Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    84s
  • max time network
    75s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    02/01/2025, 19:02

General

  • Target

    Bootstrapper.exe

  • Size

    800KB

  • MD5

    02c70d9d6696950c198db93b7f6a835e

  • SHA1

    30231a467a49cc37768eea0f55f4bea1cbfb48e2

  • SHA256

    8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

  • SHA512

    431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb

  • SSDEEP

    12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • A potential corporate email address has been identified in the URL: [email protected]
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Themida packer 7 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 59 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 45 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
    "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1316
    • C:\Windows\SYSTEM32\cmd.exe
      "cmd" /c ipconfig /all
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4812
      • C:\Windows\system32\ipconfig.exe
        ipconfig /all
        3⤵
        • Gathers network information
        PID:2372
    • C:\Windows\SYSTEM32\cmd.exe
      "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3324
      • C:\Windows\System32\Wbem\WMIC.exe
        wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4108
    • C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.11.exe
      "C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.11.exe" --oldBootstrapper "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe" --isUpdate true
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:5092
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/invite/8PgspRYAQu
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1596
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xb8,0x10c,0x7ff851893cb8,0x7ff851893cc8,0x7ff851893cd8
          4⤵
            PID:244
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,16743271804106179726,17008350926405993264,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
            4⤵
              PID:1488
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,16743271804106179726,17008350926405993264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:1560
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,16743271804106179726,17008350926405993264,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
              4⤵
                PID:1708
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16743271804106179726,17008350926405993264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
                4⤵
                  PID:572
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16743271804106179726,17008350926405993264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
                  4⤵
                    PID:4268
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16743271804106179726,17008350926405993264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
                    4⤵
                      PID:3728
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,16743271804106179726,17008350926405993264,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4848 /prefetch:8
                      4⤵
                        PID:4332
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,16743271804106179726,17008350926405993264,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4860 /prefetch:8
                        4⤵
                        • Modifies registry class
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4628
                    • C:\ProgramData\Solara\Solara.exe
                      "C:\ProgramData\Solara\Solara.exe"
                      3⤵
                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                      • Checks BIOS information in registry
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Checks whether UAC is enabled
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      PID:3504
                      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3504.2952.3702396173019873850
                        4⤵
                        • Enumerates system info in registry
                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                        • Suspicious use of FindShellTrayWindow
                        PID:3896
                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0xe0,0x108,0x10c,0xe4,0x114,0x7ff851893cb8,0x7ff851893cc8,0x7ff851893cd8
                          5⤵
                            PID:2832
                          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1928,7207142314554072438,5229325281793373367,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
                            5⤵
                            • System Network Configuration Discovery: Internet Connection Discovery
                            PID:4296
                          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,7207142314554072438,5229325281793373367,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2044 /prefetch:3
                            5⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:448
                          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,7207142314554072438,5229325281793373367,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2480 /prefetch:8
                            5⤵
                            • System Network Configuration Discovery: Internet Connection Discovery
                            PID:3596
                          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1928,7207142314554072438,5229325281793373367,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
                            5⤵
                            • System Network Configuration Discovery: Internet Connection Discovery
                            PID:1028
                          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,7207142314554072438,5229325281793373367,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4480 /prefetch:8
                            5⤵
                            • System Network Configuration Discovery: Internet Connection Discovery
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3580
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:4712
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:4848
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:852
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1824
                          • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                            "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                            1⤵
                            • Modifies registry class
                            • Suspicious use of SetWindowsHookEx
                            PID:3356

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\ProgramData\Solara\Microsoft.Web.WebView2.Core.dll

                            Filesize

                            557KB

                            MD5

                            b037ca44fd19b8eedb6d5b9de3e48469

                            SHA1

                            1f328389c62cf673b3de97e1869c139d2543494e

                            SHA256

                            11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197

                            SHA512

                            fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b

                          • C:\ProgramData\Solara\Microsoft.Web.WebView2.Wpf.dll

                            Filesize

                            50KB

                            MD5

                            e107c88a6fc54cc3ceb4d85768374074

                            SHA1

                            a8d89ae75880f4fca7d7167fae23ac0d95e3d5f6

                            SHA256

                            8f821f0c818f8d817b82f76c25f90fde9fb73ff1ae99c3df3eaf2b955653c9c8

                            SHA512

                            b39e07b0c614a0fa88afb1f3b0d9bb9ba9c932e2b30899002008220ccf1acb0f018d5414aee64d92222c2c39f3ffe2c0ad2d9962d23aaa4bf5750c12c7f3e6fe

