774cc2deb69d990bb908b5b4a77314e474b357268dad92d917dcd85176f43ffd

Analysis

max time kernel
335s
max time network
337s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
08/03/2025, 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BootstrapperNew.exe
Size

3.4MB
MD5

37d3fcd5058c45d2c2bba065a5c22296
SHA1

22debc7d8cdf3efd9b65ad099592c68ad7fa2713
SHA256

774cc2deb69d990bb908b5b4a77314e474b357268dad92d917dcd85176f43ffd
SHA512

fcad1f64c733180c7812a673379a35e488ed3306ca6146b187c7627a670012cec2a9166bf88815fbc1468cb70e7a1215a54e34aab37cba0f4ded8ce914323bdc
SSDEEP

98304:IZXfHaFoQyDIvqkqXf0FglY1XOe97vLn:SaBqkSIglY1XOCnn

Score

9^/10

defense_evasion discovery execution themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
704	powershell.exe
4072	powershell.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Executes dropped EXE 1 IoCs

pid	Process
2908	Solara.exe

Loads dropped DLL 2 IoCs

pid	Process
2908	Solara.exe
2908	Solara.exe

Themida packer 35 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/files/0x001c00000002af16-125.dat	themida
behavioral2/memory/2908-129-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-132-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-131-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-130-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-305-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-332-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-333-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-334-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-353-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-354-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-355-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-383-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-404-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-847-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-895-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-919-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-945-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-1012-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-1040-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-1065-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-1071-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-1097-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-1116-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-1133-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-1162-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-1295-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-1316-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-1631-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-1633-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-1645-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-1655-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-1656-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-1672-0x0000000180000000-0x00000001810AA000-memory.dmp	themida
behavioral2/memory/2908-1811-0x0000000180000000-0x00000001810AA000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	pastebin.com
6	pastebin.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2908	Solara.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_303197677\keys.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_891748966\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-de-1901.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-el.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-gu.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1360155750\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_303197677\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-da.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-de-ch-1901.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-hr.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-nb.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-sk.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-te.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1757427918\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1757427918\Part-DE	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_891748966\ct_config.pb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-bg.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-ml.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-sl.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1757427918\Part-IT	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1757427918\Part-ZH	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-bn.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-hy.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-it.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-ka.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-lt.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1757427918\adblock_snippet.js	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1757427918\Part-ES	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-gl.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-af.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-en-us.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-sv.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1757427918\Filtering Rules-CA	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-be.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-ga.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-tk.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_891748966\kp_pinslist.pb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-de-1996.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-en-gb.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-und-ethi.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-cs.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-cu.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-kn.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-ru.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_303197677\LICENSE	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_303197677\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_69684231\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_69684231\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1757427918\Filtering Rules	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1757427918\LICENSE	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-es.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-hi.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-fr.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1166145976\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1757427918\Filtering Rules-AA	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1757427918\Part-FR	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_891748966\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-cy.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-hu.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-la.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1166145976\manifest.fingerprint	msedgewebview2.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133859375795315478"	msedgewebview2.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 57 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 4e00310000000000685a37a0100054656d7000003a0009000400efbe515a97a5685a37a02e00000061570200000001000000000000000000000000000000adde3500540065006d007000000014000000	Solara.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	Solara.exe
Key created	\Registry\User\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\NotificationData	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 5600310000000000515a97a512004170704461746100400009000400efbe515a97a5685a659f2e0000004c5702000000010000000000000000000000000000005e3c69004100700070004400610074006100000016000000	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\NodeSlot = "1"	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 5000310000000000515a2aa810004c6f63616c003c0009000400efbe515a97a5685a659f2e00000060570200000001000000000000000000000000000000f9f2b5004c006f00630061006c00000014000000	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5000310000000000515a07ab100041646d696e003c0009000400efbe515a97a5685a659f2e000000415702000000010000000000000000000000000000009556af00410064006d0069006e00000014000000	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 5600310000000000685a6ca010007363726970747300400009000400efbe685a6ca0685a6ca02e0000005eaa0200000006000000000000000000000000000000ae863e007300630072006900700074007300000016000000	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Solara.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7800310000000000515a97a51100557365727300640009000400efbec5522d60685a659f2e0000006c0500000000010000000000000000003a00000000006bed790055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Solara.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Solara.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	Solara.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Solara.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	Solara.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\MRUListEx = ffffffff	Solara.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Solara.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
704	powershell.exe
704	powershell.exe
4072	powershell.exe
4072	powershell.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe
2908	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2464	msedgewebview2.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
2464	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	704	powershell.exe
Token: SeDebugPrivilege	4072	powershell.exe
Token: SeDebugPrivilege	3524	BootstrapperNew.exe
Token: SeDebugPrivilege	2908	Solara.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1068	MiniSearchHost.exe
2908	Solara.exe
2908	Solara.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3524 wrote to memory of 704	3524	BootstrapperNew.exe	83
PID 3524 wrote to memory of 704	3524	BootstrapperNew.exe	83
PID 3524 wrote to memory of 4072	3524	BootstrapperNew.exe	85
PID 3524 wrote to memory of 4072	3524	BootstrapperNew.exe	85
PID 3524 wrote to memory of 2908	3524	BootstrapperNew.exe	87
PID 3524 wrote to memory of 2908	3524	BootstrapperNew.exe	87
PID 2908 wrote to memory of 2464	2908	Solara.exe	88
PID 2908 wrote to memory of 2464	2908	Solara.exe	88
PID 2464 wrote to memory of 3248	2464	msedgewebview2.exe	89
PID 2464 wrote to memory of 3248	2464	msedgewebview2.exe	89
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 1388	2464	msedgewebview2.exe	90
PID 2464 wrote to memory of 2580	2464	msedgewebview2.exe	91
PID 2464 wrote to memory of 2580	2464	msedgewebview2.exe	91
PID 2464 wrote to memory of 416	2464	msedgewebview2.exe	92

