73427b83bd00a8745e5182d2cdb3727e654ae9af5e42befc45903027f6606597

Analysis

max time kernel
259s
max time network
260s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2025, 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BootstrapperNew.exe
Size

3.4MB
MD5

07b2ed9af56f55a999156738b17848df
SHA1

960e507c0ef860080b573c4e11a76328c8831d08
SHA256

73427b83bd00a8745e5182d2cdb3727e654ae9af5e42befc45903027f6606597
SHA512

3a982d1130b41e6c01943eee7fa546c3da95360afdad03bff434b9211201c80f22bd8bf79d065180010bc0659ee1e71febbfd750320d95811ee26a54ee1b34c6
SSDEEP

98304:HZXfHaFoQyDIvqkqXf0FglY1XOe97vLn:RaBqkSIglY1XOCnn

Score

9^/10

steam defense_evasion discovery execution phishing themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
5084	powershell.exe
5724	powershell.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation	BootstrapperNew.exe

Executes dropped EXE 1 IoCs

pid	Process
3496	Solara.exe

Loads dropped DLL 2 IoCs

pid	Process
3496	Solara.exe
3496	Solara.exe

Themida packer 10 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x00070000000242a8-126.dat	themida
behavioral1/memory/3496-129-0x0000000180000000-0x000000018115B000-memory.dmp	themida
behavioral1/memory/3496-133-0x0000000180000000-0x000000018115B000-memory.dmp	themida
behavioral1/memory/3496-130-0x0000000180000000-0x000000018115B000-memory.dmp	themida
behavioral1/memory/3496-132-0x0000000180000000-0x000000018115B000-memory.dmp	themida
behavioral1/memory/3496-312-0x0000000180000000-0x000000018115B000-memory.dmp	themida
behavioral1/memory/3496-342-0x0000000180000000-0x000000018115B000-memory.dmp	themida
behavioral1/memory/3496-347-0x0000000180000000-0x000000018115B000-memory.dmp	themida
behavioral1/memory/3496-348-0x0000000180000000-0x000000018115B000-memory.dmp	themida
behavioral1/memory/3496-402-0x0000000180000000-0x000000018115B000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
34	pastebin.com
35	pastebin.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
167	5696	chrome.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
3496	Solara.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133892202184771352"	msedgewebview2.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5084	powershell.exe
5084	powershell.exe
5724	powershell.exe
5724	powershell.exe
3292	BootstrapperNew.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe
3496	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2536	msedgewebview2.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5084	powershell.exe
Token: SeDebugPrivilege	5724	powershell.exe
Token: SeDebugPrivilege	3292	BootstrapperNew.exe
Token: SeDebugPrivilege	3496	Solara.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe
Token: SeShutdownPrivilege	6056	chrome.exe
Token: SeCreatePagefilePrivilege	6056	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
3292	BootstrapperNew.exe
3496	Solara.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe
6056	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3292 wrote to memory of 5084	3292	BootstrapperNew.exe	90
PID 3292 wrote to memory of 5084	3292	BootstrapperNew.exe	90
PID 3292 wrote to memory of 5724	3292	BootstrapperNew.exe	92
PID 3292 wrote to memory of 5724	3292	BootstrapperNew.exe	92
PID 3292 wrote to memory of 3496	3292	BootstrapperNew.exe	95
PID 3292 wrote to memory of 3496	3292	BootstrapperNew.exe	95
PID 3496 wrote to memory of 2536	3496	Solara.exe	99
PID 3496 wrote to memory of 2536	3496	Solara.exe	99
PID 2536 wrote to memory of 2456	2536	msedgewebview2.exe	100
PID 2536 wrote to memory of 2456	2536	msedgewebview2.exe	100
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 1648	2536	msedgewebview2.exe	101
PID 2536 wrote to memory of 3192	2536	msedgewebview2.exe	102
PID 2536 wrote to memory of 3192	2536	msedgewebview2.exe	102
PID 2536 wrote to memory of 1580	2536	msedgewebview2.exe	103

cURL User-Agent 8 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	43	curl/8.9.1-DEV
HTTP User-Agent header	44	curl/8.9.1-DEV
HTTP User-Agent header	45	curl/8.9.1-DEV
HTTP User-Agent header	46	curl/8.9.1-DEV
HTTP User-Agent header	52	curl/8.9.1-DEV
HTTP User-Agent header	58	curl/8.9.1-DEV
HTTP User-Agent header	59	curl/8.9.1-DEV
HTTP User-Agent header	40	curl/8.9.1-DEV

