exelastealer | hxxps://cdn[.]discordapp[.]com/attachments/1268066980037132289/1268514028662296597/Solara_Bootstrapper[.]exe?ex=66ae04c0&is=66acb340&hm=a1115483ddde5334c312a1a62e9a7238d5b34bf9817d98ff6a997d3ece1d60c3&

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2024 15:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1268066980037132289/1268514028662296597/Solara_Bootstrapper.exe?ex=66ae04c0&is=66acb340&hm=a1115483ddde5334c312a1a62e9a7238d5b34bf9817d98ff6a997d3ece1d60c3&

Score

10^/10

exelastealer collection credential_access defense_evasion discovery evasion persistence privilege_escalation pyinstaller spyware stealer upx

Malware Config

Signatures

Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
stealer exelastealer
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.

Account Manipulation
T1098
Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 2 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
180	netsh.exe
3052	netsh.exe

Clipboard Data 1 TTPs 2 IoCs

Adversaries may collect data stored in the clipboard from users copying information within or between applications.

collection

Clipboard Data

T1115

pid	Process
2616	powershell.exe
1956	cmd.exe

Executes dropped EXE 6 IoCs

pid	Process
4472	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
5080	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
4492	Solara_Bootstrapper.exe
5112	Solara_Bootstrapper.exe

Loads dropped DLL 64 IoCs

pid	Process
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
3504	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe
2628	Solara_Bootstrapper.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00070000000234b1-315.dat	upx
behavioral1/memory/3504-319-0x00007FF970BB0000-0x00007FF971199000-memory.dmp	upx
behavioral1/files/0x0007000000023491-325.dat	upx
behavioral1/memory/3504-328-0x00007FF98B3C0000-0x00007FF98B3E3000-memory.dmp	upx
behavioral1/memory/3504-329-0x00007FF98D0C0000-0x00007FF98D0CF000-memory.dmp	upx
behavioral1/files/0x00070000000234b2-332.dat	upx
behavioral1/memory/3504-339-0x00007FF98B370000-0x00007FF98B389000-memory.dmp	upx
behavioral1/files/0x0007000000023494-340.dat	upx
behavioral1/memory/3504-341-0x00007FF98B340000-0x00007FF98B36D000-memory.dmp	upx
behavioral1/files/0x00070000000234b3-346.dat	upx
behavioral1/memory/3504-347-0x00007FF974280000-0x00007FF9743F7000-memory.dmp	upx
behavioral1/memory/3504-345-0x00007FF98B310000-0x00007FF98B333000-memory.dmp	upx
behavioral1/files/0x0007000000023499-343.dat	upx
behavioral1/files/0x00070000000234ac-360.dat	upx
behavioral1/files/0x00070000000234aa-363.dat	upx
behavioral1/memory/3504-365-0x00007FF970AF0000-0x00007FF970BA8000-memory.dmp	upx
behavioral1/memory/3504-366-0x00007FF970770000-0x00007FF970AE8000-memory.dmp	upx
behavioral1/memory/3504-364-0x00007FF98B2E0000-0x00007FF98B30E000-memory.dmp	upx
behavioral1/files/0x000700000002349a-358.dat	upx
behavioral1/files/0x000700000002348f-337.dat	upx
behavioral1/memory/3504-335-0x00007FF98B390000-0x00007FF98B39D000-memory.dmp	upx
behavioral1/memory/3504-334-0x00007FF98B3A0000-0x00007FF98B3B9000-memory.dmp	upx
behavioral1/files/0x0007000000023498-331.dat	upx
behavioral1/files/0x00070000000234ab-327.dat	upx
behavioral1/files/0x000700000002348e-369.dat	upx
behavioral1/memory/3504-370-0x00007FF98B2C0000-0x00007FF98B2D5000-memory.dmp	upx
behavioral1/files/0x00070000000234ae-373.dat	upx
behavioral1/files/0x0007000000023496-372.dat	upx
behavioral1/files/0x0007000000023493-376.dat	upx
behavioral1/memory/3504-385-0x00007FF98B3A0000-0x00007FF98B3B9000-memory.dmp	upx
behavioral1/memory/3504-387-0x00007FF9878A0000-0x00007FF9878BB000-memory.dmp	upx
behavioral1/files/0x00070000000234b6-386.dat	upx
behavioral1/memory/3504-384-0x00007FF98B3C0000-0x00007FF98B3E3000-memory.dmp	upx
behavioral1/memory/3504-383-0x00007FF988210000-0x00007FF988224000-memory.dmp	upx
behavioral1/memory/3504-382-0x00007FF970650000-0x00007FF97076C000-memory.dmp	upx
behavioral1/memory/3504-381-0x00007FF9880A0000-0x00007FF9880B4000-memory.dmp	upx
behavioral1/memory/3504-380-0x00007FF989AD0000-0x00007FF989AE2000-memory.dmp	upx
behavioral1/files/0x00070000000234b4-379.dat	upx
behavioral1/memory/3504-389-0x00007FF987170000-0x00007FF987185000-memory.dmp	upx
behavioral1/memory/3504-388-0x00007FF987880000-0x00007FF987892000-memory.dmp	upx
behavioral1/memory/3504-390-0x00007FF9833E0000-0x00007FF983420000-memory.dmp	upx
behavioral1/memory/3504-378-0x00007FF970BB0000-0x00007FF971199000-memory.dmp	upx
behavioral1/memory/3504-395-0x00007FF987150000-0x00007FF98716C000-memory.dmp	upx
behavioral1/memory/3504-394-0x00007FF98B310000-0x00007FF98B333000-memory.dmp	upx
behavioral1/memory/3504-393-0x00007FF983790000-0x00007FF9837B3000-memory.dmp	upx
behavioral1/memory/3504-392-0x00007FF988C00000-0x00007FF988C0B000-memory.dmp	upx
behavioral1/memory/3504-396-0x00007FF974280000-0x00007FF9743F7000-memory.dmp	upx
behavioral1/memory/3504-397-0x00007FF96FFF0000-0x00007FF970644000-memory.dmp	upx
behavioral1/memory/3504-391-0x00007FF98B2B0000-0x00007FF98B2BE000-memory.dmp	upx
behavioral1/memory/3504-402-0x00007FF9829E0000-0x00007FF982A18000-memory.dmp	upx
behavioral1/memory/3504-400-0x00007FF970770000-0x00007FF970AE8000-memory.dmp	upx
behavioral1/memory/3504-399-0x00007FF970AF0000-0x00007FF970BA8000-memory.dmp	upx
behavioral1/memory/3504-398-0x00007FF98B2E0000-0x00007FF98B30E000-memory.dmp	upx
behavioral1/memory/3504-403-0x00007FF98B2C0000-0x00007FF98B2D5000-memory.dmp	upx
behavioral1/memory/3504-407-0x00007FF970650000-0x00007FF97076C000-memory.dmp	upx
behavioral1/memory/3504-416-0x00007FF98B3C0000-0x00007FF98B3E3000-memory.dmp	upx
behavioral1/memory/3504-439-0x00007FF987150000-0x00007FF98716C000-memory.dmp	upx
behavioral1/memory/3504-435-0x00007FF9833E0000-0x00007FF983420000-memory.dmp	upx
behavioral1/memory/3504-433-0x00007FF987880000-0x00007FF987892000-memory.dmp	upx
behavioral1/memory/3504-440-0x00007FF96FFF0000-0x00007FF970644000-memory.dmp	upx
behavioral1/memory/3504-426-0x00007FF970770000-0x00007FF970AE8000-memory.dmp	upx
behavioral1/memory/3504-427-0x00007FF98B2C0000-0x00007FF98B2D5000-memory.dmp	upx
behavioral1/memory/3504-425-0x00007FF970AF0000-0x00007FF970BA8000-memory.dmp	upx
behavioral1/memory/3504-424-0x00007FF98B2E0000-0x00007FF98B30E000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
57	discord.com
58	discord.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
54	ip-api.com

