8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Analysis

max time kernel
116s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 14:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

9^/10

discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	BootstrapperV2.13.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Bootstrapper.exe

Executes dropped EXE 2 IoCs

pid	Process
4128	BootstrapperV2.13.exe
1460	Solara.exe

Loads dropped DLL 2 IoCs

pid	Process
1460	Solara.exe
1460	Solara.exe

Themida packer 11 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/files/0x0007000000023daf-109.dat	themida
behavioral2/memory/1460-112-0x0000000180000000-0x0000000181173000-memory.dmp	themida
behavioral2/memory/1460-113-0x0000000180000000-0x0000000181173000-memory.dmp	themida
behavioral2/memory/1460-115-0x0000000180000000-0x0000000181173000-memory.dmp	themida
behavioral2/memory/1460-114-0x0000000180000000-0x0000000181173000-memory.dmp	themida
behavioral2/memory/1460-116-0x0000000180000000-0x0000000181173000-memory.dmp	themida
behavioral2/memory/1460-398-0x0000000180000000-0x0000000181173000-memory.dmp	themida
behavioral2/memory/1460-587-0x0000000180000000-0x0000000181173000-memory.dmp	themida
behavioral2/memory/1460-602-0x0000000180000000-0x0000000181173000-memory.dmp	themida
behavioral2/memory/1460-608-0x0000000180000000-0x0000000181173000-memory.dmp	themida
behavioral2/memory/1460-629-0x0000000180000000-0x0000000181173000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
55	pastebin.com
56	pastebin.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1460	Solara.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
1828	ipconfig.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133806478771133599"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4128	BootstrapperV2.13.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
436	chrome.exe
436	chrome.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe
1460	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4748	WMIC.exe
Token: SeSecurityPrivilege	4748	WMIC.exe
Token: SeTakeOwnershipPrivilege	4748	WMIC.exe
Token: SeLoadDriverPrivilege	4748	WMIC.exe
Token: SeSystemProfilePrivilege	4748	WMIC.exe
Token: SeSystemtimePrivilege	4748	WMIC.exe
Token: SeProfSingleProcessPrivilege	4748	WMIC.exe
Token: SeIncBasePriorityPrivilege	4748	WMIC.exe
Token: SeCreatePagefilePrivilege	4748	WMIC.exe
Token: SeBackupPrivilege	4748	WMIC.exe
Token: SeRestorePrivilege	4748	WMIC.exe
Token: SeShutdownPrivilege	4748	WMIC.exe
Token: SeDebugPrivilege	4748	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4748	WMIC.exe
Token: SeRemoteShutdownPrivilege	4748	WMIC.exe
Token: SeUndockPrivilege	4748	WMIC.exe
Token: SeManageVolumePrivilege	4748	WMIC.exe
Token: 33	4748	WMIC.exe
Token: 34	4748	WMIC.exe
Token: 35	4748	WMIC.exe
Token: 36	4748	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4748	WMIC.exe
Token: SeSecurityPrivilege	4748	WMIC.exe
Token: SeTakeOwnershipPrivilege	4748	WMIC.exe
Token: SeLoadDriverPrivilege	4748	WMIC.exe
Token: SeSystemProfilePrivilege	4748	WMIC.exe
Token: SeSystemtimePrivilege	4748	WMIC.exe
Token: SeProfSingleProcessPrivilege	4748	WMIC.exe
Token: SeIncBasePriorityPrivilege	4748	WMIC.exe
Token: SeCreatePagefilePrivilege	4748	WMIC.exe
Token: SeBackupPrivilege	4748	WMIC.exe
Token: SeRestorePrivilege	4748	WMIC.exe
Token: SeShutdownPrivilege	4748	WMIC.exe
Token: SeDebugPrivilege	4748	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4748	WMIC.exe
Token: SeRemoteShutdownPrivilege	4748	WMIC.exe
Token: SeUndockPrivilege	4748	WMIC.exe
Token: SeManageVolumePrivilege	4748	WMIC.exe
Token: 33	4748	WMIC.exe
Token: 34	4748	WMIC.exe
Token: 35	4748	WMIC.exe
Token: 36	4748	WMIC.exe
Token: SeDebugPrivilege	4948	Bootstrapper.exe
Token: SeDebugPrivilege	4128	BootstrapperV2.13.exe
Token: SeDebugPrivilege	1460	Solara.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4128	BootstrapperV2.13.exe
1460	Solara.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 3208	4948	Bootstrapper.exe	83
PID 4948 wrote to memory of 3208	4948	Bootstrapper.exe	83
PID 3208 wrote to memory of 1828	3208	cmd.exe	85
PID 3208 wrote to memory of 1828	3208	cmd.exe	85
PID 4948 wrote to memory of 3320	4948	Bootstrapper.exe	86
PID 4948 wrote to memory of 3320	4948	Bootstrapper.exe	86
PID 3320 wrote to memory of 4748	3320	cmd.exe	88
PID 3320 wrote to memory of 4748	3320	cmd.exe	88
PID 4948 wrote to memory of 4128	4948	Bootstrapper.exe	90
PID 4948 wrote to memory of 4128	4948	Bootstrapper.exe	90
PID 4128 wrote to memory of 1460	4128	BootstrapperV2.13.exe	100
PID 4128 wrote to memory of 1460	4128	BootstrapperV2.13.exe	100
PID 436 wrote to memory of 3572	436	chrome.exe	103
PID 436 wrote to memory of 3572	436	chrome.exe	103
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 5036	436	chrome.exe	104
PID 436 wrote to memory of 4448	436	chrome.exe	105
PID 436 wrote to memory of 4448	436	chrome.exe	105
PID 436 wrote to memory of 5016	436	chrome.exe	106
PID 436 wrote to memory of 5016	436	chrome.exe	106
PID 436 wrote to memory of 5016	436	chrome.exe	106
PID 436 wrote to memory of 5016	436	chrome.exe	106
PID 436 wrote to memory of 5016	436	chrome.exe	106
PID 436 wrote to memory of 5016	436	chrome.exe	106
PID 436 wrote to memory of 5016	436	chrome.exe	106
PID 436 wrote to memory of 5016	436	chrome.exe	106
PID 436 wrote to memory of 5016	436	chrome.exe	106
PID 436 wrote to memory of 5016	436	chrome.exe	106
PID 436 wrote to memory of 5016	436	chrome.exe	106
PID 436 wrote to memory of 5016	436	chrome.exe	106
PID 436 wrote to memory of 5016	436	chrome.exe	106
PID 436 wrote to memory of 5016	436	chrome.exe	106
PID 436 wrote to memory of 5016	436	chrome.exe	106
PID 436 wrote to memory of 5016	436	chrome.exe	106
PID 436 wrote to memory of 5016	436	chrome.exe	106
PID 436 wrote to memory of 5016	436	chrome.exe	106