C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
"C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3292
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -Command "Get-MpPreference | Select-Object -ExpandProperty ExclusionPath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5084
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -Command "Add-MpPreference -ExclusionPath 'C:\ProgramData\Solara'"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5724
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe" --bootstrapperPath "C:\Users\Admin\AppData\Local\Temp" --bootstrapperExe "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3496
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=3496.5256.8509523716958314654
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of WriteProcessMemory
    PID:2536
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ff8d44db078,0x7ff8d44db084,0x7ff8d44db090
      4⤵
      PID:2456
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1700,i,13116421523200755411,9259265884297982467,262144 --variations-seed-version --mojo-platform-channel-handle=1708 /prefetch:2
      4⤵
      PID:1648
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2016,i,13116421523200755411,9259265884297982467,262144 --variations-seed-version --mojo-platform-channel-handle=2028 /prefetch:3
      4⤵
      PID:3192
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2376,i,13116421523200755411,9259265884297982467,262144 --variations-seed-version --mojo-platform-channel-handle=2368 /prefetch:8
      4⤵
      PID:1580
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3588,i,13116421523200755411,9259265884297982467,262144 --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:1
      4⤵
      PID:1356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8deeadcf8,0x7ff8deeadd04,0x7ff8deeadd10
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2024,i,14699305070917358441,12792177796440231262,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1628,i,14699305070917358441,12792177796440231262,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2428,i,14699305070917358441,12792177796440231262,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,14699305070917358441,12792177796440231262,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,14699305070917358441,12792177796440231262,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3920,i,14699305070917358441,12792177796440231262,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4416 /prefetch:2
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4728,i,14699305070917358441,12792177796440231262,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5372,i,14699305070917358441,12792177796440231262,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5480,i,14699305070917358441,12792177796440231262,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5416,i,14699305070917358441,12792177796440231262,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5740,i,14699305070917358441,12792177796440231262,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5764,i,14699305070917358441,12792177796440231262,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5308,i,14699305070917358441,12792177796440231262,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6028,i,14699305070917358441,12792177796440231262,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:2036

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5584

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1780

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Solara\Microsoft.Web.WebView2.Core.dll

Filesize
557KB

MD5
b037ca44fd19b8eedb6d5b9de3e48469

SHA1
1f328389c62cf673b3de97e1869c139d2543494e

SHA256
11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197

SHA512
fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b

Download Submit
C:\ProgramData\Solara\Microsoft.Web.WebView2.Wpf.dll

Filesize
50KB

MD5
e107c88a6fc54cc3ceb4d85768374074

SHA1
a8d89ae75880f4fca7d7167fae23ac0d95e3d5f6

SHA256
8f821f0c818f8d817b82f76c25f90fde9fb73ff1ae99c3df3eaf2b955653c9c8

SHA512
b39e07b0c614a0fa88afb1f3b0d9bb9ba9c932e2b30899002008220ccf1acb0f018d5414aee64d92222c2c39f3ffe2c0ad2d9962d23aaa4bf5750c12c7f3e6fe

Download Submit
C:\ProgramData\Solara\Monaco\combined.html

Filesize
14KB

MD5
2a0506c7902018d7374b0ec4090c53c0

SHA1
26c6094af2043e1e8460023ac6b778ba84463f30

SHA256
cad1e2eef6e20e88699fac5ef31d495890df118e58c86fc442ea6337aac7a75a

SHA512
4a9856512e7866b8623565886e5f3aebf15c824cb127e24be9afa2a5501a83fa95d209875a8777566bcac9973b38881e18caf6ad160c8d01366a508cafc2164b

Download Submit
C:\ProgramData\Solara\Monaco\index.html

Filesize
14KB

MD5
610eb8cecd447fcf97c242720d32b6bd

SHA1
4b094388e0e5135e29c49ce42ff2aa099b7f2d43

SHA256
107d8d9d6c94d2a86ac5af4b4cec43d959c2e44d445017fea59e2e0a5efafdc7

SHA512
cf15f49ef3ae578a5f725e24bdde86c33bbc4fd30a6eb885729fd3d9b151a4b13822fa8c35d3e0345ec43d567a246111764812596fd0ecc36582b8ee2a76c331