Network Service Discovery 1 TTPs 2 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
1524	ARP.EXE
3396	cmd.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates processes with tasklist 1 TTPs 5 IoCs

discovery

Process Discovery

T1057

pid	Process
4920	tasklist.exe
2040	tasklist.exe
4924	tasklist.exe
3524	tasklist.exe
1388	tasklist.exe

Hide Artifacts: Hidden Files and Directories 1 TTPs 1 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
180	cmd.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5080	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000a000000023484-32.dat	pyinstaller

Event Triggered Execution: Netsh Helper DLL 1 TTPs 9 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Permission Groups Discovery: Local Groups 1 TTPs
Attempt to find local system groups and permission settings.
discovery

Local Groups
T1069.001

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
4880	cmd.exe
4356	netsh.exe

System Network Connections Discovery 1 TTPs 1 IoCs

Attempt to get a listing of network connections.

discovery

System Network Connections Discovery

T1049

pid	Process
4312	NETSTAT.EXE

Collects information from the system 1 TTPs 1 IoCs

Uses WMIC.exe to find detailed system information.

Data from Local System

T1005

pid	Process
4204	WMIC.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
2448	WMIC.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2240	ipconfig.exe
4312	NETSTAT.EXE

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
3468	systeminfo.exe

Kills process with taskkill 10 IoCs

evasion

pid	Process
1488	taskkill.exe
4328	taskkill.exe
1292	taskkill.exe
4312	taskkill.exe
1108	taskkill.exe
1488	taskkill.exe
2448	taskkill.exe
4800	taskkill.exe
4448	taskkill.exe
4044	taskkill.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{01745F29-2F8A-4AB9-AB4B-EC4B32B11347}	chrome.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2984	chrome.exe
2984	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
2616	powershell.exe
2616	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 1856	2984	chrome.exe	83
PID 2984 wrote to memory of 1856	2984	chrome.exe	83
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 4880	2984	chrome.exe	85
PID 2984 wrote to memory of 2432	2984	chrome.exe	86
PID 2984 wrote to memory of 2432	2984	chrome.exe	86
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87
PID 2984 wrote to memory of 1028	2984	chrome.exe	87

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
5068	attrib.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1268066980037132289/1268514028662296597/Solara_Bootstrapper.exe?ex=66ae04c0&is=66acb340&hm=a1115483ddde5334c312a1a62e9a7238d5b34bf9817d98ff6a997d3ece1d60c3&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff98305cc40,0x7ff98305cc4c,0x7ff98305cc58
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1880,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2008 /prefetch:3
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4728,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5144,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5148,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5168,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4924,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5528,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5320,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4928,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3200,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4740,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5284,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3268 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5216,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5864,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3664,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5584,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3224,i,10236478906549238642,3987079859552873292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4532

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4036

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2436

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x2f4
1⤵
PID:4776

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2736

C:\Users\Admin\Downloads\Solara_Bootstrapper.exe
"C:\Users\Admin\Downloads\Solara_Bootstrapper.exe"
1⤵
- Executes dropped EXE
PID:4472
- C:\Users\Admin\Downloads\Solara_Bootstrapper.exe
  "C:\Users\Admin\Downloads\Solara_Bootstrapper.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    PID:1008
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:2448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"
    3⤵
    PID:840
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic computersystem get Manufacturer
      4⤵
      PID:1848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "gdb --version"
    3⤵
    PID:1560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:1268
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:4920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"
    3⤵
    PID:4328
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path Win32_ComputerSystem get Manufacturer
      4⤵
      PID:3904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:5040
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:4100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:1388
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:2040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\Admin\AppData\Local\HellionUpdate\Hellion.exe""
    3⤵
    - Hide Artifacts: Hidden Files and Directories
    PID:180
  - - C:\Windows\system32\attrib.exe
      attrib +h +s "C:\Users\Admin\AppData\Local\HellionUpdate\Hellion.exe"
      4⤵
      Views/modifies file attributes
      PID:5068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()""
    3⤵
    PID:4492
  - - C:\Windows\system32\mshta.exe
      mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()"
      4⤵
      PID:2280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:60
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:4924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2984"
    3⤵
    PID:1852
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 2984
      4⤵
      Kills process with taskkill
      PID:1488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1856"
    3⤵
    PID:4148
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 1856
      4⤵
      Kills process with taskkill
      PID:2448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4880"
    3⤵
    PID:1568
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4880
      4⤵
      Kills process with taskkill
      PID:4328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2432"
    3⤵
    PID:2580
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 2432
      4⤵
      Kills process with taskkill
      PID:4800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1028"
    3⤵
    PID:4452
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 1028
      4⤵
      Kills process with taskkill
      PID:4448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 964"
    3⤵
    PID:4444
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 964
      4⤵
      Kills process with taskkill
      PID:4044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3252"
    3⤵
    PID:2996
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 3252
      4⤵
      Kills process with taskkill
      PID:4312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3032"
    3⤵
    PID:4628
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 3032
      4⤵
      Kills process with taskkill
      PID:1108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3612"
    3⤵
    PID:4524
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 3612
      4⤵
      Kills process with taskkill
      PID:1292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1120"
    3⤵
    PID:4560
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 1120
      4⤵
      Kills process with taskkill
      PID:1488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
    3⤵
    PID:4656
  - - C:\Windows\system32\cmd.exe
      cmd.exe /c chcp
      4⤵
      PID:5088
    - - C:\Windows\system32\chcp.com
        
        chcp
        5⤵
        
        PID:1836
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
    3⤵
    PID:4056
  - - C:\Windows\system32\cmd.exe
      cmd.exe /c chcp
      4⤵
      PID:4952
    - - C:\Windows\system32\chcp.com
        
        chcp
        5⤵
        
        PID:4896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    PID:2696
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:3524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"
    3⤵
    - Clipboard Data
    PID:1956
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe Get-Clipboard
      4⤵
      Clipboard Data
      Suspicious behavior: EnumeratesProcesses
      PID:2616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
    3⤵
    - Network Service Discovery
    PID:3396
  - - C:\Windows\system32\systeminfo.exe
      systeminfo
      4⤵
      Gathers system information
      PID:3468
  - - C:\Windows\system32\HOSTNAME.EXE
      hostname
      4⤵
      PID:2156
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic logicaldisk get caption,description,providername
      4⤵
      Collects information from the system
      PID:4204
  - - C:\Windows\system32\net.exe
      net user
      4⤵
      PID:4384
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user
        5⤵
        