                          • C:\ProgramData\Solara\Monaco\combined.html

                            Filesize

                            14KB

                            MD5

                            c051afac7ab368992b08a41750b3446e

                            SHA1

                            3443c8d9e158d943c8cf7053959e502240cb23e0

                            SHA256

                            46f67f8d457e2b93f3e8169a552af3438bfaa5df6aa91af2caf3397bcdec3bd4

                            SHA512

                            de43d06cdddf40387b7e7efd162f0701e779a539d76cef6b85d7fb61ec182000d748c7a5127bfb63c1c4f2cee9657464698c0ada425bf6ab3ca299bee2401714

                          • C:\ProgramData\Solara\Monaco\index.html

                            Filesize

                            14KB

                            MD5

                            610eb8cecd447fcf97c242720d32b6bd

                            SHA1

                            4b094388e0e5135e29c49ce42ff2aa099b7f2d43

                            SHA256

                            107d8d9d6c94d2a86ac5af4b4cec43d959c2e44d445017fea59e2e0a5efafdc7

                            SHA512

                            cf15f49ef3ae578a5f725e24bdde86c33bbc4fd30a6eb885729fd3d9b151a4b13822fa8c35d3e0345ec43d567a246111764812596fd0ecc36582b8ee2a76c331

                          • C:\ProgramData\Solara\Monaco\vs\basic-languages\lua\lua.js

                            Filesize

                            5KB

                            MD5

                            8706d861294e09a1f2f7e63d19e5fcb7

                            SHA1

                            fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23

                            SHA256

                            fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42

                            SHA512

                            1f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f

                          • C:\ProgramData\Solara\Monaco\vs\editor\editor.main.css

                            Filesize

                            171KB

                            MD5

                            6af9c0d237b31c1c91f7faa84b384bdf

                            SHA1

                            c349b06cad41c2997f5018a9b88baedd0ba1ea11

                            SHA256

                            fb2cbf2ee64286bc010a6c6fe6a81c6c292c145a2f584d0240c674f56e3015b0

                            SHA512

                            3bda519fed1cfa5352f463d3f91194122cf6bf7c3c7ab6927c8ca3eea159d35deb39328576e7cbd982cfdf1f101b2a46c3165221501b36919dbde6f1e94bf5ff

                          • C:\ProgramData\Solara\Monaco\vs\editor\editor.main.js

                            Filesize

                            2.0MB

                            MD5

                            9399a8eaa741d04b0ae6566a5ebb8106

                            SHA1

                            5646a9d35b773d784ad914417ed861c5cba45e31

                            SHA256

                            93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18

                            SHA512

                            d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8

                          • C:\ProgramData\Solara\Monaco\vs\editor\editor.main.nls.js

                            Filesize

                            31KB

                            MD5

                            74dd2381ddbb5af80ce28aefed3068fc

                            SHA1

                            0996dc91842ab20387e08a46f3807a3f77958902

                            SHA256

                            fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48

                            SHA512

                            8841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e

                          • C:\ProgramData\Solara\Monaco\vs\loader.js

                            Filesize

                            27KB

                            MD5

                            8a3086f6c6298f986bda09080dd003b1

                            SHA1

                            8c7d41c586bfa015fb5cc50a2fdc547711b57c3c

                            SHA256

                            0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9

                            SHA512

                            9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017

                          • C:\ProgramData\Solara\Newtonsoft.Json.dll

                            Filesize

                            695KB

                            MD5

                            195ffb7167db3219b217c4fd439eedd6

                            SHA1

                            1e76e6099570ede620b76ed47cf8d03a936d49f8

                            SHA256

                            e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

                            SHA512

                            56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

                          • C:\ProgramData\Solara\Solara.exe

                            Filesize

                            613KB

                            MD5

                            efa26a96b7af259f6682bc888a8b6a14

                            SHA1

                            9800a30228504c30e7d8aea873ded6a7d7d133bb

                            SHA256

                            18f4dca864799d7cd00a26ae9fb7eccf5c7cf3883c51a5d0744fd92a60ca1953

                            SHA512

                            7ca4539ab544aee162c7d74ac94b290b409944dd746286e35c8a2712db045d255b9907d1ebea6377d1406ddd87f118666121d0ec1abe0e9415de1bba6799f76e

                          • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            1c5e9665f9cc84a164262b6d8f1ccca2