Download Submit
C:\ProgramData\Solara\Monaco\vs\basic-languages\lua\lua.js

Filesize
5KB

MD5
8706d861294e09a1f2f7e63d19e5fcb7

SHA1
fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23

SHA256
fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42

SHA512
1f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f

Download Submit
C:\ProgramData\Solara\Monaco\vs\editor\editor.main.css

Filesize
171KB

MD5
6af9c0d237b31c1c91f7faa84b384bdf

SHA1
c349b06cad41c2997f5018a9b88baedd0ba1ea11

SHA256
fb2cbf2ee64286bc010a6c6fe6a81c6c292c145a2f584d0240c674f56e3015b0

SHA512
3bda519fed1cfa5352f463d3f91194122cf6bf7c3c7ab6927c8ca3eea159d35deb39328576e7cbd982cfdf1f101b2a46c3165221501b36919dbde6f1e94bf5ff

Download Submit
C:\ProgramData\Solara\Monaco\vs\editor\editor.main.js

Filesize
2.0MB

MD5
9399a8eaa741d04b0ae6566a5ebb8106

SHA1
5646a9d35b773d784ad914417ed861c5cba45e31

SHA256
93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18

SHA512
d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8

Download Submit
C:\ProgramData\Solara\Monaco\vs\editor\editor.main.nls.js

Filesize
31KB

MD5
74dd2381ddbb5af80ce28aefed3068fc

SHA1
0996dc91842ab20387e08a46f3807a3f77958902

SHA256
fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48

SHA512
8841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e

Download Submit
C:\ProgramData\Solara\Monaco\vs\loader.js

Filesize
27KB

MD5
8a3086f6c6298f986bda09080dd003b1

SHA1
8c7d41c586bfa015fb5cc50a2fdc547711b57c3c

SHA256
0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9

SHA512
9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
557KB

MD5
f0423f0db46a26f6882440086ac1dda7

SHA1
e1452d69d03ba12e4b30261eeaf7be249ad3ae5b

SHA256
445fdd57f58b973d5a583229b51d47da6dd99e510b44d96abb29932e994ba65a

SHA512
a31f82303c5798490483c654d3aa5c52d28ce91e82a556cffa1604a48712b05d5d4c7ae6bf438ee3689f902a284e775217500e09ce2d0539703ef980ed7a88c5

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
b0fe6fb58dc272b978e939874762efb2

SHA1
da3d41c002106a7769a74481ccf4a4c1e00e305f

SHA256
11b4444091f4289c257e945cbd1c931b371c4f4f5a0fe6607d49ff9c6ccae07e

SHA512
198eaee5a12e0d3b31adf55ab7c7a794f2b1e192ba86217f094e32926eb3a9991f59bd100db72c868af9a8531cc2ba3cb01d387ee47ec1ca246ad90991051996

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
1c86baefc36b2c67677e8715c3fcf03a

SHA1
fe101ca0eaab39ce219d42dc1a9882996a67c7cb

SHA256
98b0a690ebaa752512da41f04d5bff6b88052c5963220874b111c4e0dc514c3e

SHA512
b699f73ff29a4f1e61fde9e52a4b0d8b3f5f16ddde705ff825924e4184599da1b7119f3add316aa35d50dcf6962ed6bdcaeae29a7fc5e467a7fcb6aecbe9b7c0

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnGraphiteCache\index

Filesize
256KB

MD5
b7ef4ad39df7b60532a03b4551b67641

SHA1
eed70921fe39c6c3fd047de94b0ac02e4d3f100b

SHA256
acc5b36b578fa885baf6545b157059aab5ba3c87a7fd8c55647677c410cdbc6d

SHA512
fe2ca45d9fe88dd27001e5bfdb5f55da5486e4bd5faa5a05d7ab0c0650c948226272000917c4aff3909b522934bb98b32a91e87b3d0a71d760b45b4c43a3d52b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
1KB