cURL User-Agent 8 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	70	curl/8.9.1-DEV
HTTP User-Agent header	77	curl/8.9.1-DEV
HTTP User-Agent header	78	curl/8.9.1-DEV
HTTP User-Agent header	61	curl/8.9.1-DEV
HTTP User-Agent header	64	curl/8.9.1-DEV
HTTP User-Agent header	65	curl/8.9.1-DEV
HTTP User-Agent header	67	curl/8.9.1-DEV
HTTP User-Agent header	68	curl/8.9.1-DEV

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3208
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:1828
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3320
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4748
- C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.13.exe
  "C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.13.exe" --oldBootstrapper "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe" --isUpdate true
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4128
- - C:\ProgramData\Solara\Solara.exe
    "C:\ProgramData\Solara\Solara.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd60e5cc40,0x7ffd60e5cc4c,0x7ffd60e5cc58
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,4221999633434401456,16543574893911432518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,4221999633434401456,16543574893911432518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,4221999633434401456,16543574893911432518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2440 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,4221999633434401456,16543574893911432518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3308,i,4221999633434401456,16543574893911432518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4552,i,4221999633434401456,16543574893911432518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4388,i,4221999633434401456,16543574893911432518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3248,i,4221999633434401456,16543574893911432518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,4221999633434401456,16543574893911432518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3452,i,4221999633434401456,16543574893911432518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5256,i,4221999633434401456,16543574893911432518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5260,i,4221999633434401456,16543574893911432518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3372 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5176,i,4221999633434401456,16543574893911432518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5408,i,4221999633434401456,16543574893911432518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:2
  2⤵
  PID:4456

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1584

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Solara\Microsoft.Web.WebView2.Core.dll

Filesize
557KB

MD5
b037ca44fd19b8eedb6d5b9de3e48469

SHA1
1f328389c62cf673b3de97e1869c139d2543494e

SHA256
11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197

SHA512
fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b

Download Submit
C:\ProgramData\Solara\Microsoft.Web.WebView2.Wpf.dll

Filesize
50KB

MD5
e107c88a6fc54cc3ceb4d85768374074

SHA1
a8d89ae75880f4fca7d7167fae23ac0d95e3d5f6

SHA256
8f821f0c818f8d817b82f76c25f90fde9fb73ff1ae99c3df3eaf2b955653c9c8

SHA512
b39e07b0c614a0fa88afb1f3b0d9bb9ba9c932e2b30899002008220ccf1acb0f018d5414aee64d92222c2c39f3ffe2c0ad2d9962d23aaa4bf5750c12c7f3e6fe

