2510be907ec476e8375ac7b5431536ae9a32bf99fe77ab695a5100852b111b96

Analysis

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
21/07/2024, 05:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SolaraB/Solara/SolaraBootstrapper.exe
Size

13KB
MD5

6557bd5240397f026e675afb78544a26
SHA1

839e683bf68703d373b6eac246f19386bb181713
SHA256

a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239
SHA512

f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97
SSDEEP

192:konexQO0FoAWyEfJkVIaqaLHmr/XKT0ifnTJ1jvVXctNjA:HnexHAWyEfJoIaqayzKAifd1LVEj

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Executes dropped EXE 1 IoCs

pid	Process
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Loads dropped DLL 5 IoCs

pid	Process
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Themida packer 20 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x000100000002aa9f-437.dat	themida
behavioral1/memory/2836-445-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-447-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-446-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-448-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-639-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-673-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-874-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-875-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-896-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-953-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-983-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-1047-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-1106-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-1134-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-1155-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-1185-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-1224-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-1252-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida
behavioral1/memory/2836-1284-0x0000000180000000-0x0000000180AE6000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
3	raw.githubusercontent.com
5	raw.githubusercontent.com
6	raw.githubusercontent.com
14	raw.githubusercontent.com
38	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133660136498638646"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2087971895-212656400-463594913-1000\{978E4924-705F-426D-8B06-81BB8CBDA24A}	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1096	SolaraBootstrapper.exe
1096	SolaraBootstrapper.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
716	msedgewebview2.exe
716	msedgewebview2.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
3472	chrome.exe
3472	chrome.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
1456	msedgewebview2.exe
1456	msedgewebview2.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2280	msedgewebview2.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1096	SolaraBootstrapper.exe
Token: SeDebugPrivilege	2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2280	msedgewebview2.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 2836	1096	SolaraBootstrapper.exe	83
PID 1096 wrote to memory of 2836	1096	SolaraBootstrapper.exe	83
PID 2836 wrote to memory of 2280	2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe	84
PID 2836 wrote to memory of 2280	2836	cd57e4c171d6e8f5ea8b8f824a6a7316.exe	84
PID 2280 wrote to memory of 3464	2280	msedgewebview2.exe	85
PID 2280 wrote to memory of 3464	2280	msedgewebview2.exe	85
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 3828	2280	msedgewebview2.exe	86
PID 2280 wrote to memory of 716	2280	msedgewebview2.exe	87
PID 2280 wrote to memory of 716	2280	msedgewebview2.exe	87
PID 2280 wrote to memory of 4288	2280	msedgewebview2.exe	88
PID 2280 wrote to memory of 4288	2280	msedgewebview2.exe	88
PID 2280 wrote to memory of 4288	2280	msedgewebview2.exe	88
PID 2280 wrote to memory of 4288	2280	msedgewebview2.exe	88
PID 2280 wrote to memory of 4288	2280	msedgewebview2.exe	88
PID 2280 wrote to memory of 4288	2280	msedgewebview2.exe	88
PID 2280 wrote to memory of 4288	2280	msedgewebview2.exe	88
PID 2280 wrote to memory of 4288	2280	msedgewebview2.exe	88
PID 2280 wrote to memory of 4288	2280	msedgewebview2.exe	88
PID 2280 wrote to memory of 4288	2280	msedgewebview2.exe	88
PID 2280 wrote to memory of 4288	2280	msedgewebview2.exe	88
PID 2280 wrote to memory of 4288	2280	msedgewebview2.exe	88
PID 2280 wrote to memory of 4288	2280	msedgewebview2.exe	88
PID 2280 wrote to memory of 4288	2280	msedgewebview2.exe	88
PID 2280 wrote to memory of 4288	2280	msedgewebview2.exe	88
PID 2280 wrote to memory of 4288	2280	msedgewebview2.exe	88