MD5
25332ddc4f63e65e11935c98d1aa5f08

SHA1
7c29f8f9c4ca234a9871d0a2a30f49be96513f73

SHA256
ce9f82cd1a5c14342197af66bee208917e6f981339a5ebcf1cc44282f5bbf66d

SHA512
4d011114e0a6ad894584199d3ab3807e02f0e0d5455a505d17e7b93136108643c093fb9798853d8a6d1a1dd7bb86f3c0aa000b1712f2e82e27e00c80b60f240b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe58505d.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
9a3de81cfc129c798f57feeb4da5a109

SHA1
796dba082ee464cd6204143690666ed632bf7cf9

SHA256
53c5c1ed096ee30d68cf94fea4a6a9f83e989c4d70ee7b7e2c514c99e74eb1e9

SHA512
154af75328de55a99002373960646d9a8d2125936b305cf41644f86c59b9eace1f1fc327b521de040bbf13d3eb15d45e8a1a1952479bea7e9e231eb6332d150f

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences~RFe58502e.TMP

Filesize
6KB

MD5
5c5511165930c111c45c87818a33ee70

SHA1
9c6e97060cea5ce7d345fd38b9ed367811c24d1e

SHA256
f5bbd8868fcd280c44f0cedd0de8e31613e3c990a94ffcd4bfb5242c6c932f95

SHA512
f8b606280efabbf3ee585a6f65747f7b3e6f9f5123c40a0053ed2ce9f0c9bea8f04a519b572c9c5f49060300214f2a61fceec477a8729c09d8b9a4e245ea5860

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
b85263d191517067d2b91bdd63aa346f

SHA1
facabcc296b0bae5bce7e809db0c7179618b05c5

SHA256
211a62f377335a92dc7916abf03bb5558ed227f9825f431c6225f8063490287b

SHA512
e53b1fa2cf21d2881be163c32ce9b9cf5f1118f46e84dfe9ec8cf9739056f940c7dd7e230b0f656fb08a612ae83c2f212a348692c73085644c47f05e49a538b3

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
2KB

MD5
b20680030a9b56273791d6854ad05265

SHA1
806aeac02cc1eb05caea707491e1924197bfef31

SHA256
065669d97e91b6574eedd71888b1678e24a44fe846eb642113f28c0b8caeca47

SHA512
0353ce17bac53e822a4976a41534f63c506d42b2009e4212e55556fa2a57aa588050a35e981dacea211371e99c990e1bae555f1e8c7aaea710e97a794216783a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
55edd9c8ebabc618a29b13bad55f8e00

SHA1
2564cbb0c410dc09e9eb8519bb32a6052bde5385

SHA256
3088dd6f5ea04673dbf4f83306ab03ef20e3a22c3cf3e1ad45a23babd68aaa48

SHA512
ee0923f9178a12392e6eddf3b70c7e7f973cbd85f396ba7d85b2b7fce2e3206f0f3640d38f265fe7558b33ec1fd9388df42c51876dea734ae0f8f798a1383d89

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
29ed57b77b5ec8272db33b41e68b0720

SHA1
a7094f62deb221b5bb1bc36db4deb1825eca7683

SHA256
a1a32cd23c5d6648923100efed72a249c6c03348f860fdb4aad7844c1e36bab5

SHA512
16ac38508123b554614eed6c97c1f6f655aec203ecd7a383ab8d7b87d94401a90854dd3a3d0c4878b35672aa5e5c65fec58f4d2d1beb8c6e78847dc8f72ccb72

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
17KB

MD5
c586e742ba4f8aeab203c5da9a10a443

SHA1
077ae3391e296b7398a30e97a25c11f988248c16

SHA256
08bd11da2608aa7ec989608e9c5afb885a2656c32c4e4212d264df21b94c6c9e

SHA512
58363c470b78ed13c88ff13ae9bf4c687221805e91292204c5518688b2f6b2cd61fc6dbe21990c5f6b69b2b112f011a191d4ae2670e1cf0ffdace48b37ce6b3f

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe57ca55.TMP

Filesize
1KB

MD5
af59d0782463dc042dcf05fe4a1d9932

SHA1
b0850448d499cac980d20393f65041510f0494e4

SHA256
f19b7379b75b2f4bece69a34bc91c6dd522883f267528f3f8363a4be06192e21

SHA512
ccd724c7ec9608af360e104e7f02a6d9c07225c67f8964699d1890e3768618b39b917f303d719f1dd77c884c72cbf77c181bf3568d562e9a9015317158563236