C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
"C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3524
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -Command "Get-MpPreference | Select-Object -ExpandProperty ExclusionPath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:704
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -Command "Add-MpPreference -ExclusionPath 'C:\ProgramData\Solara'"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4072
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe" --bootstrapperPath "C:\Users\Admin\AppData\Local\Temp" --bootstrapperExe "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=2908.3436.9251853433085297334
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x160,0x164,0x168,0x13c,0x170,0x7ffe8b75b078,0x7ffe8b75b084,0x7ffe8b75b090
      4⤵
      PID:3248
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1668,i,15657028133025108972,13890260838616041183,262144 --variations-seed-version --mojo-platform-channel-handle=1692 /prefetch:2
      4⤵
      PID:1388
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2008,i,15657028133025108972,13890260838616041183,262144 --variations-seed-version --mojo-platform-channel-handle=1860 /prefetch:11
      4⤵
      PID:2580
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2272,i,15657028133025108972,13890260838616041183,262144 --variations-seed-version --mojo-platform-channel-handle=2288 /prefetch:13
      4⤵
      PID:416
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3680,i,15657028133025108972,13890260838616041183,262144 --variations-seed-version --mojo-platform-channel-handle=3688 /prefetch:1
      4⤵
      PID:2924
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4836,i,15657028133025108972,13890260838616041183,262144 --variations-seed-version --mojo-platform-channel-handle=4736 /prefetch:14
      4⤵
      PID:4928
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4912,i,15657028133025108972,13890260838616041183,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:14
      4⤵
      PID:5492
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4664,i,15657028133025108972,13890260838616041183,262144 --variations-seed-version --mojo-platform-channel-handle=4712 /prefetch:10
      4⤵
      PID:5920
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4744,i,15657028133025108972,13890260838616041183,262144 --variations-seed-version --mojo-platform-channel-handle=4848 /prefetch:14
      4⤵
      PID:1864
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4244,i,15657028133025108972,13890260838616041183,262144 --variations-seed-version --mojo-platform-channel-handle=4644 /prefetch:14
      4⤵
      PID:5576
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4336,i,15657028133025108972,13890260838616041183,262144 --variations-seed-version --mojo-platform-channel-handle=4264 /prefetch:14
      4⤵
      PID:4832
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4264,i,15657028133025108972,13890260838616041183,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:14
      4⤵
      PID:4560
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2168,i,15657028133025108972,13890260838616041183,262144 --variations-seed-version --mojo-platform-channel-handle=4116 /prefetch:14
      4⤵
      PID:5488
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4752,i,15657028133025108972,13890260838616041183,262144 --variations-seed-version --mojo-platform-channel-handle=4760 /prefetch:14
      4⤵
      PID:2108
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=4880,i,15657028133025108972,13890260838616041183,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:1
      4⤵
      PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8ee3cc40,0x7ffe8ee3cc4c,0x7ffe8ee3cc58
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4448,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4396 /prefetch:8
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3592,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4920,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5188,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4996,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5084,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4956,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4772 /prefetch:2
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5020,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4500,i,11172198992505427111,14789546158452597478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4396 /prefetch:8
  2⤵
  PID:3368

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2184

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1068

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:5348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Solara\Microsoft.Web.WebView2.Core.dll

Filesize
557KB

MD5
b037ca44fd19b8eedb6d5b9de3e48469

SHA1
1f328389c62cf673b3de97e1869c139d2543494e

SHA256
11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197

SHA512
fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b

Download Submit
C:\ProgramData\Solara\Microsoft.Web.WebView2.Wpf.dll

Filesize
50KB

MD5
e107c88a6fc54cc3ceb4d85768374074

SHA1
a8d89ae75880f4fca7d7167fae23ac0d95e3d5f6

SHA256
8f821f0c818f8d817b82f76c25f90fde9fb73ff1ae99c3df3eaf2b955653c9c8

SHA512
b39e07b0c614a0fa88afb1f3b0d9bb9ba9c932e2b30899002008220ccf1acb0f018d5414aee64d92222c2c39f3ffe2c0ad2d9962d23aaa4bf5750c12c7f3e6fe

Download Submit
C:\ProgramData\Solara\Monaco\combined.html

Filesize
14KB

MD5
2a0506c7902018d7374b0ec4090c53c0

SHA1
26c6094af2043e1e8460023ac6b778ba84463f30

SHA256
cad1e2eef6e20e88699fac5ef31d495890df118e58c86fc442ea6337aac7a75a

SHA512
4a9856512e7866b8623565886e5f3aebf15c824cb127e24be9afa2a5501a83fa95d209875a8777566bcac9973b38881e18caf6ad160c8d01366a508cafc2164b

Download Submit
C:\ProgramData\Solara\Monaco\index.html

Filesize
14KB

MD5
610eb8cecd447fcf97c242720d32b6bd

SHA1
4b094388e0e5135e29c49ce42ff2aa099b7f2d43

SHA256
107d8d9d6c94d2a86ac5af4b4cec43d959c2e44d445017fea59e2e0a5efafdc7

SHA512
cf15f49ef3ae578a5f725e24bdde86c33bbc4fd30a6eb885729fd3d9b151a4b13822fa8c35d3e0345ec43d567a246111764812596fd0ecc36582b8ee2a76c331

Download Submit
C:\ProgramData\Solara\Monaco\vs\basic-languages\lua\lua.js

Filesize
5KB

MD5
8706d861294e09a1f2f7e63d19e5fcb7

SHA1
fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23

SHA256
fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42

SHA512
1f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f

Download Submit
C:\ProgramData\Solara\Monaco\vs\editor\editor.main.css

Filesize
171KB

MD5
6af9c0d237b31c1c91f7faa84b384bdf

SHA1
c349b06cad41c2997f5018a9b88baedd0ba1ea11

SHA256
fb2cbf2ee64286bc010a6c6fe6a81c6c292c145a2f584d0240c674f56e3015b0

SHA512
3bda519fed1cfa5352f463d3f91194122cf6bf7c3c7ab6927c8ca3eea159d35deb39328576e7cbd982cfdf1f101b2a46c3165221501b36919dbde6f1e94bf5ff