Download Submit
C:\ProgramData\Solara\Monaco\combined.html

Filesize
14KB

MD5
2ed70c8bd6ce27e192db89ec9dca339b

SHA1
42b51a7e6cf89e2f79d364b6b3516c5f0d7344e8

SHA256
cc82b1b903fbc6b758d433ab2d101a2cf7bb3b1ef8ca2bf1c80a7d5dca71cc87

SHA512
4c527055aecdfe791774c014e44d73f5aab45bbe5cbba6a845710757316f60c08f2ace667744b5d79097ad5077ebd3a1bf4aabe09ac1ab453255b447ef207c40

Download Submit
C:\ProgramData\Solara\Monaco\index.html

Filesize
14KB

MD5
610eb8cecd447fcf97c242720d32b6bd

SHA1
4b094388e0e5135e29c49ce42ff2aa099b7f2d43

SHA256
107d8d9d6c94d2a86ac5af4b4cec43d959c2e44d445017fea59e2e0a5efafdc7

SHA512
cf15f49ef3ae578a5f725e24bdde86c33bbc4fd30a6eb885729fd3d9b151a4b13822fa8c35d3e0345ec43d567a246111764812596fd0ecc36582b8ee2a76c331

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
613KB

MD5
efa26a96b7af259f6682bc888a8b6a14

SHA1
9800a30228504c30e7d8aea873ded6a7d7d133bb

SHA256
18f4dca864799d7cd00a26ae9fb7eccf5c7cf3883c51a5d0744fd92a60ca1953

SHA512
7ca4539ab544aee162c7d74ac94b290b409944dd746286e35c8a2712db045d255b9907d1ebea6377d1406ddd87f118666121d0ec1abe0e9415de1bba6799f76e

Download Submit
C:\ProgramData\Solara\SolaraV3.dll

Filesize
6.9MB

MD5
12daf1ddbc2b2634a1a76adc3ec2d66c

SHA1
9a03f18aca54fb3b3190c1d65e424ffb9a4e6ffe

SHA256
2b6a59eb5b1861138dd82e0d1ca304babe47886a0eeca29d45c5d36363cc3b23

SHA512
7af52091f371bdad89be6900a7d3636d4f74fad2c9614ad1a322df342515d8163f224447c73a8a66875a56285806e6437794a292062fca11f2e5eeee03bea597

Download Submit
C:\ProgramData\Solara\WebView2Loader.dll

Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1aeab292-2d3c-4bbe-8e79-4c230689b8fa.tmp

Filesize
231KB

MD5
036dad15178a5e221910263a7b93dbcb

SHA1
b7f6512a5c91c2ce4580761d49b08701d73459c3

SHA256
cc124530258a4e1df37de3978192d665c0859bb193ab7ef68040a33a98e71f7e

SHA512
ee67f9b4bb096ac776b9e6b4f3b439382b1c416d8ab448a4af40f3bd233326b2a48c659504d44342f99d44c9db7a75788dcd7f75f696e78d6997581b672b844b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
dc9444c43faaccec3a237469593260ba

SHA1
59fcca752158c51c8af4fb4776782712248111fe

SHA256
69cb05fcf8bdb9bcf083a40574f16bd6fff8a2aa59be8cfe0c192db7a063491a

SHA512
a14cf8205c52a8c48cc720cca548c33a80cf8b866e66c093933e3f769d3ad04d27d2ae6c5809410410fde9f7dd90c8f2b70104fcec838ed1b5eee5104be6f528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6a7a798049c2196f2944385b6a4505c6

SHA1
6c3c3939bd0c52c683bb9172c63537aff8aa7d59

SHA256
8398bcf61eab68687dacccc23986d9b7162d3df0f0a01159a9f416800a311157

SHA512
c4c6c1ae5eecabc09e32168ad7b34668950a8f8c8509caed5bef1cbe2017707e32ad1e0ab578083762bb19f88cb3a39ddcbb14229767024a85c6ce85a1dbf285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
15f9c79f1b154c6e6b8af78455dd0e72

SHA1
dfefed258c7f7407b88400a46c0cb2769d2b68c7

SHA256
6696a441c526386cb39679649aa013e729cecc7d3f91c3d31069674ca80d48fb

SHA512
ac0786a08501aa850ccc8738f657b8f177712000d80f10ac72e8270c5537bdc64bbb997889d531ebe6022a563147ee74e7993a0e66addfd967fc5f7c1d54208b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e6411a0f45d0c500238b3175695c81a7