Download Submit
C:\ProgramData\Solara\SolaraV3.dll

Filesize
6.8MB

MD5
9e5fe4679f56c519f6d62e4408766d42

SHA1
185ebe7301a536a019cab5ff6fd39d659a10e6bf

SHA256
797eba4f3d17811f87576d087486f31f9e5b8152ac2dc8647ef72367bdbd0859

SHA512
fbabef082c27da8138202269deb3bf26bbdda3659c9db20c5b7d2e093f99e3b70476a100e55b8d536847f4334ba35e67876caa6bdec5fd00cc15a60926d565c9

Download Submit
C:\ProgramData\Solara\WebView2Loader.dll

Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
7f7a5e8cb3b79f4cab2917688d2e950b

SHA1
bcc6940de00eeafe7de52cfaab54ddfae3215c3b

SHA256
f7caf8135a31671694d140b5ee8056f29fb2a774141281d974a5a07acd5087a3

SHA512
ff0a0add7bd95e433735baa06e7912331e3b8e25f55f35957ae0a021004b76659a71e56b093fd0bb9dad29b20c4dc4bd8b92cc5a52b209a2e7accc9f9b47958b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
3da419174a8d7e645da5437ef2dbfc58

SHA1
b43bb68403485990bfce11d210d4d98ec4672897

SHA256
c2a9b614b0c54bc06795038a36ced1856ca5053e98a051b7518b91cb8a874863

SHA512
8001b11a6374cf108c90e216b1242f95038819e9cdb283ed3ce02b10b2518c7992ae2895459841db4d4dea5b244dc65fd40cd3d8082fd7a47b93419bd6aea2da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
dd9f5437a144647791c9d8e45fb02766

SHA1
b18447cb2e3072af676e3c09b7386868ee110125

SHA256
4e329fc1ad4899629aca59f693c786d359c6a06e6e9ae6bbdd01ed00b31a3663

SHA512
fdb51e02102a0f3c6eef4f9047cc4d154d691de1939a843d92b4216d4a5e9bca9f010cdcd624fa31b7259bd399019b4c505bce1ba3b4d894865bf978d56d190d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6dbc46c38495d04f5e05b16a36dd78c4

SHA1
cc935306083b65fc64e19d183baf5ff9bf26f4b6

SHA256
7b7d4a26768d86d1d36327a2f910aa84086975089440b4573b15d205c6c500d1

SHA512
5b2a6622a1b56f48592e240e0b468f3cbadec3f6b7811987bfa2b3e312033ce8bfe306f71d51381b0bb5d8b5f65562b0348025ac7d66f9d153d8d6e97c33b0b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5f80a41acc855bca2ac9e8c1cd077dcb

SHA1
3efbe954afaf79c6ee489368abb39612fabebebf

SHA256
c5c0ccb65b227f81b3a6ddbded4c95fde5ee8de8a9a9d7bd81572a679785b8f4

SHA512
7c91b3c05661576f7f5ea4eddfaf5ee0c4f6dc1da4a72b76a578bb28d767fe16e07c0df8f700294345a2d4a719922fb3c8062e70bb969c8a81c4dbe6dd7f8aff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3e6cacaa656a7e7bc29084cbb6cf5e58

SHA1
a3bbd43bbe08b9e544578aef7bc4f5c057b2be40

SHA256
f753aa4293a817e07b0d8dae1be0848b9c0102e50120117c9c88fb8c001bae36

SHA512
a4bd7e09b5ca7ca5af313186a12b4a3626428d21915cf72300c76e4c7fcfc84713ecfdfdf5ac078f5f5340678cc81b38dfec709919fc1b804f09cd8550d7d25b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7548d068784a3c1c7796f74700468f50

SHA1
3226c878faf9cca5e923ac5ca2e2238cbc8ae422

SHA256
e6694c8fe2be3ce8488edb7599f87d3ebc017c7a7e347f4add74cff767d89c7b

SHA512
26280550d8c767e67d64e37c07fec7025dfd4fb3985f69bc34b98b24c30943307ac3cd8eabfb8a813c37a5695f8bc4317cc02af226f4f1d0157f42c729053775