C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
  "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2836
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=2836.1528.18245453992661541986
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2280
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x114,0x7ffac8373cb8,0x7ffac8373cc8,0x7ffac8373cd8
      4⤵
      PID:3464
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1876,6110725659995132726,4581771687177100719,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
      4⤵
      PID:3828
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,6110725659995132726,4581771687177100719,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2200 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:716
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,6110725659995132726,4581771687177100719,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2176 /prefetch:8
      4⤵
      PID:4288
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1876,6110725659995132726,4581771687177100719,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
      4⤵
      PID:1428
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,6110725659995132726,4581771687177100719,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4960 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1456
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1876,6110725659995132726,4581771687177100719,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4084 /prefetch:8
      4⤵
      PID:3912
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1876,6110725659995132726,4581771687177100719,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=5148 /prefetch:8
      4⤵
      PID:2344
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1876,6110725659995132726,4581771687177100719,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=5096 /prefetch:8
      4⤵
      PID:2456
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1876,6110725659995132726,4581771687177100719,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2292 /prefetch:2
      4⤵
      PID:1096
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1876,6110725659995132726,4581771687177100719,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1852 /prefetch:8
      4⤵
      PID:2028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffac608cc40,0x7ffac608cc4c,0x7ffac608cc58
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,11709193237072044690,12952131523155766115,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1760,i,11709193237072044690,12952131523155766115,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2004 /prefetch:3
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,11709193237072044690,12952131523155766115,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,11709193237072044690,12952131523155766115,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,11709193237072044690,12952131523155766115,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3524,i,11709193237072044690,12952131523155766115,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4540,i,11709193237072044690,12952131523155766115,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,11709193237072044690,12952131523155766115,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4360,i,11709193237072044690,12952131523155766115,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3488,i,11709193237072044690,12952131523155766115,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4260,i,11709193237072044690,12952131523155766115,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3476,i,11709193237072044690,12952131523155766115,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5336,i,11709193237072044690,12952131523155766115,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Drops file in System32 directory
  PID:5040

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1180

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D8
1⤵
PID:2120

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
6ba94dace74b12c50aef89ba0ff7ad46

SHA1
73e1348a6502f3ed40b812d26992f724809d2a48

SHA256
fe60ad1d01edf2eb6109af345dfb271defc1c0c7fd1364f1b5b0cc1fea0b83b3

SHA512
ca7ed75999e3b8b6076b69e4121d0b27a170429bb050b8c3d3d0a8d8f9b2eb041ef8cc3a3c544f3ddf93b50be5cbccc9aaca275365f05c85a515b2357f523755

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
78031e96f067cedd9826f8d1dbe32f60

SHA1
6484887d337a0cebc203548faed4acf83882f34b

SHA256
8bb8b52292733597b5f89be9e45aa6107ac1588cc04fb28c3fabdb7cdad3fa4c

SHA512
fc8fcb828bc8cff07c538b1f4d6e3248e2dba5246bbcb7535d93d68440d9ea228a851bcb385a6f02d3cf1bbba70435bf936127b0dd766bc1cc6e746a180c6411

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
28c9d29f24cef739dbcf34d5f850cadc

SHA1
3aa13dac9ba32372a33e29b643c35438109fe1f0

SHA256
66402d159406bf98b097a64ff38485f2f99adb87f49303640bc6253f0c5c5293

SHA512
439ce6e9512b833d3f9ba56bee03a8c47cee354589c9f9042c9003462719e0f14822cb6de1107319373cebec6e5723459bb19aaeccf7e51d6e5af28096d1ba68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ec5359cc3c09d15ae47a726d88334e96

SHA1
a31d751240b65002631d44256691ec6248a98b15

SHA256
593eebc81aba042b65ffda33300a042dcfec266ad936a54e376d1abed4aa25cc

SHA512
c16f623699ed0db15a4a83ca0f74dc0364fd973abf9c2185b1510ea91a2f1778ca6a548d0ef9df8823db14aff8b4660b863e36605ab793d2c63f99dd419faf40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2f34b87f-1ad1-40f5-b48f-1dab01b47604.tmp