Download Submit
C:\ProgramData\Solara\Monaco\vs\editor\editor.main.js

Filesize
2.0MB

MD5
9399a8eaa741d04b0ae6566a5ebb8106

SHA1
5646a9d35b773d784ad914417ed861c5cba45e31

SHA256
93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18

SHA512
d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8

Download Submit
C:\ProgramData\Solara\Monaco\vs\editor\editor.main.nls.js

Filesize
31KB

MD5
74dd2381ddbb5af80ce28aefed3068fc

SHA1
0996dc91842ab20387e08a46f3807a3f77958902

SHA256
fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48

SHA512
8841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e

Download Submit
C:\ProgramData\Solara\Monaco\vs\loader.js

Filesize
27KB

MD5
8a3086f6c6298f986bda09080dd003b1

SHA1
8c7d41c586bfa015fb5cc50a2fdc547711b57c3c

SHA256
0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9

SHA512
9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
619KB

MD5
91f5d6abf1fc57cb3e6222f10c51bff1

SHA1
fd1183ba06cf793f12de674d8aa31bd8bfbe1172

SHA256
c48c486f8655d33b4b0d7fc169adf5cbc964c723161953ef5877e99e45833840

SHA512
4538dc6b1c0c21f09fcce5a496538c25cbbc88bd5bb484806fa9426753691df7d798882085be0bdf4ee542da793c04a0d45675265a6ced2f4ea61b691909597a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
c3645c05a01a00c8d0dbe86bb6372dcb

SHA1
8ae10ed3830dc2704da7daca545ba4caa833e6cc

SHA256
f0149baef887fc3e3168d83368ddef08280830bf399118d0eb2154180a0103c8

SHA512
dddaf369209073c2c4895da7d182b0a8554c66bbec42827cbaf28b4c33c45481bb7456e1af5a6afe1f1b2670be360b441b55d1807481cac3d75f5dea96fc63c0

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
1a6b310feab001061502d53556d8cff7

SHA1
a9d4f6a1462dd0ec801cd1c34ac24355847f4bfe

SHA256
35bdbb0e0c38c051cbb2d401ab6e7c24ea17b0c50cc9e1eca5d19dcd1f12ab4e

SHA512
83627c4b2d43dcd7fbf397234080fb2aeaab011dbc6ec21377664179f14b705c6d44836b0fac3194dd64c54003d2ce11de414c716c0eda67d94aefc09e2d926c

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
53a7aa962071bfd94cae98882916a9a0

SHA1
3064a7d0dfb93d9eb8bf0ad20125e905593bcacc

SHA256
3db4179546d2057a478ee7c860d7ad54558757464b66756412b04879d7844ac3

SHA512
5de1f64523c54d5ad379f7db09de44c7e68b503a504bb81aaad80b7750615fc4e324f3f6acb46351d3c67344fad42ec0f93cb500bc3293c0c9603773702a9026

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
1KB

MD5
7d81b45443b32632f4866bccc15948be

SHA1
f54a776b9ec27319ae3ef09a069509109412329f

SHA256
ba33bdd31ba9ef1de8f3c51afb42aa2aea1790c47b29b27d202889398ad1d595

SHA512
263ec2772ca7f6d7b792a7ae4c46e0520d799915ec1008a0f4f34bf0e1e20ff0db5062a87470204b9047ea813b68dc0dead18f03cea87cfcdebd9944c8d06601

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
1KB

MD5
47651b8edf5d061ab432f7cf74ed1462

SHA1
0e731bc9a73474fd65079c3605a42c84ceedde97

SHA256
d0d4793800b38a5f3fbeeaec163e9645b22e6b200ce08650ca8e9eaea69dca4a

SHA512
97c00c3069207e1d0320c42e615d985c557c7fcbed0c3690e83a62c984246546ff13c352a0c554776804c25d614006d2621f58f91568ca05c932bcbf2777295b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe59090e.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\TransportSecurity

Filesize
858B

MD5
1468512b81710e49e38e062f30f54f78

SHA1
2c1412b0d6f246bf28c11cb4ca0bc207f540e901

SHA256
9eef6754c63b70631e35651271f38dde19ccdeacf8a75ba19705c6476877d919

SHA512
40670bc4fc66b8bb30d1e14163f33adaa352fc34aa075848a4f6cded03cd336fb7a44ef94ee0d4b9a8fdd4edd60a6c5795933dfaa0cf664689e1f6e0507b600f

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\TransportSecurity~RFe5c5d6a.TMP

Filesize
858B

MD5
8f66ee4878fe69ff8aebe192c80c46cf

SHA1
f1677394913e389edf2a172bff3e212c8b58993d

SHA256
b21cc7fd4d0de0b9cb196c3fa3babc14e55f165c20cf4c15bae9e100629ac9ec

SHA512
d9f92d7a6cbcc5085b9e34674490aedb9ec38fba0f2aa17127ddf1de211cdc326642cbaeb34610dfd7618e712eb3468e026c1ceb42dd10175bc853b35db7f9b2

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
b3c72dc9df10df53934e21712ea716c0

SHA1
7da7d99156852700347260cd99955aac1533600f

SHA256
0b3989b8ac1fab283a6be770d7f1b269bcdbcda457784a04c7d0c05be841c328

SHA512
fa24fcd64172cdca5d0de897229f2fd5231e6eb06be3c4cd96427926bd1eea1911e068d4fac1563033cd70f58d4e197adeb8b0448bdd40605029309dae3e8481

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
49198dcf88dc238633b147c4ee8a7002

SHA1
86a618a5230f0dfd39cd861ecdf095a7ad8881fd

SHA256
03071ebcb4b381270f26f53af7e655b0ee5c7819273bf4cf9283ff62a199c06f

SHA512
92b58cc228491c37d3f99eb04a995e0d93fc60ac6adb3adbc012fddf737909d9eb2e3b637b38a907052c1dc25dd65cf5ca09136381a6169362cb6e5c2f48a390

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences~RFe589258.TMP

Filesize
6KB

MD5
440fbe672a0fedb9eb2ac2fafb8cabb4

SHA1
01ea0e1827174c3f5a7b2c03b496a2de46a28fc8

SHA256
64745a96f80568ba38d8e03b377bc55ec34f88e9546eea5c561c12798816a52a

SHA512
8b204a67ce0496a9a1bb2b98c4c458b49bfa761908987cc9090391531ebceecfa508915ce7b5d0bc1f14b735a85fae3ef4ad5e3e3d87a784b5822f5d7f485bd7