                            SHA1

                            9d6287c4e035f73632eca50d3800a76e3144d382

                            SHA256

                            f2eb294cfb98703f02b0d71b36737ad86a82aaa97bb8893e7d053895caaca22d

                            SHA512

                            44fc93a9de61e7fda15d59379a78574e9785ae480a2791b338ebd3274669e12927af07a4ae5b454d08f0de6d7152253c9e2c354dfe854e8f514429711c86c197

                          • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            d84d6a1123e37fe8d9bb57d44cab8b60

                            SHA1

                            2dc16134a4e6666c9b5582cf1dd955a3564bcc34

                            SHA256

                            b03715781377bd5ead0e94e7eae00f786e0754402e5452f9e9353182c732fb3e

                            SHA512

                            b8bc89ba6dab8584e997107f0426eac3089076b25b156127b5fce35f81a968872e6f495f290b7abff6ed2a6b928cfdfd3ce458a0a712c7dadae5ee9d4cf345ff

                          • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

                            Filesize

                            20B

                            MD5

                            9e4e94633b73f4a7680240a0ffd6cd2c

                            SHA1

                            e68e02453ce22736169a56fdb59043d33668368f

                            SHA256

                            41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

                            SHA512

                            193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

                          • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

                            Filesize

                            41B

                            MD5

                            5af87dfd673ba2115e2fcf5cfdb727ab

                            SHA1

                            d5b5bbf396dc291274584ef71f444f420b6056f1

                            SHA256

                            f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                            SHA512

                            de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                          • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                          • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            206702161f94c5cd39fadd03f4014d98

                            SHA1

                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                            SHA256

                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                            SHA512

                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                          • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

                            Filesize

                            8KB

                            MD5

                            87364bca7b1be0fc73e50bc4bf1a28ac

                            SHA1

                            5594ee6e4cc3050ffe9f9daa571b98d901049aa3

                            SHA256

                            a13bfa854b3156e52a4df1f8beca377ad1ef1d85bf35a3502161b5b905f5947f

                            SHA512

                            3882399ef8e4a0bca062ee9d9512e10bab8d5750192f50e74f7ed423641faf4df0f8774d2087ea0983d5f47fb3b42b66140d69fc02908499f4869ff83d8fdabc

                          • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe58fd95.TMP

                            Filesize

                            8KB

                            MD5

                            7a42792731dd3a18dde4c33846eae4ea

                            SHA1

                            b561195e8a1fb3f0cf90cda52734d17151b4307d

                            SHA256

                            7d8e84f1ba4950a13a25cd929784af6dde0598979566de62bdf8f2fe302d8f9c

                            SHA512

                            caf4252d96d480747b8d18987712e9a96d1d84dd017fdaafcd22156360e4eea4b85fa909039b2813e1f6319e28c09e32113c4d3e4a8da033c7e249a831a9c145

                          • C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\ShaderCache\GPUCache\data_1

                            Filesize

                            264KB

                            MD5

                            d0d388f3865d0523e451d6ba0be34cc4

                            SHA1

                            8571c6a52aacc2747c048e3419e5657b74612995

                            SHA256

                            902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                            SHA512

                            376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                          • C:\ProgramData\Solara\SolaraV3.dll

                            Filesize

                            6.4MB

                            MD5

                            ea941865c88edbc63d9f8e7f690cf03a

                            SHA1

                            c3c2a6ab54b6ed8023fa492afa744ac15ae1f239

                            SHA256

                            9d017e4532eb760a48aaf663fc70c732f06839a027c47b447f804fcb424e59bf

                            SHA512

                            7383dcc92a9c8d469ed4c0d05240667d139c5b502ea80da521ed3750301fd0f805e38ba2df28e1dd45e359c7975314a5f99f17de69113e3ae34d9041ebbf07a7

                          • C:\ProgramData\Solara\WebView2Loader.dll

                            Filesize

                            133KB

                            MD5

                            a0bd0d1a66e7c7f1d97aedecdafb933f

                            SHA1

                            dd109ac34beb8289030e4ec0a026297b793f64a3

                            SHA256

                            79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

                            SHA512

                            2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

                          • C:\ProgramData\Solara\Wpf.Ui.dll

                            Filesize

                            5.2MB

                            MD5

                            aead90ab96e2853f59be27c4ec1e4853

                            SHA1

                            43cdedde26488d3209e17efff9a51e1f944eb35f

                            SHA256

                            46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

                            SHA512

                            f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            02a4b762e84a74f9ee8a7d8ddd34fedb

                            SHA1

                            4a870e3bd7fd56235062789d780610f95e3b8785

                            SHA256

                            366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

                            SHA512

                            19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            826c7cac03e3ae47bfe2a7e50281605e