Filesize
2KB

MD5
ed16e7dd7f1a7b1eb06e5941557bd63f

SHA1
7f756ce62ef809447d2460611d3342b92f29f648

SHA256
918f061c23dfbac53419fc49620761d2f704bdacdbb9ebf9e2998605e1053aaf

SHA512
800c7ba421ff155bc3c72620f363051a0544d02d5e4de383cf110bcfe6ca7cc2bd77bbbd3a067400f88fb8afcfde56e29623f89d07d8d2b4ea9bea77e80e1d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
91001b21f5c0d234cacf82131de9d501

SHA1
b02fd1f51dae759fd1399870e1211918320f5e55

SHA256
58fee1dc90fc74c290080836433bddf5c7c7192064b41e5ca073e1d961326c82

SHA512
2b0f6ca67660e63d30a6d298be0537d791e847d7b8038b8ab23e983a2e6524d7eb4a0ef72c1608c5b0991ed5afc79b47964dc1c716b320f964939152ca3f8ba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4f3f797fa0bb1db6590eeb4b718361ab

SHA1
52b5ac9a07784cb37e42211cb95b1478b3a054dc

SHA256
729cabdc356ca2120b326bc9d86e0cbf4498868452cc13725271602d6cff5bd2

SHA512
6f33d18596ea3ef6708b6ae3e6ee461611b81bae7c831f2b50af6376b475e0f5b34ade324f08d3f39aac57d4bf9367aae9e0431cbee4a1a8d56102ba70542d5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fd24f24ac27524a982d535e4f953ecef

SHA1
c5e4baba4659d84d5daf6f49c4b35c4da53ada18

SHA256
959beefbf99ef3cedfeadca56958882e39485934b830adb799b690e615d2d6bc

SHA512
e630d8c289132d29375aa4c467bd6402e8f4c155e7fee8d07fc1ca436bcba8b48bab0c9e34bd1361b1ff48238771252a6c1f53e81e47859e58592f89f62d6084

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c54397ac0515f2d75fabaa939c8ea332

SHA1
6a2e82089906a367397470821e5ffee99e1e0df8

SHA256
bf5de8c36c1ab28dc83f795a06c4ba77e774200dfbf5524eeeacf7a1539f94d7

SHA512
c78cc804e4e483d23c094ce344c38f11db00869ce6c4a6ae28d189f5446e291f463b8afaf9c7083a2dbc44c4f5d2f5d484e9710722bd164d79eb2a6d4a66a050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f16559002b351d82f05d5310c3eab721

SHA1
0d01352b6f41cbe68c863baedf9555e7038eb24b

SHA256
11800e960a7eab5ccbf5b4b43b9670e14ec4a86440bb400be646c94d787601a1

SHA512
6ad7cf026eaf7344bc3ab039654be48658d90b815a9bc8d9d7597516b56c935f9220e2ad328341eeabbceb452c69f683f90a49f7189bda7167cd17170fdd6a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3953764f69fb35c21991cbfcee9e38da

SHA1
4a49ef130c5abf191f7a73d66c9b666b19ed53bf

SHA256
21ff562ec7b9ea643d8279d8ce8334ed51746154435a0c10ce5c95b142645338

SHA512
ab868c9f3e8d662cb2d68954aadc7ccbd8e10299e729886a111ddcea933cdf787fd715d032f7f145127bfec8454bbefdf70d3cd99d81dcc722fa1f09c0fc0aae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
734622020f868c01dc1d178777ff585d

SHA1
7cf77b7b993b04779907b39fd0ad59c716fa4993

SHA256
79a08e3280b624229bcc4c1944ea8c55b971d6d63ceffb063d857d2017b5a6c4

SHA512
01797f468a11cda3f8dd8f55fd0661c2a19187a0da746ade129f0b1e06c2d3027d7ed75e5068b70bd93204550976f8d2a0b81b1dd2ba73abf334b2e2e13233fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
55fc8a2d459a28e1f922ef764417b08e