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
18KB

MD5
99e3b40f596339ca0c7db0c4e73c6a36

SHA1
9b1c7185c034fd0d6e02bda1e6c93da7d95e4ab5

SHA256
5d792464d1c4a27761095c7997630efab5a7024fd586dde651da2bcb7f2c1421

SHA512
b888d8f355dc2428497eb21fb3d3d3bd7ca50e5a1862678cfd2097057e91e09fca8c3f9ead85b9b0b4b861b6b489b838d49d5d618148c0a97217bd7ea12c8a74

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
18KB

MD5
c9e0f573857764cc585aa1075b87472b

SHA1
1cf5ba3cdc33dc65bdde7a4c86e7a8d9d66c61d4

SHA256
33e4bfa91a0a35bd8498f5b1d6a7643e75cfa784955a4f86b8e8c282ac709d4c

SHA512
195f2623ed63500b4f1e1e4c811d44595e63af4ed04ac01a4568451a0395299d75cbcc404f9d00078de91d1d566a7a43613e2ce77a72d39c14e378db465a969e

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
18KB

MD5
33362228f2759a8ec4590c26e94215ff

SHA1
ff3e122a74fec7517fa3996df593ceb7c922247c

SHA256
b8e7b6b098b915af3a6cfc840f6ce7adfe04a830501ca99aa0c87daa8e3059df

SHA512
5260990a339eabbdac4e16231f56167031c3bd26bad05984a7bcecac9c17380af0157776ef69d2d0230a42cc79e4e91b251de97875e4c7956f8e54ccbf6d31f4

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
e52a481d46fb300086fae776b90db448

SHA1
40172e45d739b631934b4346df0aa0bf094b4d2d

SHA256
7cd870397b5ce48c5c9ce6a3e95b645ed640b20d809ab1f0e75905486ecf860c

SHA512
1031beace0bb1daee1cfb48cd76d03f6dda7d6403845b88ad9868b1d2fed2011746de9cf3106d185a25206c7790205bd21bd2f223a31e5be7e95996fb6841b39

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
2KB

MD5
e046734d343565c06cfa827318b910c9

SHA1
a135e4788d02131758f07a8a9cbaf29b90afb95e

SHA256
2aa975d14d531ca28281bb5ee02241cdd14a9258e4076eca1abbece3d53da855

SHA512
a4c0445a2463767616e7da3c850f69a5f89fc4388af59a99e84f076a8fb050a0e5ab5acd163426f945c0f3323b63f9cebf0144d401c85837ce7f5000a2eff7c8

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
2ffa0d8a15d7fc8c28acbcc7a2ea417c

SHA1
a34705f1f086becb1d63b1c99607027a0f459ba7

SHA256
2ccb0abefd0e36cd2550f2ef133eec465584f1aee1a92ec71fe28d48163d5ea1

SHA512
13262d3b7007dc7c91d0957b25901b98212f9b0c5142e7109e9677a17adb1f5a55df338fa41a095807d41b8d2d7c4f9a9543d767a4f2c83a6217bc13022cab00

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
18KB

MD5
fceb43fb3339ac13e33e03777895968f

SHA1
4097b814cc309d072b0363b537f35ec6edda47b0

SHA256
aaa999f4071248a995c8ba6e722c0c32e64c1c94cf2d89eb1240ac68b1000897

SHA512
42f7683778ae48defd8eb194cc127a84df2cabaa22718bc9d669fa0f597e2c3e233f4cc02ff224a3695226f4ea6d02b2e7368244c82e0eea37c18b553e1994ed

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
2837db9443b70eb7ac5653c149016e0c

SHA1
20d4878ef1b0ae4f3f3cacfcaf27b7b8ae727df5

SHA256
940d1f8e7987b0e58869c8688075153e87bf0c2cad67f5b74a1f2006cfaf9a35

SHA512
bab071a3b172a3d43f7033d1baea7d464ca78445dfdaaf40f8174d75eb3b0c70b3bb0a2566316dee3d3551409d89f73a0644ba8eeb21d9b509698adc0441b7a7

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
18KB

MD5
a3c7a873fa2efb8ad30fd658fb44fc17

SHA1
7cf4808870431a5547f0a6c766009354be88e6b6

SHA256
30ec621b33315be37dc071b118e3cdec9ebf1f681dd02c52640605b19cd20772

SHA512
553ff9dfa72677ea5b8bb90aa1b1832fbfbd3a1b90ef86cde96a9b15d691b24af3cfeb4828c16d4a56fcf154cafb30327cad38f7b9553db00e6b2ae13a9f1481

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe57f3c6.TMP

Filesize
1KB

MD5
152534144c30a1fca476c312221b7b7b

SHA1
eb563cc4bb3bd1a97261276ff439dd1744ea84a0

SHA256
1ba677ab52039fef33bcc1a579edf54c8b5e8974e0d8d3b417bedb56e240b0d4

SHA512
5cc94df328e3d4dcbca07832b031a7ab2745407dbf27016510253ca734129bd9b8d1b53bf5959b7b9d706a64809ae8bf2ff498b233cd1417dad5fb312ffa5854

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\PKIMetadata\21.0.0.0\crs.pb

Filesize
289KB

MD5
24a3775317d74ceea8fba6f0cfbce562

SHA1
fed5009eb51938d0894a9bb7aee8a97873d9b6f3

SHA256
192b206ad6f649f6c8767f6a3b11d9c5354710602bf0aeb4157eea08d7461ef7

SHA512
245951359283bff026aad50f7768a9aa59c1926ca7aa441c8f6a3715be34925332eeef4115a442a7841429400105d59d13937ee3aa9b80e83f1982893aefaa8e

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\PKIMetadata\21.0.0.0\ct_config.pb

Filesize
10KB

MD5
09b6469de61db3473bdfe04951f08529

SHA1
d64b455ae9c65d8d8629a128a9f3505ef3df3555

SHA256
1c435f4448dcf1784637fa9470546d12d7db2420a11cf8b5d6343439dd401c60

SHA512
049d3c0e05aa3ab1d4d51cc5bd72603f47aa33141bf771cb86baedc19b8973911445ce74256ff1118483175cf4a104262a22ae9431a6366cbd1f7d28553fcbb0

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\PKIMetadata\21.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
2d8bcb7c4b2dc669429bd40f7048f62a