                            SHA1

                            100fbea3e078edec43db48c3312fbbf83f11fca0

                            SHA256

                            239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

                            SHA512

                            a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                            Filesize

                            576B

                            MD5

                            ff9f21e0a3e8e1294392148e2738179d

                            SHA1

                            eeae692dca51e2c8d0a3db4ddbca626dddf3c64e

                            SHA256

                            4ad10ec25bded0138033730ff5950aebc8e27e2acd88ef4ab0d9eac7b0a1db3e

                            SHA512

                            f649cd8dbf63d4a08cf2b517787f5c352c3bcd89260b21a6e82f2dea4e7520255b55b58ec6c052fedcd411edaafe05c4e76daacc0def485a1c53bdb47e6976e4

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                            Filesize

                            468B

                            MD5

                            1a6bfa31f9a9acfb08e1770d420dbd16

                            SHA1

                            265d0f914d83b6c86d206bfac274ec6a21c2e1a2

                            SHA256

                            fd08f1296353381d7b1d714885266ef5ab8435d51f3c3aa2afbe1378514e6467

                            SHA512

                            8c537b1654ee2a31723fcdd2e78e250fdc13890adb5c8f6f60e909bd8fe2782c2dedf263aa30a4354543cc6318e721d9b41fdc473d85730e7f65f2122628356e

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            5KB

                            MD5

                            c84a45f3e4c57c6cbe2933e3441c3529

                            SHA1

                            c1ba2ff5a8f474e08df0434327c847653393078a

                            SHA256

                            dbe64d8e33841935d0f72b96f66e4658f410921bd24e4ab38dfb3da91ed58e2a

                            SHA512

                            cd23fa1af8c55aa86d5e31117f286d96c9e4083732cc20cddb46a38becc0dbc52cb350b70b90fea4755d9a84065a044a852782337a0c483f652a8d81e347f95b

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            9d219916552c9fd668f204dc498fac1e

                            SHA1

                            98562b03a42851122368fd4d6375da02a0ee9883

                            SHA256

                            e64fd7a09d39b45c91e688f6858d7aea87ec6951f244899b8aaea014ecb21e8f

                            SHA512

                            53d5a305aa3cd00bd071ca1065bba958822ab38ace7110fb5b700e87f75237a24f6f581f83ae6d202cc52d3060823f5dbf068abb4dee52545d2fdf6aa8fb087b

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                            Filesize

                            10KB

                            MD5

                            2c88b2c9b659ab774fc6c999bde6b906

                            SHA1

                            65b061fdc17dfcddee2df20da2dc737ee712677c

                            SHA256

                            1e9925cb3108eeadbddcd9757fb7716591defc1461c905affc81f690aee04f1a

                            SHA512

                            c145f1d01b308d09e8b6bf0fdb75ef3733bb6063a4f4fd6520b327c3d0829761b260febf1b90906639c9f1040300d7837edcc404393ee8a1b0a253b6ce038d62

                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                            Filesize

                            10KB

                            MD5

                            71a6b59e08e25451e52675c842fae23c

                            SHA1

                            565a97673954a9209c7a05fba20b89d10b88025f

                            SHA256

                            5b96212d3d1347b76c8c1c64b2f7ef981242bedd3b84b766b543d56dbbf8dbd6

                            SHA512

                            5cc98eb2aa02e2e69165170451d89dd880893e6b07440bb84fbab6cf92cb558bd58c2235d8d64ff43d380c5e9869827800d310ee67950bb21b498d89fbb5aab3

                          • C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.11.exe

                            Filesize

                            2.9MB

                            MD5

                            6ba3f4d057686fee3f1f792df10d5869

                            SHA1

                            ade4a1ada7886ca1bd4c8d7d1d3cba62f9e018a1

                            SHA256

                            1aeba3aa813d2a63819a2051ff3a657cea022d4df5e6a6f88abe947d1db00177

                            SHA512

                            79e93fba04fbdcad41b2b45462ee4994e08d8a63eee9fad2713a2b886d8fb4f697c489150466c883c3b0e039b4922b709fd1dbd4bc882cb16b9d9efc139a2285