SHA1
9fcea04c09e58305774a02a1c27cfd40ed26b9c4

SHA256
dcf544acdc67b7a977e864d67a66d9e87a84dba8aad5a0ae55f49278a5f120ca

SHA512
8ffa9dfa55565fc75079d52d1aa659f3678d0d97ffb103651cced7a679609f77fc71537b7b8b61c1852d26cc77e34f428c31aa7221141e011fc8934d4be7b09c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2dc00a46619eba8d2bf03a7a50f0b3c4

SHA1
cd39c1c0c76d37e4577390333290f5b8ef12ef0e

SHA256
bedede6623cbcb14c0251e52d37dca0ac763ad245051c40bc1fddc517b6927af

SHA512
fca3ec13c4cb09575d9b1ccc3fcc763a0186a55da56f36b7462843feb39b1b7b29b8899b2173b32704d0227dd25e9651a4d11174f62711d0322bcce5229c702e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c9e0d417f22f7e5ed63fc5bc3a051b49

SHA1
75bdd54efe96ec2f44f11c377dd14da8f3a63d17

SHA256
4246385559ce80fea96ed3d22f62ea0f11e341846806c6cce570f2e536750dfd

SHA512
4b63bd1563b5eb19ca251c70b8728a109a6bdcd8d2baf3405985c3ae1dde603da6df23cbda8bb6bc963b19a91215285e7b2c1c822fbed85be7372b96fd69f937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed5f074b757f9975ffe935117404c36c

SHA1
2047f4cdc98f23479550659c76357cf1f8135ed1

SHA256
d4ce4c0d82fcac98db91c8e70588478daf1e8de5eb9bee6b63bf0c953dc443ec

SHA512
26bb13f95cb3d2e6669711a1ea448e8f0dd44a021efa8d2235e7555d828d8cb15d4e54cba458276c9b42f9c68f81dbc98bce5517abb27bcc38d7290904b55ee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1bd8176684327455379fb6fcf320b986

SHA1
761da2e0f4326d845e4705e0aac6fdcd2e1c8b46

SHA256
b2c7f0aed1a85d9bd16eb0c970b80d5cd63bde5aa38ba107b9d5c5be753e9ade

SHA512
9d81647ede14b5b30168a7b2b266b6157ea199ca1006a5c340dfcc4ac9b1c6c1b17843678d8813812021fbe5ba880c1b1c0a2739b76108495a09d851e60d0d1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
83a093c79aa029ad3ec0d4860c11b5d0

SHA1
d6de8db6d921f7bcc3e520dc21633bd2dfeef211

SHA256
eeec0e5e103ba36668bb9f7ec07fd724f21d993250b0ea20f8ff3bbadec9413b

SHA512
eaf1cce48bed5b4adaa3dcbba2e3da093918bfd49c4e3b635f8a59e550c3c22b20ee772b0a73acfe1f7a4851baa97ff37fbc0859193d24963553b7b9bb87e108

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9103c19fa3395a1ba4241036fbb1daf1

SHA1
91f7d132136f2528b968247f5bbe1929366ba0e8

SHA256
9ba6eb52c35e439ad9a84c8dbc74e1746389d798f2e741457d84cbb7fb1133d9

SHA512
971236b212102fcbe721e0d1aa1e11f9b483d6f65dca8e49325f9c98e6bd5c02239050fae1f82f4c28377004546bb1224886af18c45f320a2da08987b131fd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
98df3f5c49162fd07ba321afa7b41998

SHA1
2d3802cebcb79363cc5b974761a1f9b98c7419c4

SHA256
b0449c996eff756f384650c7785c93f775d890f36a7518304fedc45d8d4ab85d

SHA512
336c267704b94671e90af82d192cccb2da1f9326c07fb52f270dc6718bba17721650f335f26a3ca138dd20ef09b8e0c1caac19e7f3fae6ea469edc064051193e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
060a40d16b8538a34025b0e52b3d7631