        PID:1672
  - - C:\Windows\system32\query.exe
      query user
      4⤵
      PID:1548
    - - C:\Windows\system32\quser.exe
        
        "C:\Windows\system32\quser.exe"
        5⤵
        
        PID:464
  - - C:\Windows\system32\net.exe
      net localgroup
      4⤵
      PID:228
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 localgroup
        5⤵
        
        PID:1980
  - - C:\Windows\system32\net.exe
      net localgroup administrators
      4⤵
      PID:2388
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 localgroup administrators
        5⤵
        
        PID:1828
  - - C:\Windows\system32\net.exe
      net user guest
      4⤵
      PID:3488
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user guest
        5⤵
        
        PID:220
  - - C:\Windows\system32\net.exe
      net user administrator
      4⤵
      PID:3080
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user administrator
        5⤵
        
        PID:1704
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic startup get caption,command
      4⤵
      PID:548
  - - C:\Windows\system32\tasklist.exe
      tasklist /svc
      4⤵
      Enumerates processes with tasklist
      PID:1388
  - - C:\Windows\system32\ipconfig.exe
      ipconfig /all
      4⤵
      Gathers network information
      PID:2240
  - - C:\Windows\system32\ROUTE.EXE
      route print
      4⤵
      PID:4028
  - - C:\Windows\system32\ARP.EXE
      arp -a
      4⤵
      Network Service Discovery
      PID:1524
  - - C:\Windows\system32\NETSTAT.EXE
      netstat -ano
      4⤵
      System Network Connections Discovery
      Gathers network information
      PID:4312
  - - C:\Windows\system32\sc.exe
      sc query type= service state= all
      4⤵
      Launches sc.exe
      PID:5080
  - - C:\Windows\system32\netsh.exe
      netsh firewall show state
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      PID:180
  - - C:\Windows\system32\netsh.exe
      netsh firewall show config
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      PID:3052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
    3⤵
    - System Network Configuration Discovery: Wi-Fi Discovery
    PID:4880
  - - C:\Windows\system32\netsh.exe
      netsh wlan show profiles
      4⤵
      Event Triggered Execution: Netsh Helper DLL
      System Network Configuration Discovery: Wi-Fi Discovery
      PID:4356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:5064
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:2828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:1316
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:748

C:\Users\Admin\Downloads\Solara_Bootstrapper.exe
"C:\Users\Admin\Downloads\Solara_Bootstrapper.exe"
1⤵
- Executes dropped EXE
PID:5080
- C:\Users\Admin\Downloads\Solara_Bootstrapper.exe
  "C:\Users\Admin\Downloads\Solara_Bootstrapper.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:1064

C:\Users\Admin\Downloads\Solara_Bootstrapper.exe
"C:\Users\Admin\Downloads\Solara_Bootstrapper.exe"
1⤵
- Executes dropped EXE
PID:4492
- C:\Users\Admin\Downloads\Solara_Bootstrapper.exe
  "C:\Users\Admin\Downloads\Solara_Bootstrapper.exe"
  2⤵
  - Executes dropped EXE
  PID:5112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:1468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Account Manipulation

T1098

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Account Manipulation

T1098

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Permission Groups Discovery

T1069

Local Groups

T1069.001

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Wi-Fi Discovery

T1016.002

System Network Connections Discovery

T1049

Lateral Movement

Collection

Clipboard Data

T1115

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\427707bb-2d46-4d18-80cf-5badf46cfc5e.tmp

Filesize
99KB

MD5
141dabaa7dbdb45345231d4c310fe364

SHA1
92fbedccc9e1daf387f5913a6838e55d6932c6ee

SHA256
fdc631cdb9b1b7662a17894a486ead78a09891e22a23668985a95d2ac173a1b6

SHA512
3044c00c0f2f581314d8043bd86d07c2b73def57297955f579ee35b8c24c82af19d0231b9ac2050d16c7fa0f73b09f1962d80177fed22f2a808d429c8bc878bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\56dad2dc34f75993_0

Filesize
361KB

MD5
bc9b5f37144c2979e06500d44317493e

SHA1
82b000cd5ec2aa8aaea6f5bf64e9d3ddd9706fa8

SHA256
665d6e80817bd03c0dc1d67628257f5a5ee2cb4cffb1d04c1819170294312f4d

SHA512
fbf86f4f88f6966153b806a26fad50f331de1f9b4fd2439b2ccb3af8afc0482b69d9830873634b4f2e23802a420106c41f604d01063c6c07c4fc47ba2e506f63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ea9b8918ad020319_0

Filesize
289B

MD5
2923e60d8dfb61d4eb69d8d05044a6d1

SHA1
d1cc600da17c8e6e4702722db7f420fea2dbe127

SHA256
5a06e3950742619a76d464898c40a9ae618ba5ec1e6a8e0cbb69a960e92dadab

SHA512
e271a0d08fa6d74b9c84e6e854d983beb6cea6a63bdb3e1aa315b89e76c6b21d57d0ac78659d19a0af5605f125e192da8881c936aaf15e3a3184dc806f8d103e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e3cd7e698dc38ad3ae207d6cd3e71cb4

SHA1
65b4a4e3bf6d0892504426b9bb8424d31074515d

SHA256
4c81aad5e6e30126b5957861415d64dd6a9ee51fce8d13b11821aa07b80b323f

SHA512
ec80fd1802a3380e0330ee0fdcfe9ccdefccdd6e3ef137bf16e55c5628153118d717b3ddaedea3e566c0f9941dd9c3e7c7ad70f4c3788889c93720ae4b9e95c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
466a4887d66aa16ad3e6e9adbf343a9d

SHA1
ba65902bc449c530ecdc8ab6b011cadbc581a781

SHA256
d815e01f1f4327c2ed0104d3b62cc4f5041833c4239e918f2576d55acfbd3c95

SHA512
640e02e1b662b6c5e506fb34e01e1c41c3fd6639760b2dfac8a80aee98b60fe0c1b79f41a3ad32e7d2b949bfc9e7518e56d026dca76f487b80e947f82fcadc19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
de7d4074896561ce961493522ae3eb93

SHA1
95df2d1c514d146b3fd0226c07b649a8ca06910f

SHA256
56abf2350270e16150623fa3a6e9c4e6965adf121f325ae598576966099f3974

SHA512
4a536101d571444e2ef995860ff89f0e838fea2abfa2dcb90db9beebd0202dc44c897b83eb3d872a18dff4a1195aa325d2aacad1a4b00bb3602e1860e221af0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5e28c3b9ce944bc20f814214ef19afbd