SHA1
43a332c99105dcfb67893ea167879c3ce6bac8db

SHA256
7a0866cdd7bd21b8b08d166edb3f6adf8c859b47988b9b3ba3f0eaafabe10ff2

SHA512
15d3c7c6df2c3c75daf7ea9165687c5a6f8acac3dfe83573e20aa1bd425dde8fc659fc2c1b050b3e8ddb28358a96b9e0c083e61fa5d63ae34fa4b0bb63db8a76

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Subresource Filter\Indexed Rules\36\10.34.0.57\Ruleset Data

Filesize
2.8MB

MD5
6a62b26b738ffda1414b1e45b3b97c12

SHA1
ff44417a79841f948bdbeec9049f9fb59d16dc9f

SHA256
da3927c997d3bb2326e97a8dd7835c28f50ad8c4a9dd407669f20730c0159207

SHA512
820caca570523600a057dbedd38b7e3b375d6427d716cb74d0aee0825e621268a9f418f135443e5bc6bd7b9a1fbb8eb6676324d46f9111e56404b8953f23de53

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\TrustTokenKeyCommitments\2024.12.14.1\keys.json

Filesize
6KB

MD5
b4434830c4bd318dba6bd8cc29c9f023

SHA1
a0f238822610c70cdf22fe08c8c4bc185cbec61e

SHA256
272e290d97184d1ac0f4e4799893cb503fba8ed6c8c503767e70458cbda32070

SHA512
f2549945965757488ecd07e46249e426525c8fe771f9939f009819183ab909d1e79cbb3aeca4f937e799556b83e891bbb0858b60f31ec7e8d2d8fbb4cb00b335

Download Submit
C:\ProgramData\Solara\SolaraV3.dll

Filesize
6.4MB

MD5
22a100971f552b0aaca41291d65fa169

SHA1
6bdf503d13a53931417af4600225875361feba78

SHA256
66dde01c27784da1882a6444df7dbb69bf671cf3ef0cfa2e3373ece1930928a3

SHA512
9b58e305a3819e75f585a1ea74cf8edac817045d839b27b90794c8eb6e0fe350cfb28f44f9a4bc0005c62259aaa9d66a5f2f99623acdf69c1d3d7d6efb482bdc

Download Submit
C:\ProgramData\Solara\WebView2Loader.dll

Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6b6335e0b721cab8e08353595a8dd76f

SHA1
6572a7ba4540ad81b3e4ecbff33bb8fff33b6757

SHA256
5b16126b36781c4a297ae1a782db3adc7d0c8149ef1c303bc326ddddaefa1d05

SHA512
2dfdb47a8489f33466e4a2ae6443a3e387c3c5d2c7c322213b185dbbdda894e1248500f301607486f1d2b20b27e9de6caeb8df5026f8c1c03f3e618547d1db5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
76a1d94ee858a4ad550817752fb0d9a3

SHA1
ee95f3dfaf68e4ada4871b9ce8f64b57a31241eb

SHA256
82a7f9d8a476c5f39588738dd3f8d1e8ef0eae99411027285b4e982828347ab1

SHA512
5aecf298fe2d24cd1d6075f27d6a050e705b15a4cc2f51860b4315b5a638903ec8e41f1c105d3d4c8ba2ab18788518dc44383506302dc682ef610d3a0b26b6e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3a3c3007a0de875a94637c3d60f671ea

SHA1
a9845963707448a19160ede6a01b827baf009242

SHA256
b3d7a98f685fb451d2f77d849b34cc51f3fdbf4c935a806b7a5a770c7b4bd880

SHA512
ff7ec7e4d15571023678e0f06b8090c44001e4f4fa1c0350c8ac1a6ad4dc2870a8b8b31e791eb34b61bf32778e64f8da3d7833a695b9ac9dd74ad72ad4fceb68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
23eeb29f532d6f4aa9c9ccd97b246b5f

SHA1
1cde336e47c4e6deb258a427741ef32ac87ffa66

SHA256
c63181228c10e6dc417a6b25f3c775a4a93c6a38d54a9799b7ba4c857e7d51f3

SHA512
8ed81093a4ced957b6764b2238def5260f5c5de70cb5e11cb1db886a3cbed3ba91bb16fa3e7b5202f58f207ac4a76b1f9723cd2e4a2875ecfe8b0d850e08279a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
6198ea5a0d7562146e67bbc37c5ba905

SHA1
993fa65b8901a6b5ada293a644a0c89ad19b8280

SHA256
c46b393b9a4588ea7c4c2ed75164be19d86c15c994c5124f3afd3b613abfcc9a

SHA512
31a03d590dd5562b6545fd66be33d1424b7913dad19cfb483b81cecee4bacc4e19b7cdbe5e0004ad911a36daf2ee3351dc1114f458ea12ccce9b5de4908630c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
16926d312576bd4a51b8fc9cbc8cfc03

SHA1
50c252da25d1545a8466fd4f499b71d1b18b1616

SHA256
62341ddb3438e1d8edb2f38d009696676f7e299e7b734b68e108668d94ee41cb

SHA512
9f86b4526bf69c32c271477e84580523e9165308092a689f65be49a6c0cb0c449f101a82c6e11970dc13e431e3c4126d1073c4067668434bf82766d4e17a44e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ac4b4e34bb0f2b7e3e9e3ee8cdb8a69c

SHA1
30a4a54dd323eab91338d3b8c8508f73d7df534b

SHA256
03131267d1d3151c05a03edf4a6cefb2037e11f4310e78b5bd4cdf754bc10030

SHA512
62e4da892bca8ffb649c0e717a9fbf2e183ae0427fbeb6a13f0c1589f1a404d1db6b5fc4628b2b97f3c6edcb19d71740883d4e1f7b467333142729821fd56973

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e6d9a5e61cabfad23ea3a70ec3338815

SHA1
21c090120b4786143c790ac09489ea56c7d89d15

SHA256
926131179c01f466b3fba08cd5c16cb0675b4621953d25fa42fc375efe0df74a

SHA512
c3154ef17603b68902cb5a94adf9b77a5c37a756713987fb9e08f41c1ac2054ed12d8fd8b62e731df6b9444cf46453c059ba3dd9aa3544b0f0796535bd8bb54a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
53aa967d6c2b88424d74627728184e57