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f9dcc7a639bef67a47be4430e5801047

SHA1
21a1597b2504ed4aec1e2730232acb2b7d44e7e7

SHA256
398fdb97d8e2c17d6c8eb192454c0f864f89323905b873bfbbe9018feadae29c

SHA512
9011d42ebe0b266345d7648fdd459ff7afe29c059b4cd4a25194fa9c67ca27f236852a9a75c1f64598e46dc0f9f73836736f373e681959c2c24c23a47b9802a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4de9041ebd4b4c1782abcf1c2600a080

SHA1
f71177a95be8d9b8feac5c80d6bd4cdc1901b26d

SHA256
eef0432214794bf4753326faa9bfbe770c625ca76a501d800a1e9d6831e6c7e6

SHA512
5e2e46bb20569630490f8fc80c7734a45d00a7bc9c9b0e9f8b93498fb739d7293f9230e1cee5b498f44b296a9f112d836a59b08a319929bf77fe725a1de6520c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6bc6f65f78a5b2ae9515ec5aab45bbbb

SHA1
e6a7203a7af3fa653a1fc3175dc460456d9eaad0

SHA256
243ffef7e5a2675cba29f8b44876ec89758aeb698a244afdd3d6ed30746f6dc9

SHA512
66b30b47f0e319879fa9f76f49a1593204b09826d3f086efd4c76685a9ce816e896cbb5d25bbd3edbd1375f408d3da10ca99dda12e83d7250cf93b500334a96f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
55a5cbb2973245df0edd14ca7b35c7f8

SHA1
0fe2bc92068dd1329a0f0c278893482bc79bcff2

SHA256
2503db4014816f511eca9e5a270c704a660fbd5262cf5a70c503eabafc70c3e4

SHA512
94cd37aaf98c572a073e59847d024801057ca3891dec058746596d5078508a90144b3d81a5206535f5f5c415b94d635adf5de964b8725e9ce9f8b0bea0d96732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e0066c207aa3fe2b42591be39947a7f7

SHA1
8993d904c0b955fd32223b63341bdde81a774305

SHA256
75576046ea0112ff59940172f04ba1917afd321d8822282215dc34aa593b84e3

SHA512
be819151a664ef48c6a85848eea3f3c47ee0c22fcb9767b7524665aa5e4245c4e1416df1786f0e78ad654790dc7b083075fcb4d962eb533223e6523e91769670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7f41a8b92135412588db5b588ecb013d

SHA1
f0a0e2f86724f4158d59228b171e79b3043eae51

SHA256
e9f9f7305249858936f72a46d9146c1723d5d9a10d309039786d6190651858f9

SHA512
d1618327657a02f51d1a29c7dd4817d13773e926687e8348c6238449b9994f9e8362be1febb73ef7f0a738565765b3a79eb7b652a0988edc336899290b7d7a91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ff9992520e54bd17a86a9b0c53313dd5

SHA1
186f0b861d3ed749735c3ab14ebc2bcff84e436a

SHA256
040a3be69bb2eb0726fbb86f9394fa51dc99d573439698610a348f1644d1a16b

SHA512
6f58538e03ef2afeccddef3fe66a89aa1fde25e158f46c0a95b181f8f6dd97168712f96587a7f40e292b1dd586ee8aa5123a1cb1cd3dc952ff439e0d527672a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a3c01.TMP

Filesize
48B

MD5
629c275309e77215a70137b71dab00a6

SHA1
1522ac14c1c1122f74a5a92da9908573d61c6a66

SHA256
c41101a5dedc09c428879fa6ca33fc227a1d9485b0cab37b714db589047b8919

SHA512
de6e24212741e25acd66dd7c918e59908fc0365d6a4fc0ed4ec35a853cf890e85858443107f1c72d7ff1511b114932df65c9f55cd688e356723e259dc26abcf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
bae3ff4fa35d9ff25cac6138321617c3

SHA1
6270eb9c20d9b062e9ea1e0128c6d92807af6bf0

SHA256
6cd3827f007dc22375b1e3c3906d6de71ca1659bb73a6fd28a6564c46cdceebf

SHA512
a3b1b8c45f6c57974d7b7426dc01125ce4c96747a1d25b6b24f476a8ee00735d60069180a01168b6036c74b20e6e15f7a1073a6690b04c51fea8c90531f857ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
945bbbea1400f15b7f8ad656fecd1f72