                          • memory/1316-18-0x00007FF840690000-0x00007FF841152000-memory.dmp

                            Filesize

                            10.8MB

                          • memory/1316-1-0x0000011AFCA60000-0x0000011AFCB2E000-memory.dmp

                            Filesize

                            824KB

                          • memory/1316-4-0x0000011B00000000-0x0000011B00022000-memory.dmp

                            Filesize

                            136KB

                          • memory/1316-2-0x00007FF840690000-0x00007FF841152000-memory.dmp

                            Filesize

                            10.8MB

                          • memory/1316-0-0x00007FF840693000-0x00007FF840695000-memory.dmp

                            Filesize

                            8KB

                          • memory/3504-309-0x000002B4DED20000-0x000002B4DEDBC000-memory.dmp

                            Filesize

                            624KB

                          • memory/3504-445-0x0000000180000000-0x000000018108B000-memory.dmp

                            Filesize

                            16.5MB

                          • memory/3504-314-0x000002B4F9760000-0x000002B4F9812000-memory.dmp

                            Filesize

                            712KB

                          • memory/3504-312-0x000002B4F96A0000-0x000002B4F975A000-memory.dmp

                            Filesize

                            744KB

                          • memory/3504-311-0x000002B4F9B20000-0x000002B4FA05C000-memory.dmp

                            Filesize

                            5.2MB

                          • memory/3504-487-0x0000000180000000-0x000000018108B000-memory.dmp

                            Filesize

                            16.5MB

                          • memory/3504-321-0x000002B4F99B0000-0x000002B4F9A40000-memory.dmp

                            Filesize

                            576KB

                          • memory/3504-444-0x000002B4F91F0000-0x000002B4F930F000-memory.dmp

                            Filesize

                            1.1MB

                          • memory/3504-316-0x000002B4F93A0000-0x000002B4F93B0000-memory.dmp

                            Filesize

                            64KB

                          • memory/3504-326-0x0000000180000000-0x000000018108B000-memory.dmp

                            Filesize

                            16.5MB

                          • memory/3504-329-0x0000000180000000-0x000000018108B000-memory.dmp

                            Filesize

                            16.5MB

                          • memory/3504-328-0x0000000180000000-0x000000018108B000-memory.dmp

                            Filesize

                            16.5MB

                          • memory/3504-327-0x0000000180000000-0x000000018108B000-memory.dmp

                            Filesize

                            16.5MB

                          • memory/4296-350-0x00007FF860410000-0x00007FF860411000-memory.dmp

                            Filesize

                            4KB

                          • memory/5092-252-0x000002CD80440000-0x000002CD8045E000-memory.dmp

                            Filesize

                            120KB

                          • memory/5092-23-0x000002CDC30E0000-0x000002CDC31E0000-memory.dmp

                            Filesize

                            1024KB

                          • memory/5092-30-0x000002CDC31F0000-0x000002CDC31F8000-memory.dmp

                            Filesize

                            32KB

                          • memory/5092-29-0x000002CDC2A10000-0x000002CDC2A1A000-memory.dmp

                            Filesize

                            40KB

                          • memory/5092-28-0x000002CDC2A30000-0x000002CDC2A3A000-memory.dmp

                            Filesize

                            40KB

                          • memory/5092-27-0x000002CDC2AC0000-0x000002CDC2AD6000-memory.dmp

                            Filesize

                            88KB

                          • memory/5092-26-0x000002CDC2A40000-0x000002CDC2A48000-memory.dmp

                            Filesize

                            32KB

                          • memory/5092-25-0x000002CDC2A90000-0x000002CDC2AB6000-memory.dmp

                            Filesize

                            152KB

                          • memory/5092-24-0x000002CDC2A20000-0x000002CDC2A2A000-memory.dmp

                            Filesize

                            40KB

                          • memory/5092-246-0x000002CDBE800000-0x000002CDBE91F000-memory.dmp

                            Filesize

                            1.1MB

                          • memory/5092-21-0x000002CDC2A50000-0x000002CDC2A88000-memory.dmp

                            Filesize

                            224KB

                          • memory/5092-250-0x000002CD8E500000-0x000002CD8E5B2000-memory.dmp

                            Filesize

                            712KB

                          • memory/5092-253-0x000002CDBEEE0000-0x000002CDBEEEA000-memory.dmp

                            Filesize

                            40KB

                          • memory/5092-22-0x000002CDC2480000-0x000002CDC248E000-memory.dmp

                            Filesize

                            56KB

                          • memory/5092-255-0x000002CE00020000-0x000002CE00032000-memory.dmp

                            Filesize

                            72KB

                          • memory/5092-20-0x000002CDC2460000-0x000002CDC2468000-memory.dmp

                            Filesize

                            32KB

                          • memory/5092-19-0x000002CDA4660000-0x000002CDA4670000-memory.dmp

                            Filesize

                            64KB

                          • memory/5092-17-0x000002CDA3F40000-0x000002CDA4220000-memory.dmp

                            Filesize

                            2.9MB