SHA1
f6f6abfb39d02543436e6321e203a03714ccd5ae

SHA256
5c12b399a39056ebf99da4b17e8692e79718ae2247a2006e1e3eff6e73348744

SHA512
50e4e444bafc2f445d430ec3aa21d114d21ee41225f04c691c1a9c068bd6f8727f4581a2fb871772342e2d929a0ebb4a7056e7eef01e3d714405a2dd3ff00464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
53c70d8583494e0c2a6d341b3928aae8

SHA1
51f12ec5c0ca728c2d46d9f5ff050936c68aadef

SHA256
0f3b058d8eddc4305d3fdd75674b7b1135058db03be98d4810d4559377a1b32f

SHA512
d153feff4f45ec611e191604bb42350f2d66ca36aad833b472e9c3e9307ee96d61dc40ae3fe9a50fc7ae2e4fe3f03969977dbd66173eba05d31e5b57270ffb60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2028eb1e1866d3b5a2803800df187736

SHA1
5e1170f5d924905c6b62fb6b12a624c5cfa66b9e

SHA256
10ac4724b139bab63009d5050971f7a1934ade2e87527fa9970a2a0e0fea3f8a

SHA512
740a44a869cfa8380cc0f9dd098145c15be2ac68e1f0104f877a5f3840724560787e50e9ced0782083dadda3bf8d6bb384daf8cab01722f8ea2a1eeae90b851b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc44c253dcc35a1fe51eb9f87854847d

SHA1
4dc2dbe38d9c3d5fcd200dc6065df9e5e4018b4f

SHA256
ef3091b1782b0a1fdc80cc62484c7668533337003642da970821365ff93e8d28

SHA512
25c481eb24c94731fa1a45b93c07fc4ec004912fea3470ad072b47f5357cbbdb8f82a6a46d3fac77dfd64c284bae068bc64099620c30eb63843953f9457d505f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6475a49203dc377eb016adf211fc5504

SHA1
40d62a2171c4aac0a3d669e25d30ec27b905c17c

SHA256
9219f79ddc2c63421a625c51f9415478d326646233f6d645fa4428afbc0a8765

SHA512
b5aebd9bbc3acd172f104376607f6e5f9b6036f4c387ec1ab1cfa45fd33eb5fbc86bad61354ad1e7a72b690a353dd2f2622ab929e464a4525a1944df781f87e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
45d3bf478e8648901ea832397096e004

SHA1
594004e64466120fdffd6f1f78b8d07b8915f674

SHA256
56405bf73312bfb1232185225c0e146a02fd677ee121b07644fb2d46a19ee0be

SHA512
007a6ab18dac355e60b5e09d149b3af28bba4f3451223e743b6e3245a9f7de9a48bfd4416bec5a5e2ec06ce8d784354510b25be264bd031d10fa0dbe0ad5623c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d18404a2ff4fb37f983f7ca156d273aa

SHA1
6c545d65a12ce40edae00f9c869463c09a5fc561

SHA256
f19da119bc3302523e21b95705f4f42ad20953990e1bd2bf07f842df06c4f1e5

SHA512
92d85d884f4c23426663faa5493aae6094538586c82cd33954c5f259de201557791d670574ab7bce16c5de84b95a6d6f00cbdf6477b800e7b4f12b17906155be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d7075aa558b46d38e2b05c21b2d61c3

SHA1
c1dffcbfdb8e4e3c5c021bfb9a8dbb23d16ab2cb

SHA256
61f380edb1c034cf72ba263a3a380f8890c7804bc70f658c342d6c5aeb2074a6

SHA512
58dc12ca0128c75a7610d08c5f2a7e90585c8e371100156cd7b2eebaaef9f764fcc40535ead6b87f6a40cd4aea10e44f18fe475b657ad7cadf8a1fdbf8f21741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a6ca91e0c4a4d92acf974034925ba74

SHA1
b5e96f343ac06ba714685346b3585b8c3d41cc13

SHA256
4a4ed0e173140f516f1449e97c49b28343352ab9b95cb041c3ec31b0e186ce2c

SHA512
945886e8daf0468fea5c78dde1c3638b2c3c274ed899cde4152b87e6b50370141f07ddc0555d410820f7bbdf0e0438efacf203ab4e91c6cd27a1bc1619762e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb9d1adc9e010fc987756d1d29838b0f

SHA1
e25df9a3f41f5529991a033d9089ed2de49fb20b

SHA256
325c89073ec3b8e7279ae04f8150eb8dd89fc6a7af9e86284649e7d89a9d56c2

SHA512
911bc2fcc9c178c5d595d922b3f7207c73f2b446c73d23f2077e3f20a3d16636b034df5082a3da0e7ad2bdadb6e22ee1745aa0bbbad7adaf35760bf6c90da1f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
726e513963499565d5612d681fc323b2

SHA1
441987e94c6dd522e64b373c496ff9cee1ee98d0

SHA256
391414386a46f98ece071ec6ad9cd58690c720eee8d4919d5423a95a4d88edfc

SHA512
c21611271555ab628bd99b7d1a3f7c4eb71a30500d0f0b4a516ba75209a9347b9bd378af516a58de136a13c86ed65be6e338219c386d48eff6c03afeed662a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00b063bf2179371be6f708d504e762ec

SHA1
31db8bd8aec9e129c7819638a4dccccb9cb97c77

SHA256
62ec1c47813b65e3dd07a17c50589f983ec1e2b4f06586b328ae4fdb3b2de01c

SHA512
9baf127efa9dad33fb63024fc9d3574a2ff7f93a002ed9c8090afd83829f6fc2d79669028205470e5768ccec1c8ccdaaca5d547a76634258478273056c906c15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b242170029e5b5dd76548415a7ce4f9

SHA1
ff5d271936a95bde5b47a09c24faaaa33016cfe2

SHA256
6ed883acad8ad9718563710df23da44036e1c0319040f48b4bff810152870d34

SHA512
712ed2c8e4aa0f5246c3fde8d5e2c8e1ecc230e62b64e80827e2340c964d2b79dd9bb739d4cde102967e6abb03d60cacf735b1a21c36db7309a70c9e247e845d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6da384ec4f82f4cdba34940c8dd6b7b