SHA1
d69340c9589fe595c345b4030bf9971c705df5be

SHA256
77d4d10bd819814b44c2ca91993e61a0b864ecad7b5964d5c35481555668a585

SHA512
2e1b47ca66028d2b8474ad4a4061c06035e3f64a8cec24f1f3ec5b10cd203924dcd705517e57ee5672a867c265fd48b32662afc3cbdf9ff210eac79ff7af9070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
a0d63bb79a6434cd6624e4a0b5d07b57

SHA1
abba498ba265e2136fd21646af86d981fa5fbe90

SHA256
f6f0a8b4562fd81fa97085196f0cb0b33e9ba284c641d6ce7e50b63a7ffea10e

SHA512
c646492f5c388e0995c4923de6ac15dc44058329c64ee6d4e35438d7631ba2c63482f284fe2f94e25a0775de36f3d2c0850771032afa2c40a2a52974ab2a11cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
b5b97044b757083b869922e5c70d7187

SHA1
bef4390eb66656a78de8550c565782787c860c4c

SHA256
979955925083323da6f1f914c02adb2b1b0c4cd21e0a3d36b1976ed58a098e27

SHA512
ad2e3550cd011660c1a16d5605d2bb9112dd179039f138bf3a7392f480a2b1183d0fdea1e8fdc3d374a7f11ac52446d8bc333051e057a082af8e83006e41f485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
35899eb6a9554561b7c476f3a99ab4b1

SHA1
fbc0f2bbb04b2ec275ec0fbbfdfe6757eba95109

SHA256
9640532e222df3765bc718964d1262b65fd4fd03e318515f3a342f65b2d28391

SHA512
cbd48768d100da871023f4a8cfb0e19a584c560770a61089118191f9867f11e5833c7accd904118e4dd237343dc1f8a46f14a45b76be042d04f26c2c26dc4626

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oiy2ijpr.vah.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1356-261-0x00007FF8FC3B0000-0x00007FF8FC3B1000-memory.dmp