SHA1
998f4cf5243c67b91c9423f0af550f72957022bd

SHA256
34b11655eae8b76c0a4c95d9b7a193e53575eaba3ffecde616d388d4fcc84705

SHA512
3e27a2c1c05192bdfb55783b868ab5bc06501cc1a44a58207304102ebb8f42c8907b0f662438e963dfba96dceb103c7e43b8ad8b40b2b3420c1960b17cf2da4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b53c98aa21ba63a68eb166f07b715dc

SHA1
54fe30a76263dfc47189fa4f5e033cb86e2ccf2c

SHA256
17d08c37366f97da936f981ac3f07c680d866db098e562af6e309915fa9854f9

SHA512
2da4577050d313b3c4ac3a2875f3b93f664644922b03eee95d6280465fbc74182a5084cc5fe584e39ce6e8a157961368a61416d0cd38ee65f09fc28286ad7c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9214df00a367ab13083fb2cba8ea8a52

SHA1
d9507f6dc8043d893f7746543ff9e99c54b475f0

SHA256
1f0351291ad0138d4fe48dc23fcc8eaa0a843eecfd501098f7fc3a8ebcabed52

SHA512
d01a3f4101cd1b0a7b08173ea8ccfc3e40efbd766e2af94a6c551a3c59abac0687fd544550827776a141bd7bb6336f3abfbee0410e58bedcdadfdd7ebf8b056b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d49811a1305a243c52196b88dddafeab

SHA1
f92a0de46a5ff86ba9ee19d64c043f65e0aae4c6

SHA256
b4b94db0716d09d15efc425153d36d4bd38c438734a1e254e6da767b3a0f9d00

SHA512
aac6230764ba3285c943e51906ee6e348153c8440621a99dd7edf30ed45ff4e32a7d2f2ecd4a09a4691b79d4c1e6b087da26cb610df35ab2bac8c94dfba4200b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a4ee86b2d07a8cb6a6f85743b12d4919

SHA1
f886b134e0d79658b24ca91528c6295117d969a6

SHA256
c46fb7cba5260ff0d07349d0b75ddab823d32fb51b84e4a34ad48a858625c666

SHA512
4771c9b100b4de59f32363cd2ec4b58c60af1d8f3a69c16b4c139f59c24ca731097ce2fe2976fe018bf3ea83be991a47f92d1ac944b1f73494f5f6f653e31249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
6536c3e5ea31b428c6380ad397061c9a

SHA1
871261ab308257efb985f8636183a4357f2ff0e0

SHA256
5acdbfc2b596586f7bc40ab5eed1dc89cf86c1a8e0a76182f0e72569f8fbb374

SHA512
86004a5ead015b20d39a221fe8387c20e60450ed015fa6b806a3cd863552e9c75d83abe1b59496fa880874fee7aeb52a830d2650583aa850f73aa6a92c2790cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
a909e714384ac4961b84a2543db5d14a

SHA1
f0c357c317aa5aa422f853be1436fc8dfb3dda41

SHA256
d4e6eb9c3d513c9915f58d8d61a6cfd055de901a8467e03c66b252d3b73254ad

SHA512
b18d1527b189a898c6994c2126876f91ff18679936da4f2cd20048925743600626adc59313fc59668f7ebb6902e158d7ba96eee0c831a4f6c680a223d9b99e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll

Filesize
488KB

MD5
851fee9a41856b588847cf8272645f58

SHA1
ee185a1ff257c86eb19d30a191bf0695d5ac72a1

SHA256
5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

SHA512
cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dll

Filesize
37KB

MD5
4cf94ffa50fd9bdc0bb93cceaede0629

SHA1
3e30eca720f4c2a708ec53fd7f1ba9e778b4f95f

SHA256
50b2e46c99076f6fa9c33e0a98f0fe3a2809a7c647bb509066e58f4c7685d7e6

SHA512
dc400518ef2f68920d90f1ce66fbb8f4dde2294e0efeecd3d9329aa7a66e1ab53487b120e13e15f227ea51784f90208c72d7fbfa9330d9b71dd9a1a727d11f98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll

Filesize
43KB

MD5
34ec990ed346ec6a4f14841b12280c20

SHA1
6587164274a1ae7f47bdb9d71d066b83241576f0

SHA256
1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

SHA512
b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\index.html

Filesize
20KB

MD5
7ed00e10ff463cc9afd05d41fc77ac06

SHA1
66e162bdbf6df1e1d5b994b8db39fa67ab080783

SHA256
808f2c68960e6e521975c8c8efaa90a4053cfb207c4042687ea7afdd091543ee

SHA512
4b598cc17654a866c758c33982e776e522f0177f3c987908a18f62385b393338582efbca149817df7cea66eb8cfaa11d566ebfcb59c88d22156f0f1f4d224285

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\basic-languages\lua\lua.js

Filesize
5KB

MD5
8706d861294e09a1f2f7e63d19e5fcb7

SHA1
fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23

SHA256
fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42

SHA512
1f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.css

Filesize
171KB

MD5
233217455a3ef3604bf4942024b94f98

SHA1
95cd3ce46f4ca65708ec25d59dddbfa3fc44e143

SHA256
2ec118616a1370e7c37342da85834ca1819400c28f83abfcbbb1ef50b51f7701

SHA512
6f4cb7b88673666b7dc1beab3ec2aec4d7d353e6da9f6f14ed2fee8848c7da34ee5060d9eb34ecbb5db71b5b98e3f8582c09ef3efe4f2d9d3135dea87d497455

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.js

Filesize
2.0MB

MD5
9399a8eaa741d04b0ae6566a5ebb8106

SHA1
5646a9d35b773d784ad914417ed861c5cba45e31

SHA256
93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18

SHA512
d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.nls.js

Filesize
31KB

MD5
74dd2381ddbb5af80ce28aefed3068fc

SHA1
0996dc91842ab20387e08a46f3807a3f77958902

SHA256
fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48

SHA512
8841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\loader.js

Filesize
27KB

MD5
8a3086f6c6298f986bda09080dd003b1

SHA1
8c7d41c586bfa015fb5cc50a2fdc547711b57c3c

SHA256
0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9

SHA512
9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\VCRUNTIME140.dll

Filesize
99KB

MD5
7a2b8cfcd543f6e4ebca43162b67d610

SHA1
c1c45a326249bf0ccd2be2fbd412f1a62fb67024

SHA256
7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

SHA512
e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll

Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt

Filesize
49B

MD5
6b09afc61af8884f2fc6204922e970be

SHA1
fe3da40f27e8dc2b8e2392c9590666982fff3398

SHA256
f99a87a0c9006940f0d9efa1331d253dcf56016c82f4e266b507c303bb8493a6

SHA512
69ac27dbd690d1919a5da98e5f427328147c18a338596a0cf7ccb2cd09594da388fc4bb5df660bb4ca5a630f3ffc3ee3783b24c262683d2c5992db2f1abca8ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll

Filesize
4.1MB

MD5
59267336c1fe47aa25e6000032ca954f

SHA1
158e84501d5066d12fea68269233666c8c41ced2

SHA256
0564c0d73f3cdccf8c503248de285bd846be90a27972429e3b70f1ab1e619150

SHA512
4aeba8de76a1d7a2dced451dc51c3381453c1124958563faf80ba82226d0c082f85f28984a84fb1a1a2d454d20d602501bdee712471c12651887b7bbbf22050d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