SHA1
0d04b8b36f5633377193d2ae4dfb523c54afe446

SHA256
44fa2e49305f75e8e9885107fc76ef05096ab70652374402d19c55d08f218e73

SHA512
04668a169e16da9b3cf73cd30c7ee8daa99b8ed84c909d27c5080236b1f6c38ed19dce6b8201268f7d5970819af8ab8e4f41e4a2f52e8837ff2ca72a501e75ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
7758c2362b0ee354182a210609c7d0bc

SHA1
2a2f8820b3ab097bca230a4a771cd4b8c8a07467

SHA256
46e8f0a7102f811ae27a71f4721a354d4eb466bf2e5eea8afde7b191cbc98d4b

SHA512
ea9bcae756d1791ca0d193cea288eda93c1cdbadd43a1b8c96da6ec161ccfdb66cbbec845d7aec3e02f5ce9372156ef84b4533499615b4a888b5038c2c0759f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
cf426d209ab196413a4068a8ddfb69fa

SHA1
03e000fce89e31d5b396254df781a23567154aa4

SHA256
c80a369194118d4c15ecb9de49fd31f29fe8e3de66601e6195cfc21331760bae

SHA512
64ebf7ea9468e2569966a24946c5af030414abb361bea1631372d8723734cf67e214de226ca0dcd0a7e669115a10a40fa651af96efa66ad06f8aad02e7a04d4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
ee455d4297bf002219a2e7a54507f32f

SHA1
a86fd5b211eeb234f9185c2fb2f473fdffbdfce2

SHA256
dda6e46c36f7535e11bce8d81ea9502341a4c9ecc7f599faa0d4d17b1298b750

SHA512
1c263abba872d7f54308e8373fdd98672905582b533eac18f7462a4fb49c8bb26231bb9aac2e37bee96a2ff33009a982feb2117061346c5ca843d3818190c9d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
56e1cc0b4d4fc21337d3b1d3f86b12d4

SHA1
f829132880cea26b5a0bfa2091a5d9560dc94831

SHA256
ee9a5582a9b281b4e1539f0eee90f6da7c441335bbd72d8fae96705c959d1d85

SHA512
adba7497351de88ad145e58a922d63b255862df00d454cdeebd08dfe5ccce2ea7ec88d8fd3f6cba8338b8ccc98f74b3cb66d119859a68bfd1949b65505c519f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
627073ee3ca9676911bee35548eff2b8

SHA1
4c4b68c65e2cab9864b51167d710aa29ebdcff2e

SHA256
85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c

SHA512
3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
2e8eb51096d6f6781456fef7df731d97

SHA1
ec2aaf851a618fb43c3d040a13a71997c25bda43

SHA256
96bfd9dd5883329927fe8c08b8956355a1a6ceb30ceeb5d4252b346df32bc864

SHA512
0a73dc9a49f92d9dd556c2ca2e36761890b3538f355ee1f013e7cf648d8c4d065f28046cd4a167db3dea304d1fbcbcea68d11ce6e12a3f20f8b6c018a60422d2

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\521bafb0-ad1d-4ae7-98b8-204d7a088de8.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
2237e76835bdbe6de268b1c9ba8c5f43

SHA1
9d0ff481e1175fe35145cbffbaa43e53e23915d4

SHA256
428d10927769a7e7f453af3bc213de9ea562e58e27bbbe892b7077fc1c41413d

SHA512
c34bc35afb397237b9a3c23234fd61bae0c49d86389b6eb721c2fb47c17b0036dd9eada47ccce557d8ef962267c9933e47a9971948e5f109f5a05dc46e079bed

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yu3wwrsm.dxf.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3804_2114392785\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3804_2114392785\dd75b988-932c-4968-ae93-6b8d326b26aa.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1166145976\crl-set

Filesize
21KB

MD5
846feb52bd6829102a780ec0da74ab04

SHA1
dd98409b49f0cd1f9d0028962d7276860579fb54

SHA256
124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

SHA512
c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1166145976\manifest.json

Filesize
114B

MD5
e6cd92ad3b3ab9cb3d325f3c4b7559aa

SHA1
0704d57b52cf55674524a5278ed4f7ba1e19ca0c

SHA256
63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

SHA512
172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1360155750\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_1757427918\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_303197677\manifest.json

Filesize
80B

MD5
9e72659142381870c3c7dfe447d0e58e

SHA1
ba27ed169d5af065dabde081179476beb7e11de2

SHA256
72bab493c5583527591dd6599b3c902bade214399309b0d610907e33275b8dc2

SHA512
b887eb30c09fa3c87945b83d8dbddceee286011a1582c10b5b3cc7a4731b7fa7cb3689cb61bfead385c95902cab397d0aa26bc26086d17ce414a4f40f0e16a01

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_333695910\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_69684231\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_891748966\manifest.json

Filesize
102B

MD5
2c2e90b63e0f7e54ffc271312a3d4490

SHA1
4eb9d97e1efc368420691acb2e6df1c61c75f7e4

SHA256
72dbb7d6b647b664ef64b6a14771c2549c979b9c57712f3f712966edb02d7b2e

SHA512
9ec9e8a34cc56a694ac845a4344600b479d11347ec5279d955ab4cf55590440f3491e0a1b635ddb9db821630885e5fd63c269fc2a5d1abd0a0d0062ae21dea8b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2464_910816595\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
memory/704-34-0x00007FFE95F70000-0x00007FFE96A32000-memory.dmp

Filesize
10.8MB

Download
memory/704-38-0x00007FFE95F70000-0x00007FFE96A32000-memory.dmp

Filesize
10.8MB

Download
memory/704-32-0x0000026F76E70000-0x0000026F76E92000-memory.dmp

Filesize
136KB

Download
memory/704-33-0x00007FFE95F70000-0x00007FFE96A32000-memory.dmp

Filesize
10.8MB

Download
memory/704-35-0x00007FFE95F70000-0x00007FFE96A32000-memory.dmp

Filesize
10.8MB

Download
memory/1388-159-0x00007FFEB6010000-0x00007FFEB6011000-memory.dmp

Filesize
4KB

Download
memory/2908-353-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-305-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-847-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-1811-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-130-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-1672-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-131-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-132-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-1656-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-1655-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-1645-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-1633-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-945-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-112-0x0000017E681A0000-0x0000017E686DC000-memory.dmp