SHA1
040f12df5282af627b9b1db9c98e10520b0ffea5

SHA256
9fb4ef428991e7c63a8c37ca1d570e3bfd94e456959bb10bdabca06b6ad8cdd8

SHA512
d84dfde25d87c84c80db279cad2afe6462625495ab0f038583ca1a1ccf4897316470b092c6924f1e3b6bb24c8e35ac6af40c39e550ec29203bb970ea6c3e7930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
861f4e4d6669d0ed34829223b74c88c8

SHA1
4d5bec103165dd38de8910f321054ce38e430733

SHA256
57e802dd4240a38c06c0f08d3b9039f3c4357cb380eb22c7603866343fe86f08

SHA512
0d42bcaf2402d875e81250a982fcc06f9f1f6e1d352e83077dc088d87d9bb025958fb83f2f34b8fb79e51b1d27659bb596c9039a723c9ea88d91e91e1d694458

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
402a8485c13e1a5d4249cb0c9a15d3fe

SHA1
eb9800fa3a73aed08679d576478aba3a0af7c520

SHA256
f287e6fb3b2d2eb7852d12ae611ca121f98caa3e64fec63aebabdba7a528d9aa

SHA512
e70c2a54280016645e69db2132f5a739107732e827f310a470cdf8b6bcd40ab8febc8b838e30e9febea552c3386d5de264fa15da3293328c43bfc06173e16074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
78e7aea81219497fc87659714b5897bd

SHA1
aeb3c432e8257b4c3571bdbd68e150ddfbf220b6

SHA256
043400bac9408d95e4a60fb93c5b8009d8fdb4c4ca90bf2701bec823db8487c3

SHA512
7f621bc378b78ccd54c2883b86051a1431651339cf5c9868ef17e0e3c248e050c764d1e18c0ae4dd1a75994377d16baaa6039f22864a3c7790777e1413bfc513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c0345f6e-8185-4fa7-a74f-5d739853bf10.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e2894a330a418ddc12b1048b6ec2174a

SHA1
dd98780b49773cd3c8f997ed530b73fa03bc214e

SHA256
20f5216b5d3cf34d559aeceeae2c964a84895aec8c7cff66dbc27e83efb895a8

SHA512
1e28c4c35d413559d62b1d2b84f05a9a8aff03910c1be931f1d8cdc622f9f35f55175a6800d5bfde873679ae1a7ec72c4b407eac223e89455b95447766be8992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
71fda8b302d205eeb03a12bda8dc0d85

SHA1
b2900506134f0262699ac0243f5432d18ee55802

SHA256
281ac64e84c728505a6cf521e32751313bff6c8e664b4ce42f45f88d852b2b95

SHA512
11d9122f2c6cf4565113a645210a86c73a5e9b3787468e6e1fc1a7e880e92a544d304582e0d19b5746de401edb1e46736a1b1eae4aa1f07a3983572efcccc593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
eb1dd8968a0de9ae90328611076e45b5

SHA1
8fb933b2e3e652c4da54a281630fbb01333bb3fe

SHA256
af3db89e86bb4b99bb56b0a0bad372fbed6887d1f741ce8a61f19022a242657a

SHA512
fedfa93bc23c556d0aebce1a0d77adefd55fcd5f43dc43a562162a01f81ff878078b6c8f227fe9614ff4eddd8596d178c20f5e2c458d31e20f4e339dfe6a879f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1bc19a746c5513700ed03508ddd6bd79

SHA1
fb4502bfb18959537fd721c55ba96cee0b320f64

SHA256
1e788c9b1e0c026ea9d18d1678593de93076a716692f0d6daaf31911dff49f9f

SHA512
29536abb3b9b38988b27b38a4f6e41ae0b3859473db5ea2f1d3cf5c120cf4f50f7a9701cfc9d6f2b632b084bc531cc5371e5b3db69fa83ad16f345c8018d2f2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a30bec268e9fb9bc6f7a11d1cabe9a5b

SHA1
dd7e3d9a293d05494ba64ec9ce096198dd7b8f60

SHA256
38764db97caa15f9cc63a87a76c95d9cead451c5c77e0b3d40095d9a8d386a85

SHA512
2f78d35d9c3defec5fb73931d7f9ab70add0afa82476a9e02cd3a2c80c013ced9ef9ca50e852d9cd486ce4200cc0d0da67677cb0c241a99e4ac076b809d5e07c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9303f5855303f20a8f3f777cc3bc66c1

SHA1
c1aa9096587c6a128752802cb4c864a90fd63d2f

SHA256
4c0ccd1f1631dfad0511daec0acb7d917788205249507aa7000fe601f66b5dd7

SHA512
3d34ffcba4e2b153b5471246b02bbcb41c882baf84537ce3bd6d328110b776435176e8fdd9108e112cc34ec86fd0b5185b998cce529309bdb62c30bc6f7cc5d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b8345251f21934a642664b296f46d9e6

SHA1
95ca107ae4c0cf0c0589681b0a4f48fbdd73eef9

SHA256
ea2c205086a6553eebce0504bc0ce0e8241c783c7de0316abdc8b0ff66845ed5

SHA512
a7e8b35118d54ca88c82565aa7ea10af422bb1e754b41f5cf97ce78b885a3d652ddb30bb53b412b42e1f936288e920e28aa0b2f81f18d9e7c43f30bba269ab65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d7df2531c67406b16abc0bc30fbab2d1

SHA1
edc4367472da48f7c66c76e433bf51be3081bb08

SHA256
23126c4fb45d48aafd2486c5792f6064b17b66508eba88763333f6440ec886aa

SHA512
6ff0bfa23ffe66d2a4cf043e141ac1154ea9b325e3cca97763c77d704930820e26b6bdabdcc76fa83a39b15f13c6f1627695c77cbe844e219b3f05a21ba7d601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e0ba08dea21cb604825186dc9aa4f51c

SHA1
0894f7e4eacbc428b7db07c388bd84858a296b6f

SHA256
c81c44e6259a0306cb93947c284731ee0c653c381989d54223b886842025f895

SHA512
9410b7f68df69c30af80c99bdee187db5e05e29ebac6eea024bf287f2b0e82ccb910104cbfbe5ed275a4f7bba014ef721db9d7baaf3b033f7e762ee2745ca425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
26e3adf2769769129f95192a7e0a6ef4

SHA1
510805a3cd8a7e43e8e4418453cdb98804917e3f

SHA256
5d44e80f2dc24de65ddf553f18efc0adfa503dfe3510381f18ea79a941f4b573

SHA512
f1936be7dd355996ed8b6ecf8330e3886d65dd014e2fd116f117c7c007db86589c0e24fb54f117ba708c80839311379a950be60bd3d287cf1cbbc091c9fd9b46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
db9c5385c8e5c63897f9ac5808ee29ed