Filesize
90KB

MD5
d84e7f79f4f0d7074802d2d6e6f3579e

SHA1
494937256229ef022ff05855c3d410ac3e7df721

SHA256
dcfc2b4fa3185df415855ec54395d9c36612f68100d046d8c69659da01f7d227

SHA512
ed7b0ac098c8184b611b83158eaa86619001e74dba079d398b34ac694ce404ba133c2baf43051840132d6a3a089a375550072543b9fab2549d57320d13502260

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
1719629c1a9003e04726f75f8cdf877b

SHA1
d5beb99c4c89356135588f0b403034db17919e6d

SHA256
8e653feefbdf026c40663d24de48cf36e1b75a02946495f1eec95b7e8ee5bd33

SHA512
bd108d7147c3ed995dc6cf97cc88a472c206e765f23b0b921ecbf76f06ee802a36e8f3e62b608d8a1f911103d0bc267c7c381a017f0412a972ba7d4712d2772e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
814c9251283fb62bd32fc39253058b2d

SHA1
f04d96d21ec467901159db126ac1b81a709e4c6b

SHA256
40ca1b464e8bcb5d82b1f3c060a297e1cec9072ec93c5ba8ff22a2e81946feb3

SHA512
908319f574b0a683fbf2561b2a5c657dd2efc8911061726b0b138d6953ccedde0941cb76ad36adf1606b4fc594785c773b8cd27b596b8cd725a1c22f508e601b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State

Filesize
935B

MD5
0236b7627a1e68f345f1b71bcfd7edd8

SHA1
2b574d0e04d2e2d65cdf0f9c4a2f28d79ef3e03c

SHA256
c476ce822b199d163b45b2a631e2678c89b24528ce338873c131da16609f39c6

SHA512
ad8151b127f13bfbe0522bcb77e156ce99684cfd75ed145215f4d07158122b15431abb7895c265c352da19821a685efd7a7c73137e48918cc1cc6d5a8c1ac211

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State~RFe58ce38.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
bebf2f4c60fe3a70aa66e0ed5521f305

SHA1
ace9bb9b8f023953ce122b34bb7ab3aacc5284a0

SHA256
ab92601e53d67882e1c84a2bde95e46870fd3cdc7a6c07802a767fc6c840ff2b

SHA512
9cc4abeb42f77576547997b3c9237fbbb32fad828ebe46fa3db54d8aa6a58e41383f7eb5b1018d2ad55fb971ab799964fdef49930ef99d2c239a748f7036387c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
6f6d827d708e7ad997f5df7110d34dd4

SHA1
52194a6766738cf22872362cf6a2af9e4c122131

SHA256
247af4ddd101e6d20c56d77e7d47b38cbea7029494b262460f28074b52da5b38

SHA512
990686a1ec9ae1dda78e1a94add39951bb9d4a46f14f2317d8484ef7a84e63439c4907a2fcfd755cebd2c2bdef285ec092b9af97dcaef4d5214feefa883b7ef1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

Filesize
8KB

MD5
5ad627304a55de6278b3ded88eb44ccd

SHA1
2fa2ec6af17b46878d4a43e9b6db1d4cc98f92fc

SHA256
3c5e116c5ce47daddfecb1982070e982060e07cb5a5a02aeb21d0d68050c20d4

SHA512
acc4d14e7edd7487c9d0a62a16fbf24155ced1f9c5d08b66b195b5a50ba79f49662b9ffc86166c7c5116591104486d3fee0b2fafeb4bd2c80c5df9466cdf2234

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe5805d7.TMP

Filesize
8KB

MD5
392c109784b148741ab14f384ba36262

SHA1
ef8710e48d73970d037a30ec760cbe69bb5298ea

SHA256
dabaa4542f496fe4d1a94cb2fc7fb5efa14046b769831b83350479a0579b3868

SHA512
546f4546e5ce5c9cbe6f46e93e4ec4c033aa950f2deaf46c1ac9e42582a3d2ec8f0755ccf72689ed71de7719dbb66730891c2e1b247f5a49605bda8649f982b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll

Filesize
522KB

MD5
e31f5136d91bad0fcbce053aac798a30

SHA1
ee785d2546aec4803bcae08cdebfd5d168c42337

SHA256
ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

SHA512
a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll

Filesize
113KB

MD5
75365924730b0b2c1a6ee9028ef07685

SHA1
a10687c37deb2ce5422140b541a64ac15534250f

SHA256
945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

SHA512
c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/1096-1-0x0000000000F60000-0x0000000000F6A000-memory.dmp

Filesize
40KB

Download
memory/1096-2-0x0000000003340000-0x000000000334A000-memory.dmp

Filesize
40KB

Download
memory/1096-3-0x0000000074FF0000-0x00000000757A1000-memory.dmp

Filesize
7.7MB

Download
memory/1096-5-0x0000000006680000-0x0000000006692000-memory.dmp

Filesize
72KB

Download
memory/1096-421-0x0000000074FF0000-0x00000000757A1000-memory.dmp

Filesize
7.7MB

Download
memory/1096-0-0x0000000074FFE000-0x0000000074FFF000-memory.dmp

Filesize
4KB

Download
memory/2836-1047-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-429-0x00000275FED40000-0x00000275FED62000-memory.dmp

Filesize
136KB

Download
memory/2836-454-0x00000275FF170000-0x00000275FF17E000-memory.dmp

Filesize
56KB

Download
memory/2836-896-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-453-0x00000275FF1B0000-0x00000275FF1E8000-memory.dmp

Filesize
224KB

Download
memory/2836-452-0x00000275FF160000-0x00000275FF168000-memory.dmp

Filesize
32KB

Download
memory/2836-953-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-448-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-983-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-446-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-447-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-667-0x00007FFACD603000-0x00007FFACD605000-memory.dmp

Filesize
8KB

Download
memory/2836-445-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-875-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-874-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-434-0x00000275FF940000-0x00000275FF9BE000-memory.dmp

Filesize
504KB

Download
memory/2836-432-0x00007FFACD600000-0x00007FFACE0C2000-memory.dmp

Filesize
10.8MB

Download
memory/2836-431-0x00000275FED20000-0x00000275FED2E000-memory.dmp

Filesize
56KB

Download
memory/2836-1106-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-673-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-428-0x00007FFACD600000-0x00007FFACE0C2000-memory.dmp

Filesize
10.8MB

Download
memory/2836-1134-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-427-0x00000275FEE40000-0x00000275FEEF2000-memory.dmp

Filesize
712KB

Download
memory/2836-1155-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-425-0x00000275FED80000-0x00000275FEE3A000-memory.dmp

Filesize
744KB

Download
memory/2836-423-0x00000275FF200000-0x00000275FF73C000-memory.dmp

Filesize
5.2MB

Download
memory/2836-1185-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-424-0x00007FFACD600000-0x00007FFACE0C2000-memory.dmp

Filesize
10.8MB

Download
memory/2836-873-0x00007FFACD600000-0x00007FFACE0C2000-memory.dmp

Filesize
10.8MB

Download
memory/2836-1224-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-420-0x00000275FC550000-0x00000275FC56A000-memory.dmp

Filesize
104KB

Download
memory/2836-419-0x00007FFACD603000-0x00007FFACD605000-memory.dmp

Filesize
8KB

Download
memory/2836-872-0x00007FFACD600000-0x00007FFACE0C2000-memory.dmp

Filesize
10.8MB

Download
memory/2836-1252-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-639-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/2836-674-0x00007FFACD600000-0x00007FFACE0C2000-memory.dmp

Filesize
10.8MB

Download
memory/2836-1284-0x0000000180000000-0x0000000180AE6000-memory.dmp

Filesize
10.9MB

Download
memory/3828-471-0x00007FFAED460000-0x00007FFAED461000-memory.dmp

Filesize
4KB

Download