SHA1
eac60f4b8d2eb2f439ac7965a7da132ff8593a68

SHA256
5f6c121d5c6b368b84dfb86cd4e1557ae9353fc37d0072e0d6f81e3a3b4334e7

SHA512
757cdda29a87b45a7ece44f39d979043d4527f86019a28f2629c8b15d381d1b36f78ee050d99b51bad2a082a90f932d6e7866618f9b3f4ec809f675b8c134941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a7131e5e1e6aade1abbc45b2b8241216

SHA1
2aa07c342fcd9ca8e046ac0c16720bae2dce4881

SHA256
91066f97b29610a5c55fac853eb6a97890b8d84b14f3206332796dc3ca9b329d

SHA512
90a853e8e080a250e9c2fcf1de41ef56971d2b1f2396f495ad84de60fca68c73a73e7aef28386848eb8503c9f12883bb72ad47eb5268207d8fa9707eb59cbe2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f6116aad2810ac0c2a91f5cbc99a7d77

SHA1
33bf50645de2c9ea5d405fe0e7155c4e36a61fa7

SHA256
f267702874b41785736a39272061f3422917aaafcf25d19853c7b1989be05044

SHA512
93a48ab1ad14b3bbed499ccf9fe3bd0a0f2608c4a2f33ec30108b1e2c670359c50e81966a6b8ad15c570eb8971d65bea53351ff08c9c1eebc47397d5be68de7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b8394c5b03ffcfc7b256d01a7a16349a

SHA1
151932d3ad8df80b98774748e9987079594c8d2c

SHA256
716b94b3dc87ebce3a9781288aedf5feb867b1c12fd90d1351db7c5f4d536c4b

SHA512
3cc2a69243da4abe7efea5c0e10ff3ec282d07b70d4f37cd88abfb83492c889b71effd86a1130184e9bcd04206c2c82e3e3f4ff96593d075ebe8726531af4a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
36748de7455fdcf49328362ba6d248d9

SHA1
386e89de68ac433abab001854740d055a4ef4a80

SHA256
83e4eb7207369b3d6acd730ca1e64354a30544b4b78a0d471a4896cdf8719074

SHA512
25fa2e2eae20f13fb4561228c761de795bb47d58307df9b635b4a93ffe468ffe8b4d1f3b94d49fdb4374e7e4f8556213e46dded037c6e578ee214caf830eb700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e3d40ecaa1c95521ea12c44dc49c9357

SHA1
61f24eac9ba310e62864acb4d14e9382e0b4f24c

SHA256
38d7195a1a8046edf47957c11fdc6f4a30f7d7c2c1c18c85f5e2cbae0676cfc9

SHA512
abfe348472acfc398f34d0c0f15cd90c961848444ac84923a50fa028917bd57144f8bfbf05fca415201ed236ad56316dcf909ee7a9535662b9b9ad53e65ae69f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
88eb35e3648f1d9d8b1a8688ef9cab54

SHA1
ec2a434cfd30dbc6a1f2964ce89204137955ba9c

SHA256
529356b464290d95d95dfc688d40d852f31756d0484cab7bd9a07591b6df037d

SHA512
756afa05f48c0c9892e307a9f45a19145336d82e7368381c25ee7185d76ffd331f768e41b62b83949244f766dcfb75d5edc2f9b139349439796ff74ce34c637f

Download Submit
C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.13.exe

Filesize
2.9MB

MD5
fdeda3eb502d7eec02277cf08c7d926f

SHA1
fbf43baa8e3c610933866630ba767b60bbd0313f

SHA256
4d73c67dc61543f6116f8c0a8f6794ece2993e78713793c6e2066285e2607fd0

SHA512
0f6e6074951eda7347cc527734b6103ed10002a2e28aaee2a74a4e346576b1e448175e10bbd8f8e9adbd36a15fa22557a7a7c6465c5fcb9dc772a41c00a0112d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir436_1778771495\5286ec67-e2ae-4040-b7db-ea468d5097a8.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir436_1778771495\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/1460-608-0x0000000180000000-0x0000000181173000-memory.dmp