SHA1
c0d473fd8b09fc7ff12e0391522cab8bdc24e861

SHA256
31b6d3cf2968f2cb929bd952369e707201b01dca666b94c3ceaa2912bbb918fe

SHA512
21aa1eefbf891e9cc625b33acb440cd4ad6f7d764f1c250873811070301303e9203bcc2f01c6f8ead0c774e8f055d7fa44987c784c5e5c164fd0cffa46bcb447

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\_asyncio.pyd

Filesize
36KB

MD5
a2fceca142cbc6a6c564817689d70ef4

SHA1
1702f9b187ce6dfd2873f08d60363b9208d64401

SHA256
236ebc5497d3b11aea3730f8e7c930687fb4db53f60f8527fb635150f6d35349

SHA512
6ed8f14d4ef4a1705c683d72ed289083b92175d4d0c8de67cf0beb014d8576a7ad433047f9c60070c977903dc83ce76c25d53e97dca2bed8fd376561e8462b51

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\_bz2.pyd

Filesize
48KB

MD5
6e0f6430d1c8b8a88243093c3303c824

SHA1
9d094c8e626522bd56d4625107431d6c6cba23c0

SHA256
406c2cfa016d7cd76026dd84f1c091283f308ba2107feac2a960f2915f35bb57

SHA512
cbf6ee364141912d33c42a02f1fa2c8b30192c030b04cbfc088c67d6ccea22139f4e4e951d12e0b19b0f7cbca6cb8a2760e584eeac023c085d7091de7d89d90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\_ctypes.pyd

Filesize
58KB

MD5
55d702dd4a79803bda2a561ccaea9da1

SHA1
fa706e97e020668e4d71b8e7743105bbcb6405e1

SHA256
995c0703a645d8579818cd0290f823011371152ac8dc5bcc2cceb999f1ba195c

SHA512
8ae3bfb3c236f66bca7a1292f8ff1a5c076177904c1a575d5f644aa64eed2fa5a313cecb5a57fc6db717958c678f2ac6a3ec04b3c16b245c019038a1810512a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\_hashlib.pyd

Filesize
35KB

MD5
51abf05fa5343f5eb68e347de561fe72

SHA1
af957a62346e320d8c177c52c74a8476c229a413

SHA256
43f530b4e4d4ea1c55b4ae0f70ff3440ed6e27f7760ae1419431aa40fbdf42db

SHA512
82c43099b9450dde53c3d7915884273784804ac0eb46e34cff8d306aa8c133dad95a844ded4983eb396825ac04e0fb211b624b3c2b6be934a555d7b8d15918a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\_lzma.pyd

Filesize
85KB

MD5
9b25a38596de6fe0f71038fb3dfdff98

SHA1
69ffc1ac839ebf6db89edcc866bcf1424bab2fbe

SHA256
00789059466e20de060d335696aa075d9ce4a88e0a44ffb09b7f8c6b68dab0eb

SHA512
3b090cbaecfbf41bffed928a846545d339f62b1ee33105f2fe6dbdd6cc62e0f468582c8494b21dfa48a8b9c4407da596e7ea2250d413ad301f7f48f590476879

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\_overlapped.pyd

Filesize
32KB

MD5
7fdc8df27753781f9b61b5c51f6dfecc

SHA1
a8e4d4cd310e804cd54732706217a78ae034f3d7

SHA256
ed2ae037f68f2a4b49cc38db4ed4b113928be7e32cdd2df8c19c66c56a3c53e2

SHA512
5b1745004a69dfb81211127e613f5e5dfb46d33e709742cd460929807e26f482ee480a6fdce920c2f1a341a5c655fd9f1080ba792268b19544031b4c353054a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\_socket.pyd

Filesize
43KB

MD5
0dfe38f15b898fef3451301eb235014f

SHA1
8e68e46edde6a45356b32250e75a6c496dcccd2e

SHA256
fd584c0651e6e19c0934e5f01bf5f9466ed822b6783f6b0e444a7af3df1e0e7e

SHA512
e120a4432fd6d61988c2d555fe3994ae307505e6aaf08eb89b6c7ba89bf1e8446f3d6978ad1cedfe9e9a6842e8e8d9888c80268f35d9a9fb23866071080fd6ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\_sqlite3.pyd

Filesize
56KB

MD5
102522c3e9ad96d4e0bdef1b69d950f6

SHA1
b6b56bd51083f8a9260cd6ca30ff611703a88778

SHA256
9cb524b12d0f94d851b2e2592901583c5cd2f2b5e93f3bbe3d17540c2fc6393f

SHA512
e3a5a5351a3e252c5d3018277290ba36912c62bfbc85ccc567f01743abd2fb6c943e717f6920089d4fbbc4d9bc8aaa4ab6650cc34e04cb77d644bcb051485657

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\_ssl.pyd

Filesize
62KB

MD5
27c78b2dc4bde8885dcc583bf3a83032

SHA1
f0cb5d51c9dc0f7919a7ae6baaace3fa1cf1808c

SHA256
fb1ee69dcae102a45b8afaaa0803ad29efa2b5c9c6880385804fafa497a7e80d

SHA512
fd5013848d04f5953dc5c81836b04b3bd805a6421530827d8774e578deca3e034cdf845ad2dd7542b85923f60aef82a9efb057bca124c0e61634c77277e6a69d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\base_library.zip

Filesize
1.8MB

MD5
b817d99ea48d40544a0bd7f3a2a6cb1a

SHA1
50514adfcddc823100a92ff92836119657ff05be

SHA256
f226e31bb11ffb24c2dcb5c6c4ee9a8de14f26bf093d6f9fa93889e5ab6e31e3

SHA512
566af76f05df803872f2991f7550750c5d95011e6e50d3b86a35d6a80dcf6dbb9d097ab4b672f9dead74584fa2278b6a7e1db553c3186eedb62868bc59100244

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\libcrypto-1_1.dll

Filesize
1.1MB

MD5
fc0f62dcd984fb76e93c58f1dc77f41d

SHA1
e8078d1895feb8b5f570d5af2deddd7120c89634

SHA256
92220d3448ec6f62bc0c6264fa34cfcc70ef705cbb05f1bb0d408053b6b131df

SHA512
ef97f30a8c600a1f3134e7b74e617e0087b21564905a1727efb9dc937946205c40babbdfe3fdce6262c7f89ed7aeb86e27ac3f9c258fc76dbe092039a2571d41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\libffi-8.dll

Filesize
29KB

MD5
0d1c6b92d091cef3142e32ac4e0cc12e

SHA1
440dad5af38035cb0984a973e1f266deff2bd7fc

SHA256
11ee9c7fb70c3756c0392843245935517171b95cc5ba0d696b2c1742c8d46fb6

SHA512
5d514ecab93941e83c008f0e9749f99e330949580884bf4850b11cac08fe1ac4ac50033e8888045fe4a9d8b4d2e3ea667b39be18f77266d00f8d7d6797260233