Filesize
4KB

Download
memory/1580-213-0x00007FF8FC3B0000-0x00007FF8FC3B1000-memory.dmp

Filesize
4KB

Download
memory/1580-214-0x00007FF8FB310000-0x00007FF8FB311000-memory.dmp

Filesize
4KB

Download
memory/1648-160-0x00007FF8FC3B0000-0x00007FF8FC3B1000-memory.dmp

Filesize
4KB

Download
memory/3292-12-0x00000221F71E0000-0x00000221F7206000-memory.dmp

Filesize
152KB

Download
memory/3292-3-0x00000221F4DA0000-0x00000221F4DB0000-memory.dmp

Filesize
64KB

Download
memory/3292-22-0x00007FF8DDD50000-0x00007FF8DE811000-memory.dmp

Filesize
10.8MB

Download
memory/3292-51-0x0000022198000000-0x00000221980B2000-memory.dmp

Filesize
712KB

Download
memory/3292-20-0x00007FF8DDD50000-0x00007FF8DE811000-memory.dmp

Filesize
10.8MB

Download
memory/3292-53-0x00000221980D0000-0x00000221980EE000-memory.dmp

Filesize
120KB

Download
memory/3292-19-0x00007FF8DDD53000-0x00007FF8DDD55000-memory.dmp

Filesize
8KB

Download
memory/3292-17-0x00000221F7240000-0x00000221F7248000-memory.dmp

Filesize
32KB

Download
memory/3292-16-0x00000221F5990000-0x00000221F599A000-memory.dmp

Filesize
40KB

Download
memory/3292-15-0x00000221F59A0000-0x00000221F59AA000-memory.dmp

Filesize
40KB

Download
memory/3292-14-0x00000221F7210000-0x00000221F7226000-memory.dmp

Filesize
88KB

Download
memory/3292-10-0x00000221FBF20000-0x00000221FC020000-memory.dmp

Filesize
1024KB

Download
memory/3292-21-0x00007FF8DDD50000-0x00007FF8DE811000-memory.dmp

Filesize
10.8MB

Download
memory/3292-131-0x00007FF8DDD50000-0x00007FF8DE811000-memory.dmp

Filesize
10.8MB

Download
memory/3292-13-0x00000221F59B0000-0x00000221F59B8000-memory.dmp

Filesize
32KB

Download
memory/3292-8-0x00000221FAC20000-0x00000221FAC58000-memory.dmp

Filesize
224KB

Download
memory/3292-54-0x00000221FC030000-0x00000221FC03A000-memory.dmp

Filesize
40KB

Download
memory/3292-9-0x00000221F5970000-0x00000221F597E000-memory.dmp

Filesize
56KB

Download
memory/3292-56-0x00000221FC0A0000-0x00000221FC0B2000-memory.dmp

Filesize
72KB

Download
memory/3292-0-0x00007FF8DDD53000-0x00007FF8DDD55000-memory.dmp

Filesize
8KB

Download
memory/3292-7-0x00007FF8DDD50000-0x00007FF8DE811000-memory.dmp

Filesize
10.8MB

Download
memory/3292-6-0x00007FF8DDD50000-0x00007FF8DE811000-memory.dmp

Filesize
10.8MB

Download
memory/3292-5-0x00000221F5920000-0x00000221F5928000-memory.dmp

Filesize
32KB

Download
memory/3292-4-0x00007FF8DDD50000-0x00007FF8DE811000-memory.dmp

Filesize
10.8MB

Download
memory/3292-11-0x00000221F5980000-0x00000221F598A000-memory.dmp

Filesize
40KB

Download
memory/3292-2-0x00007FF8DDD50000-0x00007FF8DE811000-memory.dmp

Filesize
10.8MB

Download
memory/3292-1-0x00000221F2E40000-0x00000221F31B0000-memory.dmp

Filesize
3.4MB

Download
memory/3496-347-0x0000000180000000-0x000000018115B000-memory.dmp

Filesize
17.4MB

Download
memory/3496-402-0x0000000180000000-0x000000018115B000-memory.dmp

Filesize
17.4MB

Download
memory/3496-348-0x0000000180000000-0x000000018115B000-memory.dmp

Filesize
17.4MB

Download
memory/3496-342-0x0000000180000000-0x000000018115B000-memory.dmp

Filesize
17.4MB

Download
memory/3496-312-0x0000000180000000-0x000000018115B000-memory.dmp

Filesize
17.4MB

Download
memory/3496-132-0x0000000180000000-0x000000018115B000-memory.dmp

Filesize
17.4MB

Download
memory/3496-130-0x0000000180000000-0x000000018115B000-memory.dmp

Filesize
17.4MB

Download
memory/3496-133-0x0000000180000000-0x000000018115B000-memory.dmp

Filesize
17.4MB

Download
memory/3496-129-0x0000000180000000-0x000000018115B000-memory.dmp

Filesize
17.4MB

Download
memory/3496-123-0x0000015A25010000-0x0000015A250A0000-memory.dmp

Filesize
576KB

Download
memory/3496-118-0x0000015A0A790000-0x0000015A0A7A0000-memory.dmp

Filesize
64KB

Download
memory/3496-116-0x0000015A24800000-0x0000015A248B2000-memory.dmp

Filesize
712KB

Download
memory/3496-114-0x0000015A24740000-0x0000015A247FA000-memory.dmp

Filesize
744KB

Download
memory/3496-113-0x0000015A24AD0000-0x0000015A2500C000-memory.dmp

Filesize
5.2MB

Download
memory/3496-111-0x0000015A08860000-0x0000015A088F0000-memory.dmp

Filesize
576KB

Download
memory/5084-38-0x00007FF8DDD50000-0x00007FF8DE811000-memory.dmp

Filesize
10.8MB

Download
memory/5084-35-0x00007FF8DDD50000-0x00007FF8DE811000-memory.dmp

Filesize
10.8MB

Download
memory/5084-34-0x00007FF8DDD50000-0x00007FF8DE811000-memory.dmp

Filesize
10.8MB

Download
memory/5084-29-0x00000210374C0000-0x00000210374E2000-memory.dmp

Filesize
136KB

Download
memory/5084-23-0x00007FF8DDD50000-0x00007FF8DE811000-memory.dmp

Filesize
10.8MB

Download