16c4d10cb496578b0ca63c0c30e1e346cf3f879326768889386c058760f9a39e

SHA512
41a1183a87b6879add36de49cc876e07dcc365289ebc4359ca836bc9376fef10bedde7e2c878be238315296d20780c06e7305d913757b6879e86051439348892

Download Submit
memory/1892-263-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-249-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-272-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-279-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-278-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-277-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-276-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-275-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-274-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-273-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-270-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-269-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-268-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-267-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-266-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-265-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-264-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-285-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-262-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-261-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-260-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-259-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-258-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-257-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-253-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-256-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-255-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-254-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-252-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-251-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-250-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-284-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-248-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-247-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-246-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-245-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-244-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-243-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-242-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-241-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-240-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-283-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-282-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-281-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-238-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-237-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-236-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-235-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-234-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-233-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-232-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-239-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-231-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-230-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-229-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-228-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-286-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-287-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-288-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-289-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-290-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-291-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-280-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download
memory/1892-271-0x000000007F1E0000-0x000000007F1F0000-memory.dmp

Filesize
64KB

Download