Filesize
17.4MB

Download
memory/1460-602-0x0000000180000000-0x0000000181173000-memory.dmp

Filesize
17.4MB

Download
memory/1460-97-0x00000201768D0000-0x000002017698A000-memory.dmp

Filesize
744KB

Download
memory/1460-114-0x0000000180000000-0x0000000181173000-memory.dmp

Filesize
17.4MB

Download
memory/1460-398-0x0000000180000000-0x0000000181173000-memory.dmp

Filesize
17.4MB

Download
memory/1460-101-0x0000020176850000-0x0000020176860000-memory.dmp

Filesize
64KB

Download
memory/1460-96-0x0000020176C60000-0x000002017719C000-memory.dmp

Filesize
5.2MB

Download
memory/1460-587-0x0000000180000000-0x0000000181173000-memory.dmp

Filesize
17.4MB

Download
memory/1460-99-0x0000020176990000-0x0000020176A42000-memory.dmp

Filesize
712KB

Download
memory/1460-94-0x000002015C110000-0x000002015C1AC000-memory.dmp

Filesize
624KB

Download
memory/1460-106-0x00000201771A0000-0x0000020177230000-memory.dmp

Filesize
576KB

Download
memory/1460-629-0x0000000180000000-0x0000000181173000-memory.dmp

Filesize
17.4MB

Download
memory/1460-116-0x0000000180000000-0x0000000181173000-memory.dmp

Filesize
17.4MB

Download
memory/1460-112-0x0000000180000000-0x0000000181173000-memory.dmp

Filesize
17.4MB

Download
memory/1460-113-0x0000000180000000-0x0000000181173000-memory.dmp

Filesize
17.4MB

Download
memory/1460-115-0x0000000180000000-0x0000000181173000-memory.dmp

Filesize
17.4MB

Download
memory/4128-29-0x00000187AFA80000-0x00000187AFA88000-memory.dmp

Filesize
32KB

Download
memory/4128-21-0x0000018791420000-0x0000018791700000-memory.dmp

Filesize
2.9MB

Download
memory/4128-31-0x00000187AFA70000-0x00000187AFA7A000-memory.dmp

Filesize
40KB

Download
memory/4128-32-0x00000187AF9F0000-0x00000187AF9FA000-memory.dmp

Filesize
40KB

Download
memory/4128-28-0x00000187AFA40000-0x00000187AFA66000-memory.dmp

Filesize
152KB

Download
memory/4128-27-0x00000187AF9E0000-0x00000187AF9EA000-memory.dmp

Filesize
40KB

Download
memory/4128-40-0x00000187EE5A0000-0x00000187EE5B2000-memory.dmp

Filesize
72KB

Download
memory/4128-33-0x00000187B0600000-0x00000187B0608000-memory.dmp

Filesize
32KB

Download
memory/4128-26-0x00000187B04D0000-0x00000187B05D0000-memory.dmp

Filesize
1024KB

Download
memory/4128-25-0x00000187AF9D0000-0x00000187AF9DE000-memory.dmp

Filesize
56KB

Download
memory/4128-24-0x00000187AFA00000-0x00000187AFA38000-memory.dmp

Filesize
224KB

Download
memory/4128-23-0x00000187AF980000-0x00000187AF988000-memory.dmp

Filesize
32KB

Download
memory/4128-22-0x0000018793280000-0x0000018793290000-memory.dmp

Filesize
64KB

Download
memory/4128-30-0x00000187B05D0000-0x00000187B05E6000-memory.dmp

Filesize
88KB

Download
memory/4128-38-0x00000187EE530000-0x00000187EE53A000-memory.dmp

Filesize
40KB

Download
memory/4128-35-0x00000187FCF50000-0x00000187FD002000-memory.dmp

Filesize
712KB

Download
memory/4128-37-0x00000187EE510000-0x00000187EE52E000-memory.dmp

Filesize
120KB

Download
memory/4948-6-0x0000024251280000-0x0000024251382000-memory.dmp

Filesize
1.0MB

Download
memory/4948-19-0x0000024251280000-0x0000024251382000-memory.dmp

Filesize
1.0MB

Download
memory/4948-5-0x00000242367F0000-0x0000024236812000-memory.dmp

Filesize
136KB

Download
memory/4948-20-0x00007FFD67D60000-0x00007FFD68821000-memory.dmp

Filesize
10.8MB

Download
memory/4948-4-0x00007FFD67D63000-0x00007FFD67D65000-memory.dmp

Filesize
8KB

Download
memory/4948-2-0x00007FFD67D60000-0x00007FFD68821000-memory.dmp

Filesize
10.8MB

Download
memory/4948-0-0x00007FFD67D63000-0x00007FFD67D65000-memory.dmp

Filesize
8KB

Download
memory/4948-1-0x0000024234AA0000-0x0000024234B6E000-memory.dmp

Filesize
824KB

Download