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\libssl-1_1.dll

Filesize
204KB

MD5
b22ffe0ecff7d40273c3deb790b43545

SHA1
7a026009d9c5d8799f0efa5b985bf821d406eaa7

SHA256
0a4b8dd5c6238ce6b41fe7a5f4a60788ea6c42a619cb465e336277cdb1195fc0

SHA512
0f62c19ea2f2fc38442bcec55abe6b594eae4c1221c379e46d1f55bf69d4e3fc254d6181b8f0e862e5a7b50858d67124d1880a585d4535076558ad5a59d48be4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\multidict\_multidict.cp311-win_amd64.pyd

Filesize
20KB

MD5
4e3b9e13c6a95d88429ce6ade7d0756f

SHA1
673d0999ec954c284c30619e0b5fa6feb9fa15ce

SHA256
e5969c7de6510ab57293c78f84a07abbe2d5847d810cfe1de34c62ce5cad4bbf

SHA512
c9185d0354431051f3e2724e37edf774057f2fa570bd4bf5dcce2b363bda2bfa1198927424e3e81a658fb86722f1d40d8eb21d332224c62b5e96875f61776738

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\python3.dll

Filesize
65KB

MD5
b711598fc3ed0fe4cf2c7f3e0877979e

SHA1
299c799e5d697834aa2447d8a313588ab5c5e433

SHA256
520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a

SHA512
b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\python311.dll

Filesize
1.6MB

MD5
cc7263ad1e3a5bfe4777091b86ee072d

SHA1
2c93207d75f3bdeb95f13084c43dda3762c9edf0

SHA256
b25f6cd48dd3f6107f7c546a151ec60b82330456d2d879d08164b8cce33460e0

SHA512
8c819a884480a67deaad45b943f50ee4c2893288a90facce5784b716e4486da7e776b5a0a6c006a9db6107256c253a9767eedbaa27e5f09a09dc537531e76c4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\select.pyd

Filesize
25KB

MD5
9f283679f5b0d802bde53b22fab26a91

SHA1
e964f0c3aef09714aaab8be08a0e572096978cd8

SHA256
1180c7c61350cb00064ff41bfc03ec8674442142f3c9459e822ab6f4578850a1

SHA512
08656a37aa56eb2fd482a2a478898b3cd705293ae79492fe2e03caa0cc59b8acc8edbd0c126d7bc65f72714ce98f56212d23e20e4c8a75a110ee208ccd8e574f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\sqlite3.dll

Filesize
622KB

MD5
9ca0a05710fc628b9313a861ec278e03

SHA1
e2a4f0a0b32c9c81d44864eaa17e7e485cf9ab0c

SHA256
e4e07d27a94304211c8a03fcc95d05110826ea2e16eea4a55e4a1c6223c3ae1e

SHA512
19d2991fa639008afbdfe6f34a7736bc293334e3d49f83908ad9d6a1fd0080f72ee42263466e001baeb19d60e8c484a4cf696b5ff502487d22000668e173844b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\unicodedata.pyd

Filesize
295KB

MD5
0d9c192db3879c336270cb91d5c59aa8

SHA1
800bda15f32a7267710847ba1d6833aaa937b091

SHA256
18e3ec71e5bd00a90231d978161c405d1d1a01d276e92f376b72b41aefe4a996

SHA512
5ce189299be7e22e8dce8dba8ba9e2618fef4f3b6e99e2e50f55249c18eb3a7f08e4b43b04668f86dea0adabaf40007c08df7be03eafd60225215c01101bf5fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\yarl\_quoting_c.cp311-win_amd64.pyd

Filesize
30KB

MD5
40cc7619738a645e09cd4490c3d3f62b

SHA1
6ec0c429ba9ca9659ddec2bdfcb06b393cdbf4ae

SHA256
1095823bc9f35c6e76a0f254c1773b3856f996e4785c4e12fe46e21ef59dc890

SHA512
0cfb784742ef4596aa71ddfc12f3df7a8a6af6b19f26c455e06b266220eb654e77e79bc9e9a92fe9aea00ec54bb94de480e5226426760e84617a5749d18d9474

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44922\attrs-23.1.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gao3kqpo.env.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 367549.crdownload

Filesize
10.8MB

MD5
dc0b24683e554ffa578ebb8e7da694a5

SHA1
dae13b006b67028242ace5f0714cc6886482f85e

SHA256
1bdce2be61df84567504c706cb0eeb062f6015ea06ba42bb377d2122bc6d947e

SHA512
96fd4de7e907ba8c42a9f60e6d2796b464f5f96388115aa75706222a2a01dda1880732a8d49137cb44c5c97e48680267fa39123a6ae74385a6d00b765f9e0d74