Filesize
5.2MB

Download
memory/2908-113-0x0000017E67F50000-0x0000017E6800A000-memory.dmp

Filesize
744KB

Download
memory/2908-1631-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-1012-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-404-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-383-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-919-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-1040-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-110-0x0000017E4D6B0000-0x0000017E4D750000-memory.dmp

Filesize
640KB

Download
memory/2908-332-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-1065-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-333-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-1071-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-115-0x0000017E68010000-0x0000017E680C2000-memory.dmp

Filesize
712KB

Download
memory/2908-895-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-334-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-117-0x0000017E4DC50000-0x0000017E4DC60000-memory.dmp

Filesize
64KB

Download
memory/2908-1116-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-129-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-355-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-1133-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-1316-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-354-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-1295-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-1162-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2908-122-0x0000017E687E0000-0x0000017E68870000-memory.dmp

Filesize
576KB

Download
memory/2908-1097-0x0000000180000000-0x00000001810AA000-memory.dmp

Filesize
16.7MB

Download
memory/2924-275-0x00007FFEB6010000-0x00007FFEB6011000-memory.dmp

Filesize
4KB

Download
memory/3524-0-0x00007FFE95F73000-0x00007FFE95F75000-memory.dmp

Filesize
8KB

Download
memory/3524-52-0x0000022CBD500000-0x0000022CBD51E000-memory.dmp

Filesize
120KB

Download
memory/3524-16-0x0000022CC1710000-0x0000022CC1718000-memory.dmp

Filesize
32KB

Download
memory/3524-1-0x0000022CA24F0000-0x0000022CA2860000-memory.dmp

Filesize
3.4MB

Download
memory/3524-7-0x0000022CC0F20000-0x0000022CC0F2E000-memory.dmp

Filesize
56KB

Download
memory/3524-8-0x0000022CC15C0000-0x0000022CC16C0000-memory.dmp

Filesize
1024KB

Download
memory/3524-15-0x0000022CC0F40000-0x0000022CC0F4A000-memory.dmp

Filesize
40KB

Download
memory/3524-22-0x00007FFE95F70000-0x00007FFE96A32000-memory.dmp

Filesize
10.8MB

Download
memory/3524-10-0x0000022CC0F50000-0x0000022CC0F76000-memory.dmp

Filesize
152KB

Download
memory/3524-128-0x00007FFE95F70000-0x00007FFE96A32000-memory.dmp

Filesize
10.8MB

Download
memory/3524-23-0x00007FFE95F70000-0x00007FFE96A32000-memory.dmp

Filesize
10.8MB

Download
memory/3524-13-0x0000022CC16E0000-0x0000022CC16F6000-memory.dmp

Filesize
88KB

Download
memory/3524-11-0x0000022CC16D0000-0x0000022CC16D8000-memory.dmp

Filesize
32KB

Download
memory/3524-21-0x00007FFE95F70000-0x00007FFE96A32000-memory.dmp

Filesize
10.8MB

Download
memory/3524-55-0x0000022CC1DA0000-0x0000022CC1DB2000-memory.dmp

Filesize
72KB

Download
memory/3524-19-0x00007FFE95F73000-0x00007FFE95F75000-memory.dmp

Filesize
8KB

Download
memory/3524-53-0x0000022CC1C40000-0x0000022CC1C4A000-memory.dmp

Filesize
40KB

Download
memory/3524-14-0x0000022CC16C0000-0x0000022CC16CA000-memory.dmp

Filesize
40KB

Download
memory/3524-18-0x00007FFE95F70000-0x00007FFE96A32000-memory.dmp

Filesize
10.8MB

Download
memory/3524-2-0x00007FFE95F70000-0x00007FFE96A32000-memory.dmp

Filesize
10.8MB

Download
memory/3524-12-0x00007FFE95F70000-0x00007FFE96A32000-memory.dmp

Filesize
10.8MB

Download
memory/3524-3-0x0000022CA2CD0000-0x0000022CA2CE0000-memory.dmp

Filesize
64KB

Download
memory/3524-20-0x00007FFE95F70000-0x00007FFE96A32000-memory.dmp

Filesize
10.8MB

Download
memory/3524-50-0x0000022CC1CC0000-0x0000022CC1D72000-memory.dmp

Filesize
712KB

Download
memory/3524-4-0x0000022CBCF40000-0x0000022CBCF48000-memory.dmp

Filesize
32KB

Download
memory/3524-5-0x00007FFE95F70000-0x00007FFE96A32000-memory.dmp

Filesize
10.8MB

Download
memory/3524-6-0x0000022CC1580000-0x0000022CC15B8000-memory.dmp

Filesize
224KB

Download
memory/3524-9-0x0000022CC0F30000-0x0000022CC0F3A000-memory.dmp

Filesize
40KB

Download
memory/5920-934-0x0000018E87B50000-0x0000018E87B51000-memory.dmp

Filesize
4KB

Download
memory/5920-928-0x0000018E87B50000-0x0000018E87B51000-memory.dmp

Filesize
4KB

Download
memory/5920-933-0x0000018E87B50000-0x0000018E87B51000-memory.dmp

Filesize
4KB

Download
memory/5920-932-0x0000018E87B50000-0x0000018E87B51000-memory.dmp

Filesize
4KB

Download
memory/5920-931-0x0000018E87B50000-0x0000018E87B51000-memory.dmp

Filesize
4KB

Download
memory/5920-929-0x0000018E87B50000-0x0000018E87B51000-memory.dmp

Filesize
4KB

Download
memory/5920-930-0x0000018E87B50000-0x0000018E87B51000-memory.dmp

Filesize
4KB

Download
memory/5920-922-0x0000018E87B50000-0x0000018E87B51000-memory.dmp

Filesize
4KB

Download
memory/5920-924-0x0000018E87B50000-0x0000018E87B51000-memory.dmp

Filesize
4KB

Download
memory/5920-923-0x0000018E87B50000-0x0000018E87B51000-memory.dmp

Filesize
4KB

Download