Download Submit
memory/2616-699-0x000002ABAADA0000-0x000002ABAADC2000-memory.dmp

Filesize
136KB

Download
memory/2628-547-0x00007FF97F9D0000-0x00007FF97F9FE000-memory.dmp

Filesize
184KB

Download
memory/2628-532-0x00007FF982740000-0x00007FF98274B000-memory.dmp

Filesize
44KB

Download
memory/2628-566-0x00007FF983E40000-0x00007FF983E4F000-memory.dmp

Filesize
60KB

Download
memory/2628-565-0x00007FF983210000-0x00007FF98321D000-memory.dmp

Filesize
52KB

Download
memory/2628-538-0x00007FF96EAE0000-0x00007FF96F0C9000-memory.dmp

Filesize
5.9MB

Download
memory/2628-564-0x00007FF9718E0000-0x00007FF971918000-memory.dmp

Filesize
224KB

Download
memory/2628-554-0x00007FF96E640000-0x00007FF96E75C000-memory.dmp

Filesize
1.1MB

Download
memory/2628-550-0x00007FF980640000-0x00007FF980655000-memory.dmp

Filesize
84KB

Download
memory/2628-518-0x00007FF982F10000-0x00007FF982F29000-memory.dmp

Filesize
100KB

Download
memory/2628-548-0x00007FF96FDB0000-0x00007FF96FE68000-memory.dmp

Filesize
736KB

Download
memory/2628-546-0x00007FF96FE70000-0x00007FF96FFE7000-memory.dmp

Filesize
1.5MB

Download
memory/2628-549-0x00007FF96E760000-0x00007FF96EAD8000-memory.dmp

Filesize
3.5MB

Download
memory/2628-552-0x00007FF97F7B0000-0x00007FF97F7C4000-memory.dmp

Filesize
80KB

Download
memory/2628-553-0x00007FF97F740000-0x00007FF97F754000-memory.dmp

Filesize
80KB

Download
memory/2628-555-0x00007FF97F720000-0x00007FF97F73B000-memory.dmp

Filesize
108KB

Download
memory/2628-556-0x00007FF97F700000-0x00007FF97F712000-memory.dmp

Filesize
72KB

Download
memory/2628-545-0x00007FF980090000-0x00007FF9800B3000-memory.dmp

Filesize
140KB

Download
memory/2628-557-0x00007FF97A1C0000-0x00007FF97A1D5000-memory.dmp

Filesize
84KB

Download
memory/2628-558-0x00007FF97A180000-0x00007FF97A1C0000-memory.dmp

Filesize
256KB

Download
memory/2628-559-0x00007FF9830A0000-0x00007FF9830AE000-memory.dmp

Filesize
56KB

Download
memory/2628-560-0x00007FF982740000-0x00007FF98274B000-memory.dmp

Filesize
44KB

Download
memory/2628-561-0x00007FF974AF0000-0x00007FF974B13000-memory.dmp

Filesize
140KB

Download
memory/2628-563-0x00007FF96DFE0000-0x00007FF96E634000-memory.dmp

Filesize
6.3MB

Download
memory/2628-568-0x00007FF982E80000-0x00007FF982E99000-memory.dmp

Filesize
100KB

Download
memory/2628-569-0x00007FF982F10000-0x00007FF982F29000-memory.dmp

Filesize
100KB

Download
memory/2628-562-0x00007FF974A20000-0x00007FF974A3C000-memory.dmp

Filesize
112KB

Download
memory/2628-551-0x00007FF980510000-0x00007FF980522000-memory.dmp

Filesize
72KB

Download
memory/2628-537-0x00007FF9718E0000-0x00007FF971918000-memory.dmp

Filesize
224KB

Download
memory/2628-530-0x00007FF96E760000-0x00007FF96EAD8000-memory.dmp

Filesize
3.5MB

Download
memory/2628-531-0x0000014080D30000-0x00000140810A8000-memory.dmp

Filesize
3.5MB

Download
memory/2628-534-0x00007FF96DFE0000-0x00007FF96E634000-memory.dmp

Filesize
6.3MB

Download
memory/2628-535-0x00007FF974A20000-0x00007FF974A3C000-memory.dmp

Filesize
112KB

Download
memory/2628-536-0x00007FF980640000-0x00007FF980655000-memory.dmp

Filesize
84KB

Download
memory/2628-567-0x00007FF980660000-0x00007FF980683000-memory.dmp

Filesize
140KB

Download
memory/2628-533-0x00007FF974AF0000-0x00007FF974B13000-memory.dmp

Filesize
140KB

Download
memory/2628-529-0x00007FF96FDB0000-0x00007FF96FE68000-memory.dmp

Filesize
736KB

Download
memory/2628-528-0x00007FF9830A0000-0x00007FF9830AE000-memory.dmp

Filesize
56KB

Download
memory/2628-527-0x00007FF97F9D0000-0x00007FF97F9FE000-memory.dmp

Filesize
184KB

Download
memory/2628-524-0x00007FF97A1C0000-0x00007FF97A1D5000-memory.dmp

Filesize
84KB

Download
memory/2628-525-0x00007FF97A180000-0x00007FF97A1C0000-memory.dmp

Filesize
256KB

Download
memory/2628-526-0x00007FF96FE70000-0x00007FF96FFE7000-memory.dmp

Filesize
1.5MB

Download
memory/2628-523-0x00007FF97F700000-0x00007FF97F712000-memory.dmp

Filesize
72KB

Download
memory/2628-520-0x00007FF982E80000-0x00007FF982E99000-memory.dmp

Filesize
100KB

Download
memory/2628-521-0x00007FF980090000-0x00007FF9800B3000-memory.dmp

Filesize
140KB

Download
memory/2628-522-0x00007FF97F720000-0x00007FF97F73B000-memory.dmp

Filesize
108KB

Download
memory/2628-544-0x00007FF980580000-0x00007FF9805AD000-memory.dmp

Filesize
180KB

Download
memory/2628-499-0x00007FF96EAE0000-0x00007FF96F0C9000-memory.dmp

Filesize
5.9MB

Download
memory/2628-500-0x00007FF980660000-0x00007FF980683000-memory.dmp

Filesize
140KB

Download
memory/2628-501-0x00007FF983E40000-0x00007FF983E4F000-memory.dmp

Filesize
60KB

Download
memory/2628-504-0x00007FF982E80000-0x00007FF982E99000-memory.dmp

Filesize
100KB

Download
memory/2628-503-0x00007FF983210000-0x00007FF98321D000-memory.dmp

Filesize
52KB

Download
memory/2628-502-0x00007FF982F10000-0x00007FF982F29000-memory.dmp

Filesize
100KB

Download
memory/2628-505-0x00007FF980580000-0x00007FF9805AD000-memory.dmp

Filesize
180KB

Download
memory/2628-506-0x00007FF980090000-0x00007FF9800B3000-memory.dmp

Filesize
140KB

Download
memory/2628-507-0x00007FF96FE70000-0x00007FF96FFE7000-memory.dmp

Filesize
1.5MB

Download
memory/2628-508-0x00007FF97F9D0000-0x00007FF97F9FE000-memory.dmp

Filesize
184KB

Download
memory/2628-510-0x00007FF96FDB0000-0x00007FF96FE68000-memory.dmp

Filesize
736KB

Download
memory/2628-512-0x0000014080D30000-0x00000140810A8000-memory.dmp

Filesize
3.5MB

Download
memory/2628-511-0x00007FF96E760000-0x00007FF96EAD8000-memory.dmp

Filesize
3.5MB

Download
memory/2628-513-0x00007FF980640000-0x00007FF980655000-memory.dmp

Filesize
84KB

Download
memory/2628-509-0x00007FF96EAE0000-0x00007FF96F0C9000-memory.dmp

Filesize
5.9MB

Download
memory/2628-514-0x00007FF980510000-0x00007FF980522000-memory.dmp

Filesize
72KB

Download
memory/2628-516-0x00007FF97F7B0000-0x00007FF97F7C4000-memory.dmp

Filesize
80KB

Download
memory/2628-515-0x00007FF980660000-0x00007FF980683000-memory.dmp

Filesize
140KB

Download
memory/2628-517-0x00007FF97F740000-0x00007FF97F754000-memory.dmp

Filesize
80KB

Download
memory/2628-519-0x00007FF96E640000-0x00007FF96E75C000-memory.dmp

Filesize
1.1MB

Download
memory/3504-367-0x0000029E0B8D0000-0x0000029E0BC48000-memory.dmp

Filesize
3.5MB

Download
memory/3504-415-0x00007FF970BB0000-0x00007FF971199000-memory.dmp

Filesize
5.9MB

Download
memory/3504-424-0x00007FF98B2E0000-0x00007FF98B30E000-memory.dmp

Filesize
184KB

Download
memory/3504-425-0x00007FF970AF0000-0x00007FF970BA8000-memory.dmp

Filesize
736KB

Download
memory/3504-427-0x00007FF98B2C0000-0x00007FF98B2D5000-memory.dmp

Filesize
84KB

Download
memory/3504-426-0x00007FF970770000-0x00007FF970AE8000-memory.dmp

Filesize
3.5MB

Download
memory/3504-440-0x00007FF96FFF0000-0x00007FF970644000-memory.dmp

Filesize
6.3MB

Download
memory/3504-433-0x00007FF987880000-0x00007FF987892000-memory.dmp

Filesize
72KB

Download
memory/3504-435-0x00007FF9833E0000-0x00007FF983420000-memory.dmp

Filesize
256KB

Download
memory/3504-439-0x00007FF987150000-0x00007FF98716C000-memory.dmp

Filesize
112KB

Download
memory/3504-416-0x00007FF98B3C0000-0x00007FF98B3E3000-memory.dmp

Filesize
140KB

Download
memory/3504-407-0x00007FF970650000-0x00007FF97076C000-memory.dmp

Filesize
1.1MB

Download
memory/3504-403-0x00007FF98B2C0000-0x00007FF98B2D5000-memory.dmp

Filesize
84KB

Download
memory/3504-398-0x00007FF98B2E0000-0x00007FF98B30E000-memory.dmp

Filesize
184KB

Download
memory/3504-399-0x00007FF970AF0000-0x00007FF970BA8000-memory.dmp

Filesize
736KB

Download
memory/3504-400-0x00007FF970770000-0x00007FF970AE8000-memory.dmp

Filesize
3.5MB

Download
memory/3504-401-0x0000029E0B8D0000-0x0000029E0BC48000-memory.dmp

Filesize
3.5MB

Download
memory/3504-402-0x00007FF9829E0000-0x00007FF982A18000-memory.dmp

Filesize
224KB

Download
memory/3504-391-0x00007FF98B2B0000-0x00007FF98B2BE000-memory.dmp

Filesize
56KB

Download
memory/3504-397-0x00007FF96FFF0000-0x00007FF970644000-memory.dmp

Filesize
6.3MB

Download
memory/3504-396-0x00007FF974280000-0x00007FF9743F7000-memory.dmp

Filesize
1.5MB

Download
memory/3504-392-0x00007FF988C00000-0x00007FF988C0B000-memory.dmp

Filesize
44KB

Download
memory/3504-393-0x00007FF983790000-0x00007FF9837B3000-memory.dmp

Filesize
140KB

Download
memory/3504-394-0x00007FF98B310000-0x00007FF98B333000-memory.dmp

Filesize
140KB

Download
memory/3504-395-0x00007FF987150000-0x00007FF98716C000-memory.dmp

Filesize
112KB

Download
memory/3504-378-0x00007FF970BB0000-0x00007FF971199000-memory.dmp

Filesize
5.9MB

Download
memory/3504-390-0x00007FF9833E0000-0x00007FF983420000-memory.dmp

Filesize
256KB

Download
memory/3504-388-0x00007FF987880000-0x00007FF987892000-memory.dmp

Filesize
72KB

Download
memory/3504-389-0x00007FF987170000-0x00007FF987185000-memory.dmp

Filesize
84KB

Download
memory/3504-380-0x00007FF989AD0000-0x00007FF989AE2000-memory.dmp

Filesize
72KB

Download
memory/3504-381-0x00007FF9880A0000-0x00007FF9880B4000-memory.dmp

Filesize
80KB

Download
memory/3504-382-0x00007FF970650000-0x00007FF97076C000-memory.dmp

Filesize
1.1MB

Download
memory/3504-383-0x00007FF988210000-0x00007FF988224000-memory.dmp

Filesize
80KB

Download
memory/3504-384-0x00007FF98B3C0000-0x00007FF98B3E3000-memory.dmp

Filesize
140KB

Download
memory/3504-387-0x00007FF9878A0000-0x00007FF9878BB000-memory.dmp

Filesize
108KB

Download
memory/3504-385-0x00007FF98B3A0000-0x00007FF98B3B9000-memory.dmp

Filesize
100KB

Download
memory/3504-370-0x00007FF98B2C0000-0x00007FF98B2D5000-memory.dmp

Filesize
84KB

Download
memory/3504-334-0x00007FF98B3A0000-0x00007FF98B3B9000-memory.dmp

Filesize
100KB

Download
memory/3504-335-0x00007FF98B390000-0x00007FF98B39D000-memory.dmp

Filesize
52KB

Download
memory/3504-364-0x00007FF98B2E0000-0x00007FF98B30E000-memory.dmp

Filesize
184KB

Download
memory/3504-366-0x00007FF970770000-0x00007FF970AE8000-memory.dmp

Filesize
3.5MB

Download
memory/3504-365-0x00007FF970AF0000-0x00007FF970BA8000-memory.dmp

Filesize
736KB

Download
memory/3504-345-0x00007FF98B310000-0x00007FF98B333000-memory.dmp

Filesize
140KB

Download
memory/3504-347-0x00007FF974280000-0x00007FF9743F7000-memory.dmp

Filesize
1.5MB

Download
memory/3504-341-0x00007FF98B340000-0x00007FF98B36D000-memory.dmp

Filesize
180KB

Download
memory/3504-339-0x00007FF98B370000-0x00007FF98B389000-memory.dmp

Filesize
100KB

Download
memory/3504-696-0x00007FF98D070000-0x00007FF98D07D000-memory.dmp

Filesize
52KB

Download
memory/3504-329-0x00007FF98D0C0000-0x00007FF98D0CF000-memory.dmp

Filesize
60KB

Download
memory/3504-328-0x00007FF98B3C0000-0x00007FF98B3E3000-memory.dmp

Filesize
140KB

Download
memory/3504-319-0x00007FF970BB0000-0x00007FF971199000-memory.dmp

Filesize
5.9MB

Download
memory/3504-809-0x00007FF98D070000-0x00007FF98D07D000-memory.dmp

Filesize
52KB

Download
memory/5112-799-0x00007FF973C90000-0x00007FF974279000-memory.dmp

Filesize
5.9MB

Download
memory/5112-801-0x00007FF98D060000-0x00007FF98D06F000-memory.dmp

Filesize
60KB

Download
memory/5112-800-0x00007FF9880D0000-0x00007FF9880F3000-memory.dmp

Filesize
140KB

Download
memory/5112-803-0x00007FF9880C0000-0x00007FF9880CD000-memory.dmp

Filesize
52KB

Download
memory/5112-802-0x00007FF9871F0000-0x00007FF987209000-memory.dmp

Filesize
100KB

Download
memory/5112-805-0x00007FF9871A0000-0x00007FF9871CD000-memory.dmp

Filesize
180KB

Download
memory/5112-804-0x00007FF9871D0000-0x00007FF9871E9000-memory.dmp

Filesize
100KB

Download
memory/5112-806-0x00007FF983800000-0x00007FF983823000-memory.dmp

Filesize
140KB

Download
memory/5112-807-0x00007FF980700000-0x00007FF980877000-memory.dmp

Filesize
1.5MB

Download
memory/5112-808-0x00007FF9837D0000-0x00007FF9837FE000-memory.dmp

Filesize
184